check_certificate_chain 0.0.1 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/check_certificate_chain +52 -42
  3. metadata +6 -20
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fa3257af80b1329e6fa350c5b9b19d07ede6227e
4
- data.tar.gz: 45fe2a3e23743cf5c1a5158819933cdda7225de7
3
+ metadata.gz: 5e249541543f17379be14e497d060101e31454cf
4
+ data.tar.gz: 8d667a7f31a552b209daf3f56ff9df2ffaf648bd
5
5
  SHA512:
6
- metadata.gz: 9d0887987dd83af140c12fc8df88c51796fc32deeabfe6dc64570d01dfd1c1787690107e82955004db8e7adf1ee3fbcc63d39c31138b4e3e54f453f5d1401887
7
- data.tar.gz: bbf48d000136d972822fc836d38748cf13a815f9b98c53b9f78a6a8c4113cbdc2da4627026affb1d4bebabca7ddff9006d8bbf0b72a018aaf4926161b69d9e31
6
+ metadata.gz: 4dd6caf84eca88a2f7c138abac89b37b5a9f445eb2b25994e2a369ec336f8a4f24a2d84588920610e954d24dd80e51a06e80ead15209e2ad5397da6cc2749c90
7
+ data.tar.gz: 3c4ce2be1cd2670102bebe00a3c740f0f07a132738a24d786c74e055624aa85b2ae555981167ea3f7042ac9f9d11a4779120dd4ec2c81d23d6c534f7100556dd
data/bin/check_certificate_chain CHANGED
@@ -1,9 +1,11 @@
1
1
  #!/usr/bin/env ruby
2
2
 
3
+ require 'uri'
3
4
  require 'openssl'
4
5
  require 'socket'
5
- require 'uri'
6
- require 'colorize'
6
+
7
+ uri = URI(ARGV[0])
8
+ uri = uri.host.nil? ? ARGV[0] : uri.host
7
9
 
8
10
  module OpenSSL
9
11
  module X509
@@ -18,10 +20,8 @@ end
18
20
  cert_store = OpenSSL::X509::Store.new
19
21
  cert_store.set_default_paths
20
22
 
21
- uri = URI(ARGV[0])
22
- uri = uri.host.nil? ? ARGV[0] : uri.host
23
-
24
23
  ctx = OpenSSL::SSL::SSLContext.new
24
+
25
25
  socket = TCPSocket.new(uri, 443)
26
26
 
27
27
  ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
@@ -30,64 +30,74 @@ ssl.hostname = uri
30
30
  ssl.connect
31
31
 
32
32
  chain = ssl.peer_cert_chain
33
- puts "---"
34
- puts "Certificate chain"
35
- chain.size.times do |index|
36
- puts " #{index} s:#{chain[index].subject.to_s}"
37
- puts " i:#{chain[index].issuer.to_s}"
38
- end
39
- print "--- "
40
- if OpenSSL::SSL.verify_certificate_identity(chain[0], uri)
41
- puts "The hostname (".green + "#{uri}".bold + ") is correctly listed in the certificate".green
33
+ certificate = chain.first
34
+
35
+ output = {}
36
+ output[:header] = "--- Certificate chain"
37
+ output[:hostname] = ""
38
+ output[:short] = ""
39
+ output[:long] = ""
42
40
 
43
- puts "--- " + "The certificate will expire in ".green +
44
- "#{((chain[0].not_after - chain[0].not_before).to_i / (24 * 60 * 60)).to_s}".bold + " days.".green
41
+ if OpenSSL::SSL.verify_certificate_identity(certificate, uri)
42
+ output[:hostname] << "The hostname #{uri} is correctly listed in the certificate\n"
43
+
44
+ output[:hostname] << "--- The certificate will expire in " +
45
+ ((certificate.not_after - certificate.not_before).to_i / (24 * 60 * 60)).to_s + " days.\n"
45
46
  else
46
- puts "None of the common names in the certificate match the name that was entered (".red +
47
- "#{uri}".bold + ").".red
47
+ output[:hostname] << "None of the common names in the certificate match the name that was enterred " +
48
+ "(#{uri})\n---\n"
48
49
  end
49
- puts "---"
50
50
 
51
51
  check_chain_status = true
52
52
 
53
- chain.each_with_index do |certificate, i|
54
- subject = certificate.subject.to_s.split("CN=").last
55
- puts "Common name: ".bold + "#{subject}"
53
+ chain.each_with_index do |cert, i|
54
+ output[:short] << "#{i} s:#{chain[i].subject.to_s}\n" +
55
+ " i:#{chain[i].issuer.to_s}\n"
56
+
57
+ output[:short] << "---\n" if i.eql?(chain.size - 1)
56
58
 
57
- sans = certificate.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
59
+ subject = cert.subject.to_s.split("CN=").last
60
+ output[:long] << "Common name: #{subject}\n"
61
+
62
+ sans = cert.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
58
63
  unless sans.nil?
59
- sans = sans.value.delete('DNS:')
60
- puts "SANs: ".bold + sans
64
+ sans = sans.value.delete("DNS:")
65
+ output[:long] << "SANs: #{sans}\n"
61
66
  end
62
- puts "Valid ".bold + "#{certificate.not_before.strftime('from %B %d, %Y')} " + "#{certificate.not_after.strftime('to %B %d, %Y')}"
63
- puts "Serial Number: ".bold + certificate.serial.to_s(16)
64
- puts "Signature Algorithm: ".bold + certificate.signature_algorithm
65
- puts "Issuer: ".bold + certificate.issuer.to_s.split("CN=").last
66
- print "--- "
67
+
68
+ output[:long] << "Valid #{cert.not_before.strftime('from %B %d, %Y')} " +
69
+ "#{cert.not_after.strftime('to %B %d, %Y')}\n"
70
+ output[:long] << "Serial Number: #{cert.serial.to_s(16)}\n"
71
+ output[:long] << "Signature Algorithm: #{cert.signature_algorithm}\n"
72
+ output[:long] << "Issuer: #{cert.issuer.to_s.split("CN=").last}\n"
73
+
74
+ output[:long] << "--- "
67
75
 
68
76
  if check_chain_status
69
77
  unless chain[i+1].nil?
70
- if certificate.verify chain[i+1].public_key
71
- puts "chain ok".yellow
78
+ if cert.verify chain[i+1].public_key
79
+ output[:long] << "chain ok\n"
72
80
  else
73
- puts "chain broken".red
81
+ output[:long] << "chain broken\n"
74
82
  check_chain_status = false
75
83
  end
76
84
  else
77
- # Check agains certificate store
78
- unless certificate.self_signed?
79
- if cert_store.verify certificate
80
- puts "checked against os store; chain ok".yellow
85
+ unless cert.self_signed?
86
+ if cert_store.verify cert
87
+ output[:long] << "checked against os store; chain ok\n"
81
88
  else
82
- puts "checked against os store; chain broken".red
83
- chain_check_status = false
89
+ output[:long] << "checked agains os store; chain broken\n"
90
+ check_chain_status = false
84
91
  end
85
92
  else
86
- puts "\n"
93
+ output[:long] << "\n"
87
94
  end
88
95
  end
89
96
  else
90
- puts "\n"
97
+ output[:long] << "\n"
91
98
  end
92
- # puts "\n" if chain.size == i + 1 || check_chain_status == false
93
99
  end
100
+
101
+ puts output[:header]
102
+ puts output[:short]
103
+ puts output[:long]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: check_certificate_chain
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jora Porcu
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-20 00:00:00.000000000 Z
11
+ date: 2017-07-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: openssl
@@ -17,28 +17,14 @@ dependencies:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '2'
20
- type: :runtime
20
+ type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '2'
27
- - !ruby/object:Gem::Dependency
28
- name: colorize
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - "~>"
32
- - !ruby/object:Gem::Version
33
- version: '0'
34
- type: :runtime
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '0'
41
- description: cli tool that dumps https cert chain information and check the chain.
27
+ description: Cli tool to check http connection certificates.
42
28
  email: jitlogan@gmail.com
43
29
  executables:
44
30
  - check_certificate_chain
@@ -66,8 +52,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
66
52
  version: '0'
67
53
  requirements: []
68
54
  rubyforge_project:
69
- rubygems_version: 2.6.12
55
+ rubygems_version: 2.4.5.2
70
56
  signing_key:
71
57
  specification_version: 4
72
- summary: cli tool to check http connection certificates
58
+ summary: Check HTTPS certificates
73
59
  test_files: []