mdmcertcheck v1.0 - expire certholder

mdmcertcheck/mdmcertcheck.sh

@@ -4,7 +4,7 @@
 
 export LC_ALL=""
 export LANG="en_US.UTF-8"
-VERSION="0.3"
+VERSION="1.0"
 
 CERTLIST="certlist.cfg"
 CTIMEOUT="1"
@@ -89,6 +89,26 @@ valid_status)
 	echo $RET;
 ;;
 
+expire)
+	#calculate expire days
+	parse_item $ITEM
+	get_cert
+	expire_date=$( echo "$CERT_BODY" | openssl x509 -noout -dates | grep '^notAfter' | cut -d'=' -f2 )
+	expire_date_epoch=$(date -d "$expire_date" +%s) || error "Failed to get expire date"
+	current_date_epoch=$(date +%s)
+	RET=$(( (expire_date_epoch - current_date_epoch)/(3600*24) ))
+	echo $RET
+;;
+
+certholder)
+	#get cert holder string
+	parse_item $ITEM
+	get_cert
+	# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
+	RET=$( echo "$CERT_BODY" | sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |  openssl x509 -text 2>/dev/null | sed -n 's/ *Issuer: *//p' | sed -n 's/.*CN=*//p')
+	echo $RET;
+;;
+
 script.version)
 	echo $VERSION
 ;;
@@ -100,6 +120,8 @@ discovery		- discovery items from config file
 isexist			- the script has access to server with cert
 valid			- the cert is valid (1|0)
 valid_status	- the cert status in full text
+expire			- how many days for an unvalid state
+certholder		- certholder text
 script.version	- current version of this script
 }"
 ;;