#!/usr/bin/python
from __future__ import print_function
from sys import stderr
import subprocess, time, calendar, os, getopt
def usage():
print("""Usage: cert-check [options] files ...
-h,--help this message
-q,--quiet do not print cert files needing (re)newing
-d n,--days=n days before expiration to renew (default 7)
Succeeds only if all certs exist and are more than <days> from expiration.""",
file=stderr)
return 2
def main(argv):
days = 7 # days ahead to
quiet = False
try:
opts,args = getopt.getopt(argv,'hqd:',['days=','quiet','help'])
except getopt.GetoptError as err:
# print help information and exit:
print(err,file=stderr) # prints something like "option -a not recognized"
return usage()
for opt,val in opts:
if opt in ('-h','--help'):
return usage()
if opt in ('-q','--quiet'):
quiet = True
if opt in ('-d','--days'):
try:
days = int(val)
except:
return usage()
now = time.time()
soon = now + days * 24 * 60 * 60
rc = 0
for fn in args:
try:
size = os.path.getsize(fn)
except:
size = 0
if size == 0:
if not quiet: print(fn)
rc += 1
continue
proc = subprocess.Popen(
["openssl", "x509", "-in", fn, "-noout", "-enddate"],
stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = proc.communicate()
if proc.returncode != 0:
raise IOError("{1}: OpenSSL Error: {0}".format(err,fn))
t = time.strptime(out.decode(),'notAfter=%b %d %H:%M:%S %Y GMT\n')
t = calendar.timegm(t)
if soon > t:
if not quiet: print(fn)
rc += 1
return rc > 0
if __name__ == '__main__':
import sys
sys.exit(main(sys.argv[1:]))