#!/bin/bash

set -e
set -u

not_valid=""
for key in $(find /var/lib/unbound -type f) ; do
	if ! grep -v '^;' "$key" | grep -q '\[  VALID  \]'; then
		not_valid="$not_valid $(basename "$key" .key)"
	fi
done
if [ -n "$not_valid" ]; then
	echo "Warning: no valid trust anchors found for$not_valid."
	exit 1
fi

old_anchors=$(find /var/lib/unbound -type f -mtime +5)
if [ -n "$old_anchors" ]; then
	echo "Warning: Some keys are old: $old_anchors."
	exit 1
fi


echo "OK: All keys in /var/lib/unbound recent and valid"
exit 0
