Do all renewable checking in awk script

easyrsa3/easyrsa

@@ -2064,26 +2064,27 @@ renewable() {
 	verify_ca_init
 
 	in_dir="$EASYRSA_PKI"
-	if [ $# -eq 0 ] ; then
+	MATCH=$(echo "$*" | sed -re 's/\s+/|/g')
-            awkscript='
+	DATE=$(date --date \
+               "+${EASYRSA_CERT_RENEW} days" \
+               +"%y%m%d%H%M%S")
+        { awkscript=$(cat) ; } <<EOF
 BEGIN { FS = "\t" };
-$1 ~ '/V/' {
+# Only report valid entries
-  gsub(".*/CN=", "",  $6);
+\$1 ~ /V/ {
-  gsub("[^-0-9a-zA-Z.].*", "", $6);
+  # Only consider CN
-  print $6;
+  gsub(".*/CN=", "",  \$6);
-}'
+  gsub("[^-0-9a-zA-Z.].*", "", \$6);
-		candidates=$(awk "$awkscript" ${in_dir}/index.txt)
+  # Only report old enough candidates
-	else
+  if (\$2 < "${DATE}") {
-		candidates=$*
+    # Only report matches
-	fi
+    if (\$6 ~ /(${MATCH})/) {
-	matches=""
+      print \$6;
-	for candidate in $candidates ; do
+    }
-		crt_in="$in_dir/issued/$candidate.crt"
+  }
-		cert_dates "$crt_in"
+}
-		if [ "$expire_date" -lt "$allow_renew_date" ] ; then
+EOF
-		    matches="$matches $candidate"
+	matches=$(awk "$awkscript" "${in_dir}/index.txt")
-		fi
-	done
 	if [ -z "$matches" ] ; then
 		# Nothing to renew
 		exit 1