Module: CertChecker
- Extended by:
- CertChecker
- Included in:
- CertChecker
- Defined in:
- lib/cert_checker.rb,
lib/cert_checker/version.rb
Defined Under Namespace
Classes: Error
Constant Summary collapse
- DEFAULT_TIMEOUT =
5
- ONE_DAY =
3600.0 * 24
- VERSION =
"0.1.2"
Instance Method Summary collapse
- #cert_store ⇒ Object
- #check(host, *args) ⇒ status_symbol, ...
- #get_cert(host, port = 443, timeout: DEFAULT_TIMEOUT) ⇒ Object
- #verify(host, *args) ⇒ cert, ...
Instance Method Details
#cert_store ⇒ Object
69 70 71 72 73 |
# File 'lib/cert_checker.rb', line 69 def cert_store @cert_store ||= OpenSSL::X509::Store.new.tap do |store| store.set_default_paths end end |
#check(host, *args) ⇒ status_symbol, ...
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/cert_checker.rb', line 48 def check(host, *args) cert, verify_result, _cert_chain, err_str = verify(host, *args) return [:failed, host, nil, nil, nil] unless cert status_sym = :unverifiable unless verify_result issuer = get_cert_issuer_name(cert) expired_at = cert.not_after valid_days = ((cert.not_after - Time.now) / ONE_DAY).floor valid_days = 0 if valid_days < 0 desc = err_str || valid_days status_sym ||= :not_match unless verify_cert_dns(host, cert) status_sym ||= if expired_at <= Time.now then :expired elsif expired_at <= Time.now + 15 * ONE_DAY then :urgent elsif expired_at <= Time.now + 30 * ONE_DAY then :warning else :ok end [status_sym, host, issuer, expired_at, desc] end |
#get_cert(host, port = 443, timeout: DEFAULT_TIMEOUT) ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/cert_checker.rb', line 16 def get_cert(host, port = 443, timeout: DEFAULT_TIMEOUT) tcp_client = Socket.tcp(host, port, connect_timeout: timeout) ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client) ssl_client.hostname = host begin ssl_client.connect_nonblock rescue IO::WaitReadable retry if IO.select([ssl_client], nil, nil, timeout) rescue IO::WaitWritable retry if IO.select(nil, [ssl_client], nil, timeout) end [ssl_client.peer_cert, ssl_client.peer_cert_chain].tap do ssl_client.close tcp_client.close end rescue SocketError, SystemCallError, OpenSSL::SSL::SSLError => e raise CertChecker::Error.new("Failed to get cert of #{host}:#{port}. #{e.inspect}") end |
#verify(host, *args) ⇒ cert, ...
38 39 40 41 42 43 44 45 |
# File 'lib/cert_checker.rb', line 38 def verify(host, *args) cert, cert_chain = get_cert(host, *args) if cert err = nil result = cert_store.verify(cert, cert_chain) { |r, s| err = s.error_string unless r; r } [cert, result, cert_chain, err] end end |