check_certificate_chain 0.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/bin/check_certificate_chain +93 -0
- metadata +46 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: cd6c44ce20ed10b6e27ce10f5d4287bb1c0a793b
|
|
4
|
+
data.tar.gz: dbebf17893c6b0684e87b63e211f296061aab82e
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 97ab4b9072b289007394270b85c79464e12fdfe15db9aba8491a625ac8118eb00f25f07bb92e81be89958877746b730337679aa006290f0e0fafd9b136699a8a
|
|
7
|
+
data.tar.gz: 4d69b10d286bcada52e718eb9c2f34b2befa3e58154e2426f0557aee18457e567aed29d47a042c66472b919ff43efc4ac3b1f3ff0fc0658eabc24593bf105768
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
require 'openssl'
|
|
4
|
+
require 'socket'
|
|
5
|
+
require 'uri'
|
|
6
|
+
require 'colorize'
|
|
7
|
+
|
|
8
|
+
module OpenSSL
|
|
9
|
+
module X509
|
|
10
|
+
class Certificate
|
|
11
|
+
def self_signed?
|
|
12
|
+
self.verify self.public_key
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
cert_store = OpenSSL::X509::Store.new
|
|
19
|
+
cert_store.set_default_paths
|
|
20
|
+
|
|
21
|
+
uri = URI(ARGV[0])
|
|
22
|
+
uri = uri.host.nil? ? ARGV[0] : uri.host
|
|
23
|
+
|
|
24
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
|
25
|
+
socket = TCPSocket.new(uri, 443)
|
|
26
|
+
|
|
27
|
+
ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
|
|
28
|
+
ssl.hostname = uri
|
|
29
|
+
|
|
30
|
+
ssl.connect
|
|
31
|
+
|
|
32
|
+
chain = ssl.peer_cert_chain
|
|
33
|
+
puts "---"
|
|
34
|
+
puts "Certificate chain"
|
|
35
|
+
chain.size.times do |index|
|
|
36
|
+
puts " #{index} s:#{chain[index].subject.to_s}"
|
|
37
|
+
puts " i:#{chain[index].issuer.to_s}"
|
|
38
|
+
end
|
|
39
|
+
print "--- "
|
|
40
|
+
if OpenSSL::SSL.verify_certificate_identity(chain[0], uri)
|
|
41
|
+
puts "The hostname (".green + "#{uri}".bold + ") is correctly listed in the certificate".green
|
|
42
|
+
|
|
43
|
+
puts "--- " + "The certificate will expire in ".green +
|
|
44
|
+
"#{((chain[0].not_after - chain[0].not_before).to_i / (24 * 60 * 60)).to_s}".bold + " days.".green
|
|
45
|
+
else
|
|
46
|
+
puts "None of the common names in the certificate match the name that was entered (".red +
|
|
47
|
+
"#{uri}".bold + ").".red
|
|
48
|
+
end
|
|
49
|
+
puts "---"
|
|
50
|
+
|
|
51
|
+
check_chain_status = true
|
|
52
|
+
|
|
53
|
+
chain.each_with_index do |certificate, i|
|
|
54
|
+
subject = certificate.subject.to_s.split("CN=").last
|
|
55
|
+
puts "Common name: ".bold + "#{subject}"
|
|
56
|
+
|
|
57
|
+
sans = certificate.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
|
|
58
|
+
unless sans.nil?
|
|
59
|
+
sans = sans.value.delete('DNS:')
|
|
60
|
+
puts "SANs: ".bold + sans
|
|
61
|
+
end
|
|
62
|
+
puts "Valid ".bold + "#{certificate.not_before.strftime('from %B %d, %Y')} " + "#{certificate.not_after.strftime('to %B %d, %Y')}"
|
|
63
|
+
puts "Serial Number: ".bold + certificate.serial.to_s(16)
|
|
64
|
+
puts "Signature Algorithm: ".bold + certificate.signature_algorithm
|
|
65
|
+
puts "Issuer: ".bold + certificate.issuer.to_s.split("CN=").last
|
|
66
|
+
print "--- "
|
|
67
|
+
|
|
68
|
+
if check_chain_status
|
|
69
|
+
unless chain[i+1].nil?
|
|
70
|
+
if certificate.verify chain[i+1].public_key
|
|
71
|
+
puts "chain ok".yellow
|
|
72
|
+
else
|
|
73
|
+
puts "chain broken".red
|
|
74
|
+
check_chain_status = false
|
|
75
|
+
end
|
|
76
|
+
else
|
|
77
|
+
# Check agains certificate store
|
|
78
|
+
unless certificate.self_signed?
|
|
79
|
+
if cert_store.verify certificate
|
|
80
|
+
puts "checked against os store; chain ok".yellow
|
|
81
|
+
else
|
|
82
|
+
puts "checked against os store; chain broken".red
|
|
83
|
+
chain_check_status = false
|
|
84
|
+
end
|
|
85
|
+
else
|
|
86
|
+
puts "\n"
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
else
|
|
90
|
+
puts "\n"
|
|
91
|
+
end
|
|
92
|
+
# puts "\n" if chain.size == i + 1 || check_chain_status == false
|
|
93
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: check_certificate_chain
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Jora Porcu
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2017-07-19 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: Make a ssl connections. Show certificates details and check certificates
|
|
14
|
+
chain.
|
|
15
|
+
email: jitlogan@gmail.com
|
|
16
|
+
executables:
|
|
17
|
+
- check_certificate_chain
|
|
18
|
+
extensions: []
|
|
19
|
+
extra_rdoc_files: []
|
|
20
|
+
files:
|
|
21
|
+
- bin/check_certificate_chain
|
|
22
|
+
homepage:
|
|
23
|
+
licenses:
|
|
24
|
+
- MIT
|
|
25
|
+
metadata: {}
|
|
26
|
+
post_install_message:
|
|
27
|
+
rdoc_options: []
|
|
28
|
+
require_paths:
|
|
29
|
+
- lib
|
|
30
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ">="
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '0'
|
|
35
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
requirements: []
|
|
41
|
+
rubyforge_project:
|
|
42
|
+
rubygems_version: 2.6.11
|
|
43
|
+
signing_key:
|
|
44
|
+
specification_version: 4
|
|
45
|
+
summary: SSL connection details.
|
|
46
|
+
test_files: []
|