diff --git a/include/tests_crypto b/include/tests_crypto index 32576bb5..e95684f5 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -44,38 +44,36 @@ if [ ${CANREAD} -eq 1 ]; then LogText "Result: found directory ${DIR}" # Search for CRT files - sFINDCRTS=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY}) - if [ ! -z "${sFINDCRTS}" ]; then - for FILE in ${sFINDCRTS}; do - FileIsReadable ${FILE} - if [ ${CANREAD} -eq 1 ]; then - # Only check the files that are not installed by a package - if ! FileInstalledByPackage ${FILE}; then - COUNT_DIR=$((COUNT_DIR + 1)) - LogText "Test: checking file and determining if it is certificate ${FILE}" - FIND=$(${OPENSSLBINARY} x509 -noout -in ${FILE} -enddate 2> /dev/null | ${GREPBINARY} "^notAfter") - if [ $? -eq 0 ]; then - # Check certificate where 'end date' has been expired - FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null) - EXIT_CODE=$? - CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in ${FILE} 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/') - CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in ${FILE} 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}') - Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|" - if [ ${EXIT_CODE} -eq 0 ]; then - LogText "Result: certificate ${FILE} seems to be correct and still valid" - else - FOUNDPROBLEM=1 - LogText "Result: certificate ${FILE} has been expired" - fi + ${FINDBINARY} ${DIR} -type f -print0 | ${EGREPBINARY} -z ".crt$|.pem$|^cert" | ${SORTBINARY} -z | while IFS= read -r -d $'\0' FILE; do + FileIsReadable "${FILE}" + if [ ${CANREAD} -eq 1 ]; then + # Only check the files that are not installed by a package + if ! FileInstalledByPackage "${FILE}"; then + COUNT_DIR=$((COUNT_DIR + 1)) + LogText "Test: checking file and determining if it is certificate ${FILE}" + FIND=$(${OPENSSLBINARY} x509 -noout -in "${FILE}" -enddate 2> /dev/null | ${GREPBINARY} "^notAfter") + if [ $? -eq 0 ]; then + # Check certificate where 'end date' has been expired + FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in "${FILE}" -enddate 2> /dev/null) + EXIT_CODE=$? + CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in "${FILE}" 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/') + CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in "${FILE}" 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}') + Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|" + if [ ${EXIT_CODE} -eq 0 ]; then + LogText "Result: certificate ${FILE} seems to be correct and still valid" else - LogText "Result: skipping tests for this file (${FILE}) as it is most likely not a certificate (a key file?)" + FOUNDPROBLEM=1 + LogText "Result: certificate ${FILE} has been expired" fi + else + LogText "Result: skipping tests for this file (${FILE}) as it is most likely not a certificate (a key file?)" fi - else - LogText "Result: can not read file ${FILE} (no permission)" fi - done - else + else + LogText "Result: can not read file ${FILE} (no permission)" + fi + done + if [ -z "$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert")" ]; then LogText "Result: no certificates found in directory ${DIR}" fi else