[CRYP-7902] - Do prevalidation for certificates before testing them

2025-07-31 01:34:23 +02:00 · 2018-03-05 11:32:23 +01:00 · 2018-03-05 11:32:23 +01:00 · 211fb9117c
commit 211fb9117c
parent 8b0cdb7ac4
1 changed files with 21 additions and 14 deletions
--- a/include/tests_crypto
+++ b/include/tests_crypto
@ -53,7 +53,11 @@
                        if [ ${CANREAD} -eq 1 ]; then
                            # Only check the files that are not installed by a package
                            if ! FileInstalledByPackage "${FILE}"; then
-                                LogText "Test: checking file and determining if it is certificate ${FILE}"
+                                LogText "Test: test if file is a certificate"
+                                OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}")
+                                if [ $? -eq 0 ]; then
+                                    LogText "Result: file is a certificate"
+                                    LogText "Test: checking certificate details"
                                    FIND=$(${OPENSSLBINARY} x509 -noout -in "${FILE}" -enddate 2> /dev/null | ${GREPBINARY} "^notAfter")
                                    if [ $? -eq 0 ]; then
                                        # Check certificate where 'end date' has been expired
@ -72,6 +76,9 @@
                                    else
                                        LogText "Result: skipping tests for this file (${FILE}) as it is most likely not a certificate (a key file?)"
                                    fi
+                                else
+                                    LogText "Result: skipping test for this file (${FILE}) as we could not find 'BEGIN CERT'"
+                                fi
                            fi
                        else
                            LogText "Result: can not read file ${FILE} (no permission)"