check_certificate_chain 0.0.1 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/check_certificate_chain +52 -42
  3. metadata +6 -20
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fa3257af80b1329e6fa350c5b9b19d07ede6227e
4
- data.tar.gz: 45fe2a3e23743cf5c1a5158819933cdda7225de7
3
+ metadata.gz: 5e249541543f17379be14e497d060101e31454cf
4
+ data.tar.gz: 8d667a7f31a552b209daf3f56ff9df2ffaf648bd
5
5
  SHA512:
6
- metadata.gz: 9d0887987dd83af140c12fc8df88c51796fc32deeabfe6dc64570d01dfd1c1787690107e82955004db8e7adf1ee3fbcc63d39c31138b4e3e54f453f5d1401887
7
- data.tar.gz: bbf48d000136d972822fc836d38748cf13a815f9b98c53b9f78a6a8c4113cbdc2da4627026affb1d4bebabca7ddff9006d8bbf0b72a018aaf4926161b69d9e31
6
+ metadata.gz: 4dd6caf84eca88a2f7c138abac89b37b5a9f445eb2b25994e2a369ec336f8a4f24a2d84588920610e954d24dd80e51a06e80ead15209e2ad5397da6cc2749c90
7
+ data.tar.gz: 3c4ce2be1cd2670102bebe00a3c740f0f07a132738a24d786c74e055624aa85b2ae555981167ea3f7042ac9f9d11a4779120dd4ec2c81d23d6c534f7100556dd
data/bin/check_certificate_chain CHANGED
@@ -1,9 +1,11 @@
1
1
  #!/usr/bin/env ruby
2
2
 
3
+ require 'uri'
3
4
  require 'openssl'
4
5
  require 'socket'
5
- require 'uri'
6
- require 'colorize'
6
+
7
+ uri = URI(ARGV[0])
8
+ uri = uri.host.nil? ? ARGV[0] : uri.host
7
9
 
8
10
  module OpenSSL
9
11
  module X509
@@ -18,10 +20,8 @@ end
18
20
  cert_store = OpenSSL::X509::Store.new
19
21
  cert_store.set_default_paths
20
22
 
21
- uri = URI(ARGV[0])
22
- uri = uri.host.nil? ? ARGV[0] : uri.host
23
-
24
23
  ctx = OpenSSL::SSL::SSLContext.new
24
+
25
25
  socket = TCPSocket.new(uri, 443)
26
26
 
27
27
  ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
@@ -30,64 +30,74 @@ ssl.hostname = uri
30
30
  ssl.connect
31
31
 
32
32
  chain = ssl.peer_cert_chain
33
- puts "---"
34
- puts "Certificate chain"
35
- chain.size.times do |index|
36
- puts " #{index} s:#{chain[index].subject.to_s}"
37
- puts " i:#{chain[index].issuer.to_s}"
38
- end
39
- print "--- "
40
- if OpenSSL::SSL.verify_certificate_identity(chain[0], uri)
41
- puts "The hostname (".green + "#{uri}".bold + ") is correctly listed in the certificate".green
33
+ certificate = chain.first
34
+
35
+ output = {}
36
+ output[:header] = "--- Certificate chain"
37
+ output[:hostname] = ""
38
+ output[:short] = ""
39
+ output[:long] = ""
42
40
 
43
- puts "--- " + "The certificate will expire in ".green +
44
- "#{((chain[0].not_after - chain[0].not_before).to_i / (24 * 60 * 60)).to_s}".bold + " days.".green
41
+ if OpenSSL::SSL.verify_certificate_identity(certificate, uri)
42
+ output[:hostname] << "The hostname #{uri} is correctly listed in the certificate\n"
43
+
44
+ output[:hostname] << "--- The certificate will expire in " +
45
+ ((certificate.not_after - certificate.not_before).to_i / (24 * 60 * 60)).to_s + " days.\n"
45
46
  else
46
- puts "None of the common names in the certificate match the name that was entered (".red +
47
- "#{uri}".bold + ").".red
47
+ output[:hostname] << "None of the common names in the certificate match the name that was enterred " +
48
+ "(#{uri})\n---\n"
48
49
  end
49
- puts "---"
50
50
 
51
51
  check_chain_status = true
52
52
 
53
- chain.each_with_index do |certificate, i|
54
- subject = certificate.subject.to_s.split("CN=").last
55
- puts "Common name: ".bold + "#{subject}"
53
+ chain.each_with_index do |cert, i|
54
+ output[:short] << "#{i} s:#{chain[i].subject.to_s}\n" +
55
+ " i:#{chain[i].issuer.to_s}\n"
56
+
57
+ output[:short] << "---\n" if i.eql?(chain.size - 1)
56
58
 
57
- sans = certificate.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
59
+ subject = cert.subject.to_s.split("CN=").last
60
+ output[:long] << "Common name: #{subject}\n"
61
+
62
+ sans = cert.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
58
63
  unless sans.nil?
59
- sans = sans.value.delete('DNS:')
60
- puts "SANs: ".bold + sans
64
+ sans = sans.value.delete("DNS:")
65
+ output[:long] << "SANs: #{sans}\n"
61
66
  end
62
- puts "Valid ".bold + "#{certificate.not_before.strftime('from %B %d, %Y')} " + "#{certificate.not_after.strftime('to %B %d, %Y')}"
63
- puts "Serial Number: ".bold + certificate.serial.to_s(16)
64
- puts "Signature Algorithm: ".bold + certificate.signature_algorithm
65
- puts "Issuer: ".bold + certificate.issuer.to_s.split("CN=").last
66
- print "--- "
67
+
68
+ output[:long] << "Valid #{cert.not_before.strftime('from %B %d, %Y')} " +
69
+ "#{cert.not_after.strftime('to %B %d, %Y')}\n"
70
+ output[:long] << "Serial Number: #{cert.serial.to_s(16)}\n"
71
+ output[:long] << "Signature Algorithm: #{cert.signature_algorithm}\n"
72
+ output[:long] << "Issuer: #{cert.issuer.to_s.split("CN=").last}\n"
73
+
74
+ output[:long] << "--- "
67
75
 
68
76
  if check_chain_status
69
77
  unless chain[i+1].nil?
70
- if certificate.verify chain[i+1].public_key
71
- puts "chain ok".yellow
78
+ if cert.verify chain[i+1].public_key
79
+ output[:long] << "chain ok\n"
72
80
  else
73
- puts "chain broken".red
81
+ output[:long] << "chain broken\n"
74
82
  check_chain_status = false
75
83
  end
76
84
  else
77
- # Check agains certificate store
78
- unless certificate.self_signed?
79
- if cert_store.verify certificate
80
- puts "checked against os store; chain ok".yellow
85
+ unless cert.self_signed?
86
+ if cert_store.verify cert
87
+ output[:long] << "checked against os store; chain ok\n"
81
88
  else
82
- puts "checked against os store; chain broken".red
83
- chain_check_status = false
89
+ output[:long] << "checked agains os store; chain broken\n"
90
+ check_chain_status = false
84
91
  end
85
92
  else
86
- puts "\n"
93
+ output[:long] << "\n"
87
94
  end
88
95
  end
89
96
  else
90
- puts "\n"
97
+ output[:long] << "\n"
91
98
  end
92
- # puts "\n" if chain.size == i + 1 || check_chain_status == false
93
99
  end
100
+
101
+ puts output[:header]
102
+ puts output[:short]
103
+ puts output[:long]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: check_certificate_chain
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jora Porcu
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-20 00:00:00.000000000 Z
11
+ date: 2017-07-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: openssl
@@ -17,28 +17,14 @@ dependencies:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '2'
20
- type: :runtime
20
+ type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '2'
27
- - !ruby/object:Gem::Dependency
28
- name: colorize
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - "~>"
32
- - !ruby/object:Gem::Version
33
- version: '0'
34
- type: :runtime
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '0'
41
- description: cli tool that dumps https cert chain information and check the chain.
27
+ description: Cli tool to check http connection certificates.
42
28
  email: jitlogan@gmail.com
43
29
  executables:
44
30
  - check_certificate_chain
@@ -66,8 +52,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
66
52
  version: '0'
67
53
  requirements: []
68
54
  rubyforge_project:
69
- rubygems_version: 2.6.12
55
+ rubygems_version: 2.4.5.2
70
56
  signing_key:
71
57
  specification_version: 4
72
- summary: cli tool to check http connection certificates
58
+ summary: Check HTTPS certificates
73
59
  test_files: []