Created
September 17, 2023 15:03
-
-
Save jabou/f29ca476154ebe4fcb3867cc64afbc9b to your computer and use it in GitHub Desktop.
Certificate validty check script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# skip if we don't run in debug | |
if [ "$CONFIGURATION" != "Debug" ]; then | |
echo "Skip certificate check" | |
exit 0 | |
fi | |
# 1 Create file for storing last shown date | |
if [ ! -d ~/.cache/ ]; then | |
mkdir ~/.cache/ | |
fi | |
PROJECT_CACHE=~/.cache/$(basename -- $(find . -name *.xcworkspace)).txt | |
touch $PROJECT_CACHE | |
# 2 Variables | |
CERTIFICATES="${PROJECT_DIR}/MyProject/SupportingFiles/Certificates/" | |
TEMP_DIR="${PROJECT_DIR}/temp_cert" | |
TODAY=`date +"%Y%m%d"` | |
REMIND_IN=2 # 2 months | |
REMINDER_TIME=$[ $REMIND_IN * 30 * 24 * 60 * 60 ] | |
LAST_CHECK=$(head -n 1 $PROJECT_CACHE) | |
CERT_WARNING="" | |
# Temp dir for converted certs | |
mkdir $TEMP_DIR | |
# 3 Check validity | |
for cert in $(find "$CERTIFICATES" -name '*.der') | |
do | |
# 4 Convert to .pem for validity date check | |
CERT_NAME=$(basename -- $cert) | |
TEMP_CERT="$TEMP_DIR/$CERT_NAME.pem" | |
openssl x509 -inform der -in $cert -out $TEMP_CERT | |
# 5 | |
if openssl x509 -checkend $REMINDER_TIME -noout -in $TEMP_CERT; then | |
echo "Certificate $CERT_NAME is still valid" | |
else | |
EXPIRY_DATE=($(openssl x509 -enddate -noout -in $TEMP_CERT|cut -d= -f 2)) | |
FORMATTED_EXPIRY="${EXPIRY_DATE[0]} ${EXPIRY_DATE[1]}" | |
CERT_WARNING+="$CERT_NAME on $FORMATTED_EXPIRY\n" | |
echo "Certificate $CERT_NAME will expire." | |
fi | |
done | |
# 6 Alert user | |
if [[ ! -z "$CERT_WARNING" ]] && ([ -s $LAST_CHECK ] || [ $LAST_CHECK -lt $TODAY ]); then | |
CERTIFICATE_WARNING="The following certificates expire in $REMIND_IN month(s):\n\n$CERT_WARNING\n\nThe dates can be off by one day so make sure to check the dates by opening the certificates before notifying the client." | |
OSASCRIPT_MESSAGE=$(printf 'tell app "Xcode" to display dialog "%s" with title "Certificates validity" with icon caution buttons {"OK"} default button "OK"' "$CERTIFICATE_WARNING") | |
osascript -e "$OSASCRIPT_MESSAGE" | |
echo $TODAY > $PROJECT_CACHE | |
fi | |
rm -rf $TEMP_DIR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment