check_certificate_chain 1.0.2 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/check_certificate_chain +47 -17
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eb156e21479cd1b22d66643549361b29421382ed
|
4
|
+
data.tar.gz: 8fef1079f1cb3520d0d6efa016f3bfaf443418f5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bc46742aaabe807fd67cc8a1add4a1e953abea2c55f859629e4017da63c53f0930b06bf3a79d354eed62a6296f9262a53a0908f31490569d1e166da76766afd0
|
7
|
+
data.tar.gz: '04635799b793319f72cc9960fbc74216952abfcfaaf1efc0311e1d5c050a532d00d6832ad1d61b1b3ae320e0594c34ca7ec61d8923650cb1cdc047fd8e257db0'
|
data/bin/check_certificate_chain
CHANGED
@@ -7,6 +7,20 @@ require 'socket'
|
|
7
7
|
uri = URI(ARGV[0])
|
8
8
|
uri = uri.host.nil? ? ARGV[0] : uri.host
|
9
9
|
|
10
|
+
class String
|
11
|
+
def red
|
12
|
+
"\e[0;31;49m#{self}\e[0m"
|
13
|
+
end
|
14
|
+
|
15
|
+
def green
|
16
|
+
"\e[0;32;49m#{self}\e[0m"
|
17
|
+
end
|
18
|
+
|
19
|
+
def bold
|
20
|
+
"\e[1;39;49m#{self}\e[0m"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
10
24
|
module OpenSSL
|
11
25
|
module X509
|
12
26
|
class Certificate
|
@@ -33,19 +47,34 @@ chain = ssl.peer_cert_chain
|
|
33
47
|
certificate = chain.first
|
34
48
|
|
35
49
|
output = {}
|
36
|
-
output[:header] = "--- Certificate chain"
|
50
|
+
output[:header] = "--- " + "Certificate chain".bold
|
51
|
+
output[:date] = ""
|
37
52
|
output[:hostname] = ""
|
38
53
|
output[:short] = ""
|
39
54
|
output[:long] = ""
|
40
55
|
|
41
|
-
|
42
|
-
|
56
|
+
NOW = Time.new
|
57
|
+
BEFORE = certificate.not_before
|
58
|
+
AFTER = certificate.not_after
|
59
|
+
|
60
|
+
def days
|
61
|
+
((AFTER - NOW).to_i.abs / 86400).to_s
|
62
|
+
end
|
63
|
+
|
64
|
+
if AFTER > NOW
|
65
|
+
output[:date] = "Certificate is up to date. (".green + days.bold +
|
66
|
+
") days remaining.".green + "\n---\n"
|
67
|
+
else
|
68
|
+
output[:date] = "Certificate is outdated. This certificate has expired (".red +
|
69
|
+
days.bold + ") days ago".red + "\n---\n"
|
70
|
+
end
|
43
71
|
|
44
|
-
|
45
|
-
|
72
|
+
if OpenSSL::SSL.verify_certificate_identity(certificate, uri)
|
73
|
+
output[:hostname] << "The hostname (".green + uri.bold +
|
74
|
+
") is correctly listed in the certificate.".green
|
46
75
|
else
|
47
|
-
output[:hostname] << "None of the common names in the certificate match the name that was
|
48
|
-
|
76
|
+
output[:hostname] << "None of the common names in the certificate match the name that was entered (".red +
|
77
|
+
uri.bold + ")".red
|
49
78
|
end
|
50
79
|
|
51
80
|
check_chain_status = true
|
@@ -57,36 +86,36 @@ chain.each_with_index do |cert, i|
|
|
57
86
|
output[:short] << "---\n" if i.eql?(chain.size - 1)
|
58
87
|
|
59
88
|
subject = cert.subject.to_s.split("CN=").last
|
60
|
-
output[:long] << "Common name: #{subject}\n"
|
89
|
+
output[:long] << "Common name:".bold + " #{subject}\n"
|
61
90
|
|
62
91
|
sans = cert.extensions.find {|ext| ext.oid.eql?("subjectAltName")}
|
63
92
|
unless sans.nil?
|
64
93
|
sans = sans.value.delete("DNS:")
|
65
|
-
output[:long] << "SANs: #{sans}\n"
|
94
|
+
output[:long] << "SANs:".bold + " #{sans}\n"
|
66
95
|
end
|
67
96
|
|
68
|
-
output[:long] << "Valid #{cert.not_before.strftime('from %B %d, %Y')} " +
|
97
|
+
output[:long] << "Valid".bold + " #{cert.not_before.strftime('from %B %d, %Y')} " +
|
69
98
|
"#{cert.not_after.strftime('to %B %d, %Y')}\n"
|
70
|
-
output[:long] << "Serial Number: #{cert.serial.to_s(16)}\n"
|
71
|
-
output[:long] << "Signature Algorithm: #{cert.signature_algorithm}\n"
|
72
|
-
output[:long] << "Issuer: #{cert.issuer.to_s.split("CN=").last}\n"
|
99
|
+
output[:long] << "Serial Number:".bold + " #{cert.serial.to_s(16)}\n"
|
100
|
+
output[:long] << "Signature Algorithm:".bold + " #{cert.signature_algorithm}\n"
|
101
|
+
output[:long] << "Issuer:".bold + " #{cert.issuer.to_s.split("CN=").last}\n"
|
73
102
|
|
74
103
|
output[:long] << "--- "
|
75
104
|
|
76
105
|
if check_chain_status
|
77
106
|
unless chain[i+1].nil?
|
78
107
|
if cert.verify chain[i+1].public_key
|
79
|
-
output[:long] << "chain ok\n"
|
108
|
+
output[:long] << "chain ok\n".green
|
80
109
|
else
|
81
|
-
output[:long] << "chain broken\n"
|
110
|
+
output[:long] << "chain broken\n".red
|
82
111
|
check_chain_status = false
|
83
112
|
end
|
84
113
|
else
|
85
114
|
unless cert.self_signed?
|
86
115
|
if cert_store.verify cert
|
87
|
-
output[:long] << "checked against os store; chain ok\n"
|
116
|
+
output[:long] << "checked against os store; chain ok\n".green
|
88
117
|
else
|
89
|
-
output[:long] << "checked agains os store; chain broken\n"
|
118
|
+
output[:long] << "checked agains os store; chain broken\n".red
|
90
119
|
check_chain_status = false
|
91
120
|
end
|
92
121
|
else
|
@@ -101,4 +130,5 @@ end
|
|
101
130
|
puts output[:header]
|
102
131
|
puts output[:short]
|
103
132
|
puts output[:hostname]
|
133
|
+
puts output[:date]
|
104
134
|
puts output[:long]
|