banterCZ · June 21, 2021 14:36 · AdamJCavanaugh · Sep 8, 2020
diff --git a/checkCertificate.ps1 b/checkCertificate.ps1
 ########################################################
 #
 #       Check certificates inside a java keystore
 #
 ########################################################

 [CmdletBinding()]
 Param(
 	[Parameter(Mandatory=$True)]
 	[string]$keystore,
 		
 	[Parameter(Mandatory=$True)]
 	[string]$password,
 	
 	[Parameter(Mandatory=$True)]
 	[string]$alias,
 	
 	[Parameter(Mandatory=$True)]
 	[int]$threshold
 )

 [System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"

 $keytool="keytool.exe"
 $certificate = Invoke-Expression "$keytool -list -v -keystore $keystore -storepass $password -alias '$alias'"

 foreach($line in $certificate){    
    if($line.Contains("Valid from: ")){        
 		$index = $line.IndexOf("until: ")
 		$dateAsString = $line.SubString($index + "until: ".length).Replace(" CET","")
 		$expirationDate = [datetime]::parseexact($dateAsString,"ddd MMM dd HH:mm:ss yyyy",$null)
 		break
    }
 }

 $now = ([System.DateTime]::Now)
 $daysToExpire = [int]($expirationDate - $now).TotalDays

 if ($threshold -lt $daysToExpire) {
 	Write-Host "[OK] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
 	exit 0
 } elseif ($daysToExpire -lt 0) {
 	Write-Host "[CRITICAL] Certificate $alias has already expired."
    exit 2
 } else {
 	Write-Host "[WARNING] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
    exit 1
 }
diff --git a/checkCertificate.sh b/checkCertificate.sh
 #!/bin/bash
 
 ########################################################
 #
 #       Check certificates inside a java keystore
 #
 #       Inspired by http://www.davidgouveia.net/2013/07/simple-script-to-check-expiry-dates-on-a-java-keystore-jks-file/
 #
 ########################################################
 TIMEOUT="timeout -k 10s 5s "
 KEYTOOL="$TIMEOUT keytool"
 THRESHOLD_IN_DAYS="30"
 KEYSTORE=""
 PASSWORD=""
 ALIAS=""
 
 ARGS=`getopt -o "p:k:t:a" -l "password:,keystore:,threshold:,alias:" -n "$0" -- "$@"`
 
 usage() {
    echo "Usage: $0 --keystore <keystore> --alias <alias>] [--password <password>] [--threshold <number of days until expiry>]"
    exit
 }
  
 start() {
    CURRENT=`date +%s`

    THRESHOLD=$(($CURRENT + ($THRESHOLD_IN_DAYS*24*60*60)))
    if [ $THRESHOLD -le $CURRENT ]; then
        echo "[ERROR] Invalid date."
        exit 1
    fi

    $KEYTOOL -list -v -keystore "$KEYSTORE" $PASSWORD 2>&1 > /dev/null
    if [ $? -gt 0 ]; then echo "Error opening the keystore."; exit 1; fi

    EXPIRACY=`$KEYTOOL -list -v -keystore "$KEYSTORE" $PASSWORD -alias "$ALIAS" | grep Valid | head -1`
    UNTIL=`$KEYTOOL -list -v -keystore "$KEYSTORE" $PASSWORD -alias "$ALIAS" | grep Valid | head -1 | perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }'`
    UNTIL_SECONDS=`date -d "$UNTIL" +%s`
    REMAINING_DAYS=$(( ($UNTIL_SECONDS -  $(date +%s)) / 60 / 60 / 24 ))
    if [ $THRESHOLD -le $UNTIL_SECONDS ]; then
        echo "[OK] Certificate '$ALIAS' expires in '$UNTIL' ($REMAINING_DAYS day(s) remaining)."
        exit 0
    elif [ $REMAINING_DAYS -le 0 ]; then
        echo "[CRITICAL] Certificate $ALIAS has already expired."
        exit 2
    else
        echo "[WARNING] Certificate '$ALIAS' expires in '$UNTIL' ($REMAINING_DAYS day(s) remaining)."
        exit 1
    fi

 }
 
 eval set -- "$ARGS"
 
 while true
 do
    case "$1" in
        -p|--password)
            if [ -n "$2" ]; then PASSWORD=" -storepass $2"; else echo "Invalid password"; exit 1; fi
            shift 2;;
        -k|--keystore)
            if [ ! -f "$2" ]; then echo "Keystore not found: $1"; exit 1; else KEYSTORE=$2; fi
            shift 2;;
        -t|--threshold)
            if [[ $2 =~ ^[0-9]+$ ]]; then THRESHOLD_IN_DAYS=$2; else echo "Invalid threshold"; exit 1; fi
            shift 2;;
        -a|--alias)
            if [ -n "$2" ]; then ALIAS=$2; else echo "Entry type not set."; exit 1; fi
            shift 2;;
        --)
            shift
            break;;
    esac
 done
 
 if [ -n "$KEYSTORE" ] && [ -n "$ALIAS" ]
 then
    start
 else
    usage
 fi
	########################################################
	#
	# Check certificates inside a java keystore
	#
	########################################################

	[CmdletBinding()]
	Param(
	[Parameter(Mandatory=$True)]
	[string]$keystore,

	[Parameter(Mandatory=$True)]
	[string]$password,

	[Parameter(Mandatory=$True)]
	[string]$alias,

	[Parameter(Mandatory=$True)]
	[int]$threshold
	)

	[System.Threading.Thread]::CurrentThread.CurrentCulture = "en-US"

	$keytool="keytool.exe"
	$certificate = Invoke-Expression "$keytool -list -v -keystore $keystore -storepass $password -alias '$alias'"

	foreach($line in $certificate){
	if($line.Contains("Valid from: ")){
	$index = $line.IndexOf("until: ")
	$dateAsString = $line.SubString($index + "until: ".length).Replace(" CET","")
	$expirationDate = [datetime]::parseexact($dateAsString,"ddd MMM dd HH:mm:ss yyyy",$null)
	break
	}
	}

	$now = ([System.DateTime]::Now)
	$daysToExpire = [int]($expirationDate - $now).TotalDays

	if ($threshold -lt $daysToExpire) {
	Write-Host "[OK] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
	exit 0
	} elseif ($daysToExpire -lt 0) {
	Write-Host "[CRITICAL] Certificate $alias has already expired."
	exit 2
	} else {
	Write-Host "[WARNING] Certificate '$alias' expires in '$expirationDate' ($daysToExpire day(s) remaining)."
	exit 1
	}
	#!/bin/bash

	########################################################
	#
	# Check certificates inside a java keystore
	#
	# Inspired by http://www.davidgouveia.net/2013/07/simple-script-to-check-expiry-dates-on-a-java-keystore-jks-file/
	#
	########################################################
	TIMEOUT="timeout -k 10s 5s "
	KEYTOOL="$TIMEOUT keytool"
	THRESHOLD_IN_DAYS="30"
	KEYSTORE=""
	PASSWORD=""
	ALIAS=""

	ARGS=`getopt -o "p:k:t:a" -l "password:,keystore:,threshold:,alias:" -n "$0" -- "$@"`

	usage() {
	echo "Usage: $0 --keystore <keystore> --alias <alias>] [--password <password>] [--threshold <number of days until expiry>]"
	exit
	}

	start() {
	CURRENT=`date +%s`

	THRESHOLD=$(($CURRENT + ($THRESHOLD_IN_DAYS2460*60)))
	if [ $THRESHOLD -le $CURRENT ]; then
	echo "[ERROR] Invalid date."
	exit 1
	fi

	$KEYTOOL -list -v -keystore "$KEYSTORE" $PASSWORD 2>&1 > /dev/null
	if [ $? -gt 0 ]; then echo "Error opening the keystore."; exit 1; fi

	EXPIRACY=`$KEYTOOL -list -v -keystore "$KEYSTORE" $PASSWORD -alias "$ALIAS" \| grep Valid \| head -1`
	UNTIL=`$KEYTOOL -list -v -keystore "$KEYSTORE" $PASSWORD -alias "$ALIAS" \| grep Valid \| head -1 \| perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }'`
	UNTIL_SECONDS=`date -d "$UNTIL" +%s`
	REMAINING_DAYS=$(( ($UNTIL_SECONDS - $(date +%s)) / 60 / 60 / 24 ))
	if [ $THRESHOLD -le $UNTIL_SECONDS ]; then
	echo "[OK] Certificate '$ALIAS' expires in '$UNTIL' ($REMAINING_DAYS day(s) remaining)."
	exit 0
	elif [ $REMAINING_DAYS -le 0 ]; then
	echo "[CRITICAL] Certificate $ALIAS has already expired."
	exit 2
	else
	echo "[WARNING] Certificate '$ALIAS' expires in '$UNTIL' ($REMAINING_DAYS day(s) remaining)."
	exit 1
	fi

	}

	eval set -- "$ARGS"

	while true
	do
	case "$1" in
	-p\|--password)
	if [ -n "$2" ]; then PASSWORD=" -storepass $2"; else echo "Invalid password"; exit 1; fi
	shift 2;;
	-k\|--keystore)
	if [ ! -f "$2" ]; then echo "Keystore not found: $1"; exit 1; else KEYSTORE=$2; fi
	shift 2;;
	-t\|--threshold)
	if [[ $2 =~ ^[0-9]+$ ]]; then THRESHOLD_IN_DAYS=$2; else echo "Invalid threshold"; exit 1; fi
	shift 2;;
	-a\|--alias)
	if [ -n "$2" ]; then ALIAS=$2; else echo "Entry type not set."; exit 1; fi
	shift 2;;
	--)
	shift
	break;;
	esac
	done

	if [ -n "$KEYSTORE" ] && [ -n "$ALIAS" ]
	then
	start
	else
	usage
	fi