cert_checker 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +14 -0
- data/.rspec +3 -0
- data/.rubocop.yml +137 -0
- data/.travis.yml +7 -0
- data/Gemfile +6 -0
- data/Gemfile.lock +59 -0
- data/LICENSE.txt +21 -0
- data/README.md +87 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/cert_checker.gemspec +31 -0
- data/exe/cert_checker +42 -0
- data/lib/cert_checker/version.rb +5 -0
- data/lib/cert_checker.rb +90 -0
- metadata +130 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 3fbfe0496dab05b12e7f5d32ff36b27a12c129714f1631ba3c32f220b7093ae6
|
4
|
+
data.tar.gz: fa06b46de835033f37ff60bf76e120aac7e495cd16a93f2f37c9cddc1bc22f01
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4ad67822ece77d667957d8fe139d75ac50b7f9aa4c4d89870c83b8d81d8c8101542785d50888a6510f3454c6da0605239eb4c186e56948768fe815a52b42524e
|
7
|
+
data.tar.gz: ebd96f2c92a505932ecdcd2c4207ff8bfb2b1a3c2bfef18486d823636f7aaab4373dca2128e9ffcd46ccca1c4431248982309be88c2c3f66fdb7d24ab6555966
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.rubocop.yml
ADDED
@@ -0,0 +1,137 @@
|
|
1
|
+
---
|
2
|
+
# https://github.com/rails/rails/blob/master/.rubocop.yml
|
3
|
+
#
|
4
|
+
AllCops:
|
5
|
+
TargetRubyVersion: 2.5
|
6
|
+
# RuboCop has a bunch of cops enabled by default. This setting tells RuboCop
|
7
|
+
# to ignore them, so only the ones explicitly set in this file are enabled.
|
8
|
+
DisabledByDefault: true
|
9
|
+
|
10
|
+
# Prefer &&/|| over and/or.
|
11
|
+
Style/AndOr:
|
12
|
+
Enabled: true
|
13
|
+
|
14
|
+
# Do not use braces for hash literals when they are the last argument of a
|
15
|
+
# method call.
|
16
|
+
Style/BracesAroundHashParameters:
|
17
|
+
Enabled: true
|
18
|
+
|
19
|
+
# Align `when` with `case`.
|
20
|
+
Layout/CaseIndentation:
|
21
|
+
Enabled: true
|
22
|
+
EnforcedStyle: end
|
23
|
+
IndentOneStep: false
|
24
|
+
|
25
|
+
# Align comments with method definitions.
|
26
|
+
Layout/CommentIndentation:
|
27
|
+
Enabled: true
|
28
|
+
|
29
|
+
Layout/EmptyLineAfterMagicComment:
|
30
|
+
Enabled: true
|
31
|
+
|
32
|
+
# No extra empty lines.
|
33
|
+
Layout/EmptyLines:
|
34
|
+
Enabled: true
|
35
|
+
|
36
|
+
# In a regular class definition, no empty lines around the body.
|
37
|
+
Layout/EmptyLinesAroundClassBody:
|
38
|
+
Enabled: true
|
39
|
+
|
40
|
+
# In a regular method definition, no empty lines around the body.
|
41
|
+
Layout/EmptyLinesAroundMethodBody:
|
42
|
+
Enabled: true
|
43
|
+
|
44
|
+
# In a regular module definition, no empty lines around the body.
|
45
|
+
Layout/EmptyLinesAroundModuleBody:
|
46
|
+
Enabled: true
|
47
|
+
|
48
|
+
# Use Ruby >= 1.9 syntax for hashes. Prefer { a: :b } over { :a => :b }.
|
49
|
+
Style/HashSyntax:
|
50
|
+
Enabled: true
|
51
|
+
|
52
|
+
# Method definitions after `private` or `protected` isolated calls need one
|
53
|
+
# extra level of indentation.
|
54
|
+
Layout/IndentationConsistency:
|
55
|
+
Enabled: true
|
56
|
+
# EnforcedStyle: rails
|
57
|
+
|
58
|
+
# Two spaces, no tabs (for indentation).
|
59
|
+
Layout/IndentationWidth:
|
60
|
+
Enabled: true
|
61
|
+
|
62
|
+
Layout/SpaceAfterColon:
|
63
|
+
Enabled: true
|
64
|
+
|
65
|
+
Layout/SpaceAfterComma:
|
66
|
+
Enabled: true
|
67
|
+
|
68
|
+
Layout/SpaceAroundEqualsInParameterDefault:
|
69
|
+
Enabled: true
|
70
|
+
|
71
|
+
Layout/SpaceAroundKeyword:
|
72
|
+
Enabled: true
|
73
|
+
|
74
|
+
Layout/SpaceAroundOperators:
|
75
|
+
Enabled: true
|
76
|
+
|
77
|
+
Layout/SpaceBeforeFirstArg:
|
78
|
+
Enabled: true
|
79
|
+
|
80
|
+
# Defining a method with parameters needs parentheses.
|
81
|
+
Style/MethodDefParentheses:
|
82
|
+
Enabled: true
|
83
|
+
|
84
|
+
# str = "abcda"
|
85
|
+
# str.gsub!("c", "b") # will raise a error, we cannot change string literal
|
86
|
+
Style/FrozenStringLiteralComment:
|
87
|
+
Enabled: true
|
88
|
+
EnforcedStyle: always
|
89
|
+
Include:
|
90
|
+
- 'app/**/*'
|
91
|
+
- 'lib/**/*'
|
92
|
+
|
93
|
+
# Use `foo {}` not `foo{}`.
|
94
|
+
Layout/SpaceBeforeBlockBraces:
|
95
|
+
Enabled: true
|
96
|
+
|
97
|
+
# Use `foo { bar }` not `foo {bar}`.
|
98
|
+
Layout/SpaceInsideBlockBraces:
|
99
|
+
Enabled: true
|
100
|
+
|
101
|
+
# Use `{ a: 1 }` not `{a:1}`.
|
102
|
+
Layout/SpaceInsideHashLiteralBraces:
|
103
|
+
Enabled: true
|
104
|
+
|
105
|
+
Layout/SpaceInsideParens:
|
106
|
+
Enabled: true
|
107
|
+
|
108
|
+
# Check quotes usage according to lint rule below.
|
109
|
+
# Style/StringLiterals:
|
110
|
+
# Enabled: true
|
111
|
+
# EnforcedStyle: double_quotes
|
112
|
+
|
113
|
+
# Detect hard tabs, no hard tabs.
|
114
|
+
Layout/Tab:
|
115
|
+
Enabled: true
|
116
|
+
|
117
|
+
# Blank lines should not have any spaces.
|
118
|
+
Layout/TrailingBlankLines:
|
119
|
+
Enabled: true
|
120
|
+
|
121
|
+
# No trailing whitespace.
|
122
|
+
Layout/TrailingWhitespace:
|
123
|
+
Enabled: true
|
124
|
+
|
125
|
+
# Use quotes for string literals when they are enough.
|
126
|
+
# Style/UnneededPercentQ:
|
127
|
+
# Enabled: true
|
128
|
+
|
129
|
+
# Align `end` with the matching keyword or starting expression except for
|
130
|
+
# assignments, where it should be aligned with the LHS.
|
131
|
+
Layout/EndAlignment:
|
132
|
+
Enabled: true
|
133
|
+
EnforcedStyleAlignWith: variable
|
134
|
+
|
135
|
+
# Use my_method(my_arg) not my_method( my_arg ) or my_method my_arg.
|
136
|
+
Lint/RequireParentheses:
|
137
|
+
Enabled: true
|
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
cert_checker (0.1.0)
|
5
|
+
|
6
|
+
GEM
|
7
|
+
remote: https://rubygems.org/
|
8
|
+
specs:
|
9
|
+
ast (2.4.0)
|
10
|
+
coderay (1.1.2)
|
11
|
+
diff-lcs (1.3)
|
12
|
+
jaro_winkler (1.5.1)
|
13
|
+
method_source (0.9.2)
|
14
|
+
parallel (1.12.1)
|
15
|
+
parser (2.5.3.0)
|
16
|
+
ast (~> 2.4.0)
|
17
|
+
powerpack (0.1.2)
|
18
|
+
pry (0.12.2)
|
19
|
+
coderay (~> 1.1.0)
|
20
|
+
method_source (~> 0.9.0)
|
21
|
+
rainbow (3.0.0)
|
22
|
+
rake (10.5.0)
|
23
|
+
rspec (3.8.0)
|
24
|
+
rspec-core (~> 3.8.0)
|
25
|
+
rspec-expectations (~> 3.8.0)
|
26
|
+
rspec-mocks (~> 3.8.0)
|
27
|
+
rspec-core (3.8.0)
|
28
|
+
rspec-support (~> 3.8.0)
|
29
|
+
rspec-expectations (3.8.2)
|
30
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
31
|
+
rspec-support (~> 3.8.0)
|
32
|
+
rspec-mocks (3.8.0)
|
33
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
34
|
+
rspec-support (~> 3.8.0)
|
35
|
+
rspec-support (3.8.0)
|
36
|
+
rubocop (0.60.0)
|
37
|
+
jaro_winkler (~> 1.5.1)
|
38
|
+
parallel (~> 1.10)
|
39
|
+
parser (>= 2.5, != 2.5.1.1)
|
40
|
+
powerpack (~> 0.1)
|
41
|
+
rainbow (>= 2.2.2, < 4.0)
|
42
|
+
ruby-progressbar (~> 1.7)
|
43
|
+
unicode-display_width (~> 1.4.0)
|
44
|
+
ruby-progressbar (1.10.0)
|
45
|
+
unicode-display_width (1.4.0)
|
46
|
+
|
47
|
+
PLATFORMS
|
48
|
+
ruby
|
49
|
+
|
50
|
+
DEPENDENCIES
|
51
|
+
bundler (~> 1.17)
|
52
|
+
cert_checker!
|
53
|
+
pry (>= 0.10)
|
54
|
+
rake (~> 10.0)
|
55
|
+
rspec (~> 3.0)
|
56
|
+
rubocop (~> 0.60.0)
|
57
|
+
|
58
|
+
BUNDLED WITH
|
59
|
+
1.17.1
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2018 jiangzhi.xie
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,87 @@
|
|
1
|
+
# CertChecker
|
2
|
+
|
3
|
+
A tool to check X509 cert status
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
```
|
8
|
+
$ gem install cert_checker
|
9
|
+
```
|
10
|
+
|
11
|
+
## Command Line Usage
|
12
|
+
|
13
|
+
|
14
|
+
```
|
15
|
+
$ cert_checker
|
16
|
+
cert_checker [-d domain_or_ip] [-f hosts_file]
|
17
|
+
-d host host name, example google.com. more host: -h h1.com -h h2.com
|
18
|
+
-f file hosts file, split hosts by new line, and ignore line whice start by # and empt line
|
19
|
+
```
|
20
|
+
|
21
|
+
### Examples
|
22
|
+
|
23
|
+
```
|
24
|
+
$ cert_checker -d taobao.com -d xjz.pw
|
25
|
+
ok taobao.com GlobalSign nv-sa 2019-11-13 344 days
|
26
|
+
ok xjz.pw Let's Encrypt 2019-02-18 76 days
|
27
|
+
|
28
|
+
$ cat >> myhosts <<EOF
|
29
|
+
# A
|
30
|
+
xjz.pw
|
31
|
+
|
32
|
+
# B
|
33
|
+
taobao.com
|
34
|
+
jd.com
|
35
|
+
EOF
|
36
|
+
|
37
|
+
$ cert_checker -f myhosts
|
38
|
+
ok xjz.pw Let's Encrypt 2019-02-18 76 days
|
39
|
+
ok taobao.com GlobalSign nv-sa 2019-11-13 344 days
|
40
|
+
ok jd.com GlobalSign nv-sa 2019-09-28 298 days
|
41
|
+
```
|
42
|
+
|
43
|
+
## Code Usage
|
44
|
+
|
45
|
+
```
|
46
|
+
require 'cert_checker'
|
47
|
+
|
48
|
+
status, host, issuer, expired, desc = CertChecker.check('taobao.com')
|
49
|
+
|
50
|
+
# Other port and timeout
|
51
|
+
port = 443 # default
|
52
|
+
status, host, issuer, expired, desc = CertChecker.check('taobao.com', port, timeout: 5)
|
53
|
+
```
|
54
|
+
|
55
|
+
**Add your root cert**
|
56
|
+
|
57
|
+
```
|
58
|
+
CertChecker.cert_store.add_cert(root_ca)
|
59
|
+
|
60
|
+
# It will trust certs which signed by this root ca
|
61
|
+
status, host, issuer, expired, desc = CertChecker.check('mydomain.com', port, timeout: 3)
|
62
|
+
```
|
63
|
+
|
64
|
+
**Multiple cert store instance**
|
65
|
+
|
66
|
+
```
|
67
|
+
class MyChecker
|
68
|
+
include CertChecker
|
69
|
+
end
|
70
|
+
|
71
|
+
MyChecker.cert_store.add_cert(root_ca)
|
72
|
+
status, host, issuer, expired, desc = MyChecker.check('mydomain.com', port, timeout: 3)
|
73
|
+
```
|
74
|
+
|
75
|
+
## Development
|
76
|
+
|
77
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
78
|
+
|
79
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
80
|
+
|
81
|
+
## Contributing
|
82
|
+
|
83
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/xiejiangzhi/cert_checker.
|
84
|
+
|
85
|
+
## License
|
86
|
+
|
87
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "cert_checker"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
|
2
|
+
lib = File.expand_path("../lib", __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require "cert_checker/version"
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "cert_checker"
|
8
|
+
spec.version = CertChecker::VERSION
|
9
|
+
spec.authors = ["jiangzhi.xie"]
|
10
|
+
spec.email = ["xiejiangzhi@gmail.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{A tool to check host certs config}
|
13
|
+
spec.description = %q{A tool to check host certs config}
|
14
|
+
spec.homepage = "https://github.com/xiejiangzhi/cert_checker"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
# Specify which files should be added to the gem when it is released.
|
18
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
19
|
+
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
20
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
21
|
+
end
|
22
|
+
spec.bindir = "exe"
|
23
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
|
+
spec.require_paths = ["lib"]
|
25
|
+
|
26
|
+
spec.add_development_dependency "bundler", "~> 1.17"
|
27
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
28
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
29
|
+
spec.add_development_dependency "pry", ">= 0.10"
|
30
|
+
spec.add_development_dependency "rubocop", "~> 0.60.0"
|
31
|
+
end
|
data/exe/cert_checker
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
#! /usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'cert_checker'
|
4
|
+
require 'optparse'
|
5
|
+
|
6
|
+
options = { hosts: [] }
|
7
|
+
|
8
|
+
parser = OptionParser.new do |opts|
|
9
|
+
opts.banner = "cert_checker [-d domain_or_ip] [-f hosts_file]"
|
10
|
+
opts.version = CertChecker::VERSION
|
11
|
+
|
12
|
+
opts.on('-d domain', "host name, example google.com. more host: -d h1.com -d h2.com") do |host|
|
13
|
+
options[:hosts] << host
|
14
|
+
end
|
15
|
+
|
16
|
+
opts.on(
|
17
|
+
'-f file', "hosts file, split hosts by new line, and ignore line whice start by # and empt line"
|
18
|
+
) do |file|
|
19
|
+
options[:file] = file
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
parser.parse!
|
24
|
+
|
25
|
+
hosts = options[:hosts]
|
26
|
+
if (file = options[:file]) && File.exists?(file)
|
27
|
+
hosts += File.readlines(file).map(&:strip).select { |host| host.size > 0 && host[0] != '#' }
|
28
|
+
end
|
29
|
+
|
30
|
+
puts parser.help if hosts.empty?
|
31
|
+
|
32
|
+
format = "%-14s %-35s %-20s %10s %s"
|
33
|
+
hosts.each do |host|
|
34
|
+
begin
|
35
|
+
status, host, issuer, expired, desc = CertChecker.check(host)
|
36
|
+
expired = expired.strftime('%F') if expired
|
37
|
+
desc = desc.to_s + ' days' if desc.to_s =~ /^\d+$/
|
38
|
+
puts format % [status, host, issuer, expired, desc]
|
39
|
+
rescue CertChecker::Error => e
|
40
|
+
puts format % ['error', e.message]
|
41
|
+
end
|
42
|
+
end
|
data/lib/cert_checker.rb
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "cert_checker/version"
|
4
|
+
|
5
|
+
require 'socket'
|
6
|
+
require 'openssl'
|
7
|
+
|
8
|
+
module CertChecker
|
9
|
+
extend self
|
10
|
+
|
11
|
+
class Error < StandardError; end
|
12
|
+
|
13
|
+
DEFAULT_TIMEOUT = 5
|
14
|
+
ONE_DAY = 3600.0 * 24
|
15
|
+
|
16
|
+
def get_cert(host, port = 443, timeout: DEFAULT_TIMEOUT)
|
17
|
+
tcp_client = Socket.tcp(host, port, connect_timeout: timeout)
|
18
|
+
ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client)
|
19
|
+
ssl_client.hostname = host
|
20
|
+
|
21
|
+
begin
|
22
|
+
ssl_client.connect_nonblock
|
23
|
+
rescue IO::WaitReadable
|
24
|
+
retry if IO.select([ssl_client], nil, nil, timeout)
|
25
|
+
rescue IO::WaitWritable
|
26
|
+
retry if IO.select(nil, [ssl_client], nil, timeout)
|
27
|
+
end
|
28
|
+
|
29
|
+
[ssl_client.peer_cert, ssl_client.peer_cert_chain].tap do
|
30
|
+
ssl_client.close
|
31
|
+
tcp_client.close
|
32
|
+
end
|
33
|
+
rescue SocketError, SystemCallError, OpenSSL::SSL::SSLError => e
|
34
|
+
raise CertChecker::Error.new("Failed to get cert of #{host}:#{port}. #{e.inspect}")
|
35
|
+
end
|
36
|
+
|
37
|
+
# @return [cert, verify_result, cert_chain, err_str]
|
38
|
+
def verify(host, *args)
|
39
|
+
cert, cert_chain = get_cert(host, *args)
|
40
|
+
if cert
|
41
|
+
err = nil
|
42
|
+
result = cert_store.verify(cert, cert_chain) { |r, s| err = s.error_string unless r; r }
|
43
|
+
[cert, result, cert_chain, err]
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# @return [status_symbol, host, issuer, expired_at, desc]
|
48
|
+
def check(host, *args)
|
49
|
+
cert, verify_result, cert_chain, err_str = verify(host, *args)
|
50
|
+
return ['failed', host, nil, nil, nil] unless cert
|
51
|
+
status_sym = :unverifiable unless verify_result
|
52
|
+
|
53
|
+
issuer = get_cert_issuer_name(cert)
|
54
|
+
expired_at = cert.not_after
|
55
|
+
valid_days = ((cert.not_after - Time.now) / ONE_DAY).floor
|
56
|
+
valid_days = 0 if valid_days < 0
|
57
|
+
desc = err_str || valid_days
|
58
|
+
|
59
|
+
status_sym ||= :not_match unless verify_cert_dns(host, cert)
|
60
|
+
status_sym ||= if expired_at <= Time.now then :expired
|
61
|
+
elsif expired_at <= Time.now + 15 * ONE_DAY then :urgent
|
62
|
+
elsif expired_at <= Time.now + 30 * ONE_DAY then :warning
|
63
|
+
else :ok
|
64
|
+
end
|
65
|
+
|
66
|
+
[status_sym, host, issuer, expired_at, desc]
|
67
|
+
end
|
68
|
+
|
69
|
+
def cert_store
|
70
|
+
@cert_store ||= OpenSSL::X509::Store.new.tap do |store|
|
71
|
+
store.set_default_paths
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
private
|
76
|
+
|
77
|
+
def verify_cert_dns(host, cert)
|
78
|
+
dns_ext = cert.extensions.find { |e| e.oid == 'subjectAltName' }
|
79
|
+
dns = dns_ext.value.split(',').map { |d| d.split(':').last }
|
80
|
+
!dns.all? { |d| !(Regexp.new('\A' + d.gsub('*', '.+') + '\z') =~ host) }
|
81
|
+
end
|
82
|
+
|
83
|
+
def get_cert_issuer_name(cert)
|
84
|
+
issuer_names = cert.issuer.to_a
|
85
|
+
(
|
86
|
+
issuer_names.find { |name, data, type| name == 'O' } ||
|
87
|
+
issuer_names.find { |name, data, type| name == 'CN' }
|
88
|
+
)[1]
|
89
|
+
end
|
90
|
+
end
|
metadata
ADDED
@@ -0,0 +1,130 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cert_checker
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- jiangzhi.xie
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-12-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.17'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.17'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: pry
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0.10'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0.10'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rubocop
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: 0.60.0
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 0.60.0
|
83
|
+
description: A tool to check host certs config
|
84
|
+
email:
|
85
|
+
- xiejiangzhi@gmail.com
|
86
|
+
executables:
|
87
|
+
- cert_checker
|
88
|
+
extensions: []
|
89
|
+
extra_rdoc_files: []
|
90
|
+
files:
|
91
|
+
- ".gitignore"
|
92
|
+
- ".rspec"
|
93
|
+
- ".rubocop.yml"
|
94
|
+
- ".travis.yml"
|
95
|
+
- Gemfile
|
96
|
+
- Gemfile.lock
|
97
|
+
- LICENSE.txt
|
98
|
+
- README.md
|
99
|
+
- Rakefile
|
100
|
+
- bin/console
|
101
|
+
- bin/setup
|
102
|
+
- cert_checker.gemspec
|
103
|
+
- exe/cert_checker
|
104
|
+
- lib/cert_checker.rb
|
105
|
+
- lib/cert_checker/version.rb
|
106
|
+
homepage: https://github.com/xiejiangzhi/cert_checker
|
107
|
+
licenses:
|
108
|
+
- MIT
|
109
|
+
metadata: {}
|
110
|
+
post_install_message:
|
111
|
+
rdoc_options: []
|
112
|
+
require_paths:
|
113
|
+
- lib
|
114
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
115
|
+
requirements:
|
116
|
+
- - ">="
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - ">="
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '0'
|
124
|
+
requirements: []
|
125
|
+
rubyforge_project:
|
126
|
+
rubygems_version: 2.7.6
|
127
|
+
signing_key:
|
128
|
+
specification_version: 4
|
129
|
+
summary: A tool to check host certs config
|
130
|
+
test_files: []
|