check_certificate_chain 1.0.2 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/check_certificate_chain +47 -17
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eb156e21479cd1b22d66643549361b29421382ed
|
|
4
|
+
data.tar.gz: 8fef1079f1cb3520d0d6efa016f3bfaf443418f5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc46742aaabe807fd67cc8a1add4a1e953abea2c55f859629e4017da63c53f0930b06bf3a79d354eed62a6296f9262a53a0908f31490569d1e166da76766afd0
|
|
7
|
+
data.tar.gz: '04635799b793319f72cc9960fbc74216952abfcfaaf1efc0311e1d5c050a532d00d6832ad1d61b1b3ae320e0594c34ca7ec61d8923650cb1cdc047fd8e257db0'
|
data/bin/check_certificate_chain
CHANGED
|
@@ -7,6 +7,20 @@ require 'socket'
|
|
|
7
7
|
uri = URI(ARGV[0])
|
|
8
8
|
uri = uri.host.nil? ? ARGV[0] : uri.host
|
|
9
9
|
|
|
10
|
+
class String
|
|
11
|
+
def red
|
|
12
|
+
"\e[0;31;49m#{self}\e[0m"
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def green
|
|
16
|
+
"\e[0;32;49m#{self}\e[0m"
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def bold
|
|
20
|
+
"\e[1;39;49m#{self}\e[0m"
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
10
24
|
module OpenSSL
|
|
11
25
|
module X509
|
|
12
26
|
class Certificate
|
|
@@ -33,19 +47,34 @@ chain = ssl.peer_cert_chain
|
|
|
33
47
|
certificate = chain.first
|
|
34
48
|
|
|
35
49
|
output = {}
|
|
36
|
-
output[:header] = "--- Certificate chain"
|
|
50
|
+
output[:header] = "--- " + "Certificate chain".bold
|
|
51
|
+
output[:date] = ""
|
|
37
52
|
output[:hostname] = ""
|
|
38
53
|
output[:short] = ""
|
|
39
54
|
output[:long] = ""
|
|
40
55
|
|
|
41
|
-
|
|
42
|
-
|
|
56
|
+
NOW = Time.new
|
|
57
|
+
BEFORE = certificate.not_before
|
|
58
|
+
AFTER = certificate.not_after
|
|
59
|
+
|
|
60
|
+
def days
|
|
61
|
+
((AFTER - NOW).to_i.abs / 86400).to_s
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
if AFTER > NOW
|
|
65
|
+
output[:date] = "Certificate is up to date. (".green + days.bold +
|
|
66
|
+
") days remaining.".green + "\n---\n"
|
|
67
|
+
else
|
|
68
|
+
output[:date] = "Certificate is outdated. This certificate has expired (".red +
|
|
69
|
+
days.bold + ") days ago".red + "\n---\n"
|
|
70
|
+
end
|
|
43
71
|
|
|
44
|
-
|
|
45
|
-
|
|
72
|
+
if OpenSSL::SSL.verify_certificate_identity(certificate, uri)
|
|
73
|
+
output[:hostname] << "The hostname (".green + uri.bold +
|
|
74
|
+
") is correctly listed in the certificate.".green
|
|
46
75
|
else
|
|
47
|
-
output[:hostname] << "None of the common names in the certificate match the name that was
|
|
48
|
-
|
|
76
|
+
output[:hostname] << "None of the common names in the certificate match the name that was entered (".red +
|
|
77
|
+
uri.bold + ")".red
|
|
49
78
|
end
|
|
50
79
|
|
|
51
80
|
check_chain_status = true
|
|
@@ -57,36 +86,36 @@ chain.each_with_index do |cert, i|
|
|
|
57
86
|
output[:short] << "---\n" if i.eql?(chain.size - 1)
|
|
58
87
|
|
|
59
88
|
subject = cert.subject.to_s.split("CN=").last
|
|
60
|
-
output[:long] << "Common name: #{subject}\n"
|
|
89
|
+
output[:long] << "Common name:".bold + " #{subject}\n"
|
|
61
90
|
|
|
62
91
|
sans = cert.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
|
|
63
92
|
unless sans.nil?
|
|
64
93
|
sans = sans.value.delete("DNS:")
|
|
65
|
-
output[:long] << "SANs: #{sans}\n"
|
|
94
|
+
output[:long] << "SANs:".bold + " #{sans}\n"
|
|
66
95
|
end
|
|
67
96
|
|
|
68
|
-
output[:long] << "Valid #{cert.not_before.strftime('from %B %d, %Y')} " +
|
|
97
|
+
output[:long] << "Valid".bold + " #{cert.not_before.strftime('from %B %d, %Y')} " +
|
|
69
98
|
"#{cert.not_after.strftime('to %B %d, %Y')}\n"
|
|
70
|
-
output[:long] << "Serial Number: #{cert.serial.to_s(16)}\n"
|
|
71
|
-
output[:long] << "Signature Algorithm: #{cert.signature_algorithm}\n"
|
|
72
|
-
output[:long] << "Issuer: #{cert.issuer.to_s.split("CN=").last}\n"
|
|
99
|
+
output[:long] << "Serial Number:".bold + " #{cert.serial.to_s(16)}\n"
|
|
100
|
+
output[:long] << "Signature Algorithm:".bold + " #{cert.signature_algorithm}\n"
|
|
101
|
+
output[:long] << "Issuer:".bold + " #{cert.issuer.to_s.split("CN=").last}\n"
|
|
73
102
|
|
|
74
103
|
output[:long] << "--- "
|
|
75
104
|
|
|
76
105
|
if check_chain_status
|
|
77
106
|
unless chain[i+1].nil?
|
|
78
107
|
if cert.verify chain[i+1].public_key
|
|
79
|
-
output[:long] << "chain ok\n"
|
|
108
|
+
output[:long] << "chain ok\n".green
|
|
80
109
|
else
|
|
81
|
-
output[:long] << "chain broken\n"
|
|
110
|
+
output[:long] << "chain broken\n".red
|
|
82
111
|
check_chain_status = false
|
|
83
112
|
end
|
|
84
113
|
else
|
|
85
114
|
unless cert.self_signed?
|
|
86
115
|
if cert_store.verify cert
|
|
87
|
-
output[:long] << "checked against os store; chain ok\n"
|
|
116
|
+
output[:long] << "checked against os store; chain ok\n".green
|
|
88
117
|
else
|
|
89
|
-
output[:long] << "checked agains os store; chain broken\n"
|
|
118
|
+
output[:long] << "checked agains os store; chain broken\n".red
|
|
90
119
|
check_chain_status = false
|
|
91
120
|
end
|
|
92
121
|
else
|
|
@@ -101,4 +130,5 @@ end
|
|
|
101
130
|
puts output[:header]
|
|
102
131
|
puts output[:short]
|
|
103
132
|
puts output[:hostname]
|
|
133
|
+
puts output[:date]
|
|
104
134
|
puts output[:long]
|