1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#
# Function: cert_date_valid()
#
# Checks SSL cetificate date validity.
#
# Returns false if the certificate is expired or not yet valid, or the number
# of seconds the certificate is still valid for.
#
# Parameter: path to ssl certificate
#
module Puppet::Parser::Functions
newfunction(:cert_date_valid, :type => :rvalue) do |args|
require 'time'
certfile = args[0]
dates = `openssl x509 -dates -noout < #{certfile}`.gsub("\n", '')
raise "No date found in certificate" unless dates.match(/not(Before|After)=/)
certbegin = Time.parse(dates.gsub(/.*notBefore=(.+? GMT).*/, '\1'))
certend = Time.parse(dates.gsub(/.*notAfter=(.+? GMT).*/, '\1'))
now = Time.now
if (now > certend)
# certificate is expired
false
elsif (now < certbegin)
# certificate is not yet valid
false
elsif (certend <= certbegin)
# certificate will never be valid
false
else
# return number of seconds certificate is still valid for
(certend - now).to_i
end
end
end
|
