/* REXX */ 00010000 /* REXCRTS - List all 0207 cert records */ 00020019 /* Flag Self-Signed and Expired Certs and Trusted Certs */ 00030039 /* Definitions: */ 00040019 /* Self-Signed = issuer name = subject name */ 00050019 /* Expired = today's date is beyond cert end date */ 00060019 /* */ 00070000 /* Uses + 0207 User Cert Name Record */ 00080000 /* Get Userid & Label */ 00090019 /* + 0500 Gen resource basic data record */ 00100032 /* Get Trust status */ 00110032 /* + 0560 User Cert Name Record */ 00111032 /* Get End Date */ 00112032 /* + 1560 User Cert Name Record */ 00120019 /* Issuer Name and Subject Name */ 00130019 /* */ 00140000 /* 2016/03/05 - Created by Harold Clough, SSO-Mechanicsburg. */ 00150039 /* 2016/05/23 - CLFenton added collection of 0500 record and */ 00151039 /* changed format of output report. */ 00152039 /*------------------------------------------------------------------ */ 00160000 /*trace r?*/ 00161040 /* initialize table counters */ 00170016 usn = 0 /* 207 recs */ 00180016 sst = 0 /* self-signed */ 00190016 exp = 0 /* expired */ 00200016 dis = 0 /* output recs */ 00210028 tru = 0 /* trust */ 00211032 ssc = 0 00212040 exc = 0 00213040 00220005 /* Main Driver */ 00230028 /* dbufile is IRRDBU00 unloaded dataset */ 00240028 "EXECIO * DISKR dbufile (stem dbfle. FINIS" 00250000 say 'Total Records in unloaded dataset ==> 'dbfle.0 00260000 call get_date 00270021 do a = 1 to dbfle.0 00280021 Rec_type = substr(dbfle.a,1,4) 00290021 if Rec_type = 0207 then 00300021 call Process207 00310021 if Rec_type = 0500 then 00311032 call Process500 00312032 if Rec_type = 1560 then 00320021 call Process1560 00330021 if Rec_type = 0560 then 00340021 call Process0560 00350021 end /* do a */ 00360021 say 'Search Completed . . . ' 00370029 call bld_outtab 00380021 call prnt_list 00390021 exit 00400000 00410019 /* */ 00420000 /* Subs */ 00430000 /* */ 00440000 /* Subroutines to print records in groups */ 00450000 /* prnt_group */ 00460000 get_date: 00470027 date8 = date('S') /*20150219 */ 00480027 date9 = insert('-',date8,4) /*2015-0219*/ 00490027 date10 = insert('-',date9,7) /*2015-02-19*/ 00500027 return 00510027 /* */ 00520019 prnt_list: 00530027 /* Write a report header */ 00540028 queue '*** ' 00550031 queue '*** List all certificates, show expired and self-signed ' 00560031 queue '*** Summary: Total Certs='usn 'Self-Signed='ssc 'Expired='exc 00570040 queue '*** ' 00580031 queue 'USERID LABEL ' 00590040 queue '-------- -------------------------------- ' 00600040 "EXECIO 6 DISKW rexout" 00610029 /* Write a report info */ 00620028 makebuf 00630027 do dis = 1 to usn 00640027 parse var outtab.dis fld1'!'fld2'!'fld3'!'StartDate EndDate, 00641037 Trust 00642037 queue fld1 00650034 call par_fld 00650234 queue ' Active Date 'StartDate 00651034 queue ' Expire Date 'EndDate 00652034 queue ' Trusted 'Trust 00652137 queue ' ' 00652237 /* queue ' Issuer DN - 'fld2 00653034 queue ' Subject DN - 'fld3*/ 00654034 end 00660027 "EXECIO * DISKW rexout (finis" 00670027 dropbuf 00680027 return 00690027 par_fld: 00691034 hdr = ' Issuer DN - ' 00691134 do until fld2 = "" 00692034 parse var fld2 fld +52 fld2 00693034 queue hdr fld 00694034 hdr = ' ' 00694134 end 00695034 hdr = ' Subject DN - ' 00695134 do until fld3 = "" 00695234 parse var fld3 fld +52 fld3 00695334 queue hdr fld 00695434 hdr = ' ' 00695534 end 00695634 return 00696034 /* build the output table */ 00700005 bld_outtab: 00710027 makebuf 00720027 do e = 1 to usn /* go thru stored 207 recs */ 00730027 /* UStab.usn = USCERT_USER USCERT_CERTLABL UCN_207 */ 00740027 parse var UStab.e userid +8 10 label +32 43 ucn_207 +246 . 00750027 /* The F loop will flag self-signed certs */ 00760027 ssflag = "No " /* reset flag before entering loop */ 00770040 if sst > 0 then /* only do if we have some ss certs */ 00780027 do 00790027 do f = 1 to sst /* go thru list of self-signed certs */ 00800027 /* Tab1560.sst = UCN_1560 */ 00810027 parse var Tab1560.f ucn_ss '!' ucn_idn '!' ucn_sdn 00820034 if ucn_ss = ucn_207 then do 00830039 if ucn_idn = ucn_sdn then do 00840040 ssc = ssc + 1 00841040 ssflag = "Yes" 00850040 end 00851040 leave f 00860039 end /* end if ucn_exp */ 00870027 end /* do f */ 00880027 end /* if sst > 0 */ 00890027 /* The m loop will flag expirec certs */ 00900027 exflag = "No " /* reset flag before entering loop */ 00910040 if exp > 0 then /* only do if we have some expired certs */ 00920027 do 00930027 do m = 1 to exp /* go thru list of expired certs */ 00940027 /* Tab0560.exp = UCN_0560 */ 00950027 parse var Tab0560.m ucn_ex +246 StartDate EndDate 00960034 if ucn_ex = ucn_207 then 00970027 do 00980027 /* say date10 EndDate StartDate*/ 00980139 if EndDate < date10 then do 00981034 exc = exc + 1 00982040 exflag = "Yes" 00990040 end /* end if EndDate */ 00991035 leave m 01000035 end /* end if ucn_ex */ 01011034 end /* do m */ 01020027 end /* do if exp > 0 */ 01030027 /* say userid label "EXP="exflag "SS="ssflag */ 01040027 if tru > 0 then /* only do if we have some expired certs */ 01042037 do 01043037 do m = 1 to tru /* go thru list of expired certs */ 01044037 /* Tab0560.exp = UCN_0560 */ 01045037 parse var Tab0500.m tru_ex +246 Trust 01046037 if tru_ex = ucn_207 then do 01047037 /* say userid label Trust*/ 01048239 if Trust = "TRUST" then Trust = 'Yes' 01048337 if Trust = "NOTRUST" then Trust = 'No' 01048437 if Trust = "HIGHTRST" then Trust = 'High' 01048537 leave m 01049437 end /* end if ucn_ex */ 01049537 end /* do m */ 01049637 end /* do if exp > 0 */ 01049737 /* say userid label "EXP="exflag "SS="ssflag */ 01049837 outtab.e = userid label "Expired="exflag " ", 01050040 "Self-Signed="ssflag 01050140 outtab.e = outtab.e'!'ucn_idn'!'ucn_sdn'!'StartDate EndDate Trust 01051037 end /* do e */ 01060027 dropbuf 01070027 return 01080027 /* */ 01090027 process207: 01100027 dbfle.a = dbfle.a 01101039 USCERT_USER = substr(dbfle.a,6,8) 01110027 /* parse var dbfle.a 15 USCERT_SN "." . Use this if you want sn */ 01120027 UCN_207 = substr(dbfle.a,15,246) 01130027 USCERT_CERTLABL = substr(dbfle.a,262,32) 01140027 usn = usn + 1 01150027 UStab.usn = USCERT_USER USCERT_CERTLABL UCN_207 01160027 return 01170027 /* */ 01180027 process500: 01190033 dbfle.a = dbfle.a 01191039 UCN_0500 = substr(dbfle.a,6,246) /* 246-Char Cert Name */ 01200032 grbd_uacc = substr(dbfle.a,337,8) /* uacc - trust/notrust/hightrst */ 01210032 tru = tru + 1 /* sst = counter for ss certs */ 01240032 Tab0500.tru = UCN_0500 grbd_uacc 01250037 return 01270027 /* */ 01280027 process0560: 01281032 dbfle.a = dbfle.a 01281139 UCN_0560 = substr(dbfle.a,6,246) /* 246-Char Cert Name */ 01282032 StartDate = substr(dbfle.a,262,10) /* Start Date */ 01283032 EndDate = substr(dbfle.a,282,10) /* End Date */ 01283132 exp = exp + 1 /* sst = counter for ss certs */ 01286032 Tab0560.exp = UCN_0560 StartDate EndDate 01287036 return 01289032 /* */ 01289132 process1560: 01290027 dbfle.a = dbfle.a 01291039 UCN_1560 = substr(dbfle.a,6,246) /* 246-Char Cert Name */ 01300027 IDN = substr(dbfle.a,262,1024) /* Issuer DN */ 01310027 SDN = substr(dbfle.a,1287,1024) /* Subject DN */ 01320027 sst = sst + 1 /* sst = counter for ss certs */ 01350039 Tab1560.sst = UCN_1560'!'IDN'!'SDN 01360039 return 01380027 /** end of subroutines */ 01390005