check_certificate_chain 0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/check_certificate_chain +93 -0
- metadata +46 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: cd6c44ce20ed10b6e27ce10f5d4287bb1c0a793b
|
|
4
|
+
data.tar.gz: dbebf17893c6b0684e87b63e211f296061aab82e
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 97ab4b9072b289007394270b85c79464e12fdfe15db9aba8491a625ac8118eb00f25f07bb92e81be89958877746b730337679aa006290f0e0fafd9b136699a8a
|
|
7
|
+
data.tar.gz: 4d69b10d286bcada52e718eb9c2f34b2befa3e58154e2426f0557aee18457e567aed29d47a042c66472b919ff43efc4ac3b1f3ff0fc0658eabc24593bf105768
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
require 'openssl'
|
|
4
|
+
require 'socket'
|
|
5
|
+
require 'uri'
|
|
6
|
+
require 'colorize'
|
|
7
|
+
|
|
8
|
+
module OpenSSL
|
|
9
|
+
module X509
|
|
10
|
+
class Certificate
|
|
11
|
+
def self_signed?
|
|
12
|
+
self.verify self.public_key
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
cert_store = OpenSSL::X509::Store.new
|
|
19
|
+
cert_store.set_default_paths
|
|
20
|
+
|
|
21
|
+
uri = URI(ARGV[0])
|
|
22
|
+
uri = uri.host.nil? ? ARGV[0] : uri.host
|
|
23
|
+
|
|
24
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
|
25
|
+
socket = TCPSocket.new(uri, 443)
|
|
26
|
+
|
|
27
|
+
ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
|
|
28
|
+
ssl.hostname = uri
|
|
29
|
+
|
|
30
|
+
ssl.connect
|
|
31
|
+
|
|
32
|
+
chain = ssl.peer_cert_chain
|
|
33
|
+
puts "---"
|
|
34
|
+
puts "Certificate chain"
|
|
35
|
+
chain.size.times do |index|
|
|
36
|
+
puts " #{index} s:#{chain[index].subject.to_s}"
|
|
37
|
+
puts " i:#{chain[index].issuer.to_s}"
|
|
38
|
+
end
|
|
39
|
+
print "--- "
|
|
40
|
+
if OpenSSL::SSL.verify_certificate_identity(chain[0], uri)
|
|
41
|
+
puts "The hostname (".green + "#{uri}".bold + ") is correctly listed in the certificate".green
|
|
42
|
+
|
|
43
|
+
puts "--- " + "The certificate will expire in ".green +
|
|
44
|
+
"#{((chain[0].not_after - chain[0].not_before).to_i / (24 * 60 * 60)).to_s}".bold + " days.".green
|
|
45
|
+
else
|
|
46
|
+
puts "None of the common names in the certificate match the name that was entered (".red +
|
|
47
|
+
"#{uri}".bold + ").".red
|
|
48
|
+
end
|
|
49
|
+
puts "---"
|
|
50
|
+
|
|
51
|
+
check_chain_status = true
|
|
52
|
+
|
|
53
|
+
chain.each_with_index do |certificate, i|
|
|
54
|
+
subject = certificate.subject.to_s.split("CN=").last
|
|
55
|
+
puts "Common name: ".bold + "#{subject}"
|
|
56
|
+
|
|
57
|
+
sans = certificate.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
|
|
58
|
+
unless sans.nil?
|
|
59
|
+
sans = sans.value.delete('DNS:')
|
|
60
|
+
puts "SANs: ".bold + sans
|
|
61
|
+
end
|
|
62
|
+
puts "Valid ".bold + "#{certificate.not_before.strftime('from %B %d, %Y')} " + "#{certificate.not_after.strftime('to %B %d, %Y')}"
|
|
63
|
+
puts "Serial Number: ".bold + certificate.serial.to_s(16)
|
|
64
|
+
puts "Signature Algorithm: ".bold + certificate.signature_algorithm
|
|
65
|
+
puts "Issuer: ".bold + certificate.issuer.to_s.split("CN=").last
|
|
66
|
+
print "--- "
|
|
67
|
+
|
|
68
|
+
if check_chain_status
|
|
69
|
+
unless chain[i+1].nil?
|
|
70
|
+
if certificate.verify chain[i+1].public_key
|
|
71
|
+
puts "chain ok".yellow
|
|
72
|
+
else
|
|
73
|
+
puts "chain broken".red
|
|
74
|
+
check_chain_status = false
|
|
75
|
+
end
|
|
76
|
+
else
|
|
77
|
+
# Check agains certificate store
|
|
78
|
+
unless certificate.self_signed?
|
|
79
|
+
if cert_store.verify certificate
|
|
80
|
+
puts "checked against os store; chain ok".yellow
|
|
81
|
+
else
|
|
82
|
+
puts "checked against os store; chain broken".red
|
|
83
|
+
chain_check_status = false
|
|
84
|
+
end
|
|
85
|
+
else
|
|
86
|
+
puts "\n"
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
else
|
|
90
|
+
puts "\n"
|
|
91
|
+
end
|
|
92
|
+
# puts "\n" if chain.size == i + 1 || check_chain_status == false
|
|
93
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: check_certificate_chain
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Jora Porcu
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2017-07-19 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: Make a ssl connections. Show certificates details and check certificates
|
|
14
|
+
chain.
|
|
15
|
+
email: jitlogan@gmail.com
|
|
16
|
+
executables:
|
|
17
|
+
- check_certificate_chain
|
|
18
|
+
extensions: []
|
|
19
|
+
extra_rdoc_files: []
|
|
20
|
+
files:
|
|
21
|
+
- bin/check_certificate_chain
|
|
22
|
+
homepage:
|
|
23
|
+
licenses:
|
|
24
|
+
- MIT
|
|
25
|
+
metadata: {}
|
|
26
|
+
post_install_message:
|
|
27
|
+
rdoc_options: []
|
|
28
|
+
require_paths:
|
|
29
|
+
- lib
|
|
30
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ">="
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '0'
|
|
35
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
requirements: []
|
|
41
|
+
rubyforge_project:
|
|
42
|
+
rubygems_version: 2.6.11
|
|
43
|
+
signing_key:
|
|
44
|
+
specification_version: 4
|
|
45
|
+
summary: SSL connection details.
|
|
46
|
+
test_files: []
|