certcheck.py

   1 import subprocess, re, os, datetime
   2
   3 def check_dir(dirname, days):
   4     for name in os.listdir(dirname):
   5         name = os.path.join(dirname, name)
   6         if os.path.isdir(name):
   7             check_dir(name, days)
   8         elif name.endswith('.crt'):
   9             check_file(name, days)
  10
  11 def cert_expiry_date(filename):
  12     valid_not_after = subprocess.check_output(["openssl", "x509", "-enddate", "-in", filename, "-noout"]).decode('utf-8')
  13     match = re.match("notAfter=([a-zA-Z0-9: ]+)", valid_not_after)
  14     assert match is not None, "Unexpected output from openssl: " + valid_not_after
  15     enddate = match.group(1)
  16     return datetime.datetime.strptime(enddate, '%b %d %X %Y %Z')
  17
  18 def check_file(filename, days):
  19     enddate = cert_expiry_date(filename)
  20     delta = enddate - datetime.datetime.now()
  21     if delta < datetime.timedelta(days=days):
  22         print("{} expires at {}, which is in {} days".format(filename, enddate, delta.days))