check_certificate_chain 2.1.2 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: e6478165736e8bd911791335f79397d3c95cfab4
-  data.tar.gz: cf224a9090678d4bbdfecc4d20f7aa2190475d57
+SHA256:
+  metadata.gz: 75ea7ed83779b3f53f066ec606710f5f442d793119de9b13b5413bd1e2d8f4c2
+  data.tar.gz: 6f696988b3e1db693ec81472c574b5894469b8e2a713ddb79ed2cd4e0b09569f
 SHA512:
-  metadata.gz: 22612d4dbde4962e02052eae88bc653a5ad3253ebb635fe152b0753a390892e71d54a5cdde3405d47a020822cc7eb735d47fb403a2a9a4a7915d20687fb3020f
-  data.tar.gz: 00f6402d27ad02b78b82336ca648465acfd88cc7263a2f2ff062ee37d8a722e6c200495f1b80df79c50d3a82de39ab867f812dfd0fa57b6085c4abb74f044a82
+  metadata.gz: fd1d34e56248593fe06a4a9ce7ca28fbe2a188d2c52e8eafb48409fc3be25f13db2a03f1533677f56e44d130ef65623d2ffcc9c8be1782b58cc3592cba5d2b09
+  data.tar.gz: a5931720fbf5d9c0710fa49eab07656f7ab71b7aa7f1df519d54e2e603a3f420d2a7e6e60f36e107d0fd6786e9805584014969a8f678db6667b2e8af80090121

data/bin/check_certificate_chain

@@ -4,10 +4,21 @@ require 'openssl'
 require 'uri'
 require 'socket'
 require 'net/http'
+require 'pastel'
 
 hostname = URI(ARGV[0])
 hostname = hostname.host.nil? ? hostname.to_s : hostname.host
 
+pastel = Pastel.new(eachline: "\n")
+
+good = pastel.green.detach
+good_bold = pastel.green.bold.detach
+goody = pastel.bright_green.detach
+goody_bold = pastel.bright_green.bold.detach
+bad = pastel.red.detach
+bad_bold = pastel.red.bold.detach
+warning = pastel.yellow.detach
+
 
 openssl_context = OpenSSL::SSL::SSLContext.new
 
@@ -32,8 +43,7 @@ output = {}
 output[:header] = "---"
 output[:hostname_check] = ""
 output[:date_check] = ""
-output[:short] = []
-output[:long] = []
+output[:data] = []
 output[:issues] = []
 output[:ocsp_check] = []
 
@@ -53,10 +63,10 @@ certificate = chain.first
 
 # Check certificate hostname
 if OpenSSL::SSL.verify_certificate_identity certificate, hostname
-    output[:hostname_check] << "The hostname (#{hostname}) is correctly listed in the certificate."
+    output[:hostname_check] << good["The hostname #{good_bold[hostname]} is correctly listed in the certificate."]
     check_certificate_hostname = true
 else
-    output[:hostname_check] << "None of the common names in the certificate match the name that was entered (#{hostname})."
+    output[:hostname_check] << bad["None of the common names in the certificate match the name that was entered #{bad_bold[hostname]}."]
     check_certificate_hostname = false
 end
 
@@ -70,10 +80,10 @@ def days
 end
 
 if AFTER > NOW
-    output[:date_check] << "Certificate is up to date. (#{days}) days remaining."
+    output[:date_check] << good["Certificate is up to date. #{good_bold[days]} days remaining."]
     not_expired = true
 else
-    output[:date_check] << "Certificate is outdated. This certificate has expired (#{days}) days ago."
+    output[:date_check] << bad["Certificate is outdated. This certificate has expired #{bad_bold[days]} days ago."]
     not_expired = false
 end
 
@@ -117,38 +127,38 @@ if check_certificate_hostname && not_expired && authority_info_access
                 nonce_status = ocsp_request.check_nonce basic
                 case nonce_status
                 when 1
-                    output[:ocsp_check] << "OCSP: nonce is ok."
+                    output[:ocsp_check] << goody["OCSP: nonce is #{goody_bold['ok']}."]
                     nonce_check = true
                 when -1, 2, 3
-                    output[:ocsp_check] << "OCSP: nonce is no supported."
+                    output[:ocsp_check] << warning["OCSP: nonce is not supported."]
                     nonce_check = true
                 when 0
-                    output[:ocsp_check] << "OCSP: nonce check failed."
+                    output[:ocsp_check] << bad["OCSP: nonce check failed."]
                     nonce_check = false
                 end
 
                 if nonce_check
                     ocsp_single_response = basic.find_response(certificate_id)
                     unless ocsp_single_response
-                        output[:ocsp_check] << "OCSP: no response for this certificate"
+                        output[:ocsp_check] << bad["OCSP: no response for this certificate"]
                     end
 
                     unless ocsp_single_response.check_validity
-                        output[:ocsp_check] << "OCSP: time validity failed."
+                        output[:ocsp_check] << bad["OCSP: time validity failed."]
                     end
 
                     case ocsp_single_response.cert_status
                     when 0
-                        output[:ocsp_check] << "OCSP: certificate is ok."
+                        output[:ocsp_check] << goody["OCSP: certificate is #{goody_bold['ok']}."]
                     when 1
-                        output[:ocsp_check] << "OCSP: certificate is revoked."
+                        output[:ocsp_check] << bad["OCSP: certificate is revoked."]
                     when 2
-                        output[:ocsp_check] << "OCSP: certificate status is unknown."
+                        output[:ocsp_check] << warning["OCSP: certificate status is unknown."]
                     end
                 end
             end
         else
-            output[:ocsp_check] << "OCSP: response returned an error. Status of the response is #{ocsp_response.status_string}"
+            output[:ocsp_check] << bad["OCSP: response returned an error. Status of the response is #{ocsp_response.status_string}"]
         end
     end
 end
@@ -161,22 +171,22 @@ root_anchor = chain.find do |certificate|
 end
 
 if root_anchor
-    output[:issues] << "  Certificate chain contains root_anchor. Extra certificate (Which serves no purpose) is increasing the handshake latency."
+    output[:issues] << warning["  Certificate chain contains root_anchor. Extra certificate (Which serves no purpose) is increasing the handshake latency."]
 end
 
 def long_output(chain_certificate, output)
 
-    output[:long] << "Common name: #{chain_certificate.subject.to_s[/CN=(.+)/, 1]}"
+    output[:data] << "Common name: #{chain_certificate.subject.to_s[/CN=(.+)/, 1]}"
     sans = chain_certificate.extensions.find{|extension| extension.oid.eql?("subjectAltName")}
     unless sans.nil?
         sans = sans.value.delete("DSN:")
-        output[:long] << "SANs: #{sans}"
+        output[:data] << "SANs: #{sans}"
     end
-    output[:long] << chain_certificate.not_before.strftime("Valid from %B %-d, %Y ") +
+    output[:data] << chain_certificate.not_before.strftime("Valid from %B %-d, %Y ") +
                      chain_certificate.not_after.strftime("to %B %-d, %Y")
-    output[:long] << "Serial Number: #{chain_certificate.serial.to_s(16).downcase}"
-    output[:long] << "Signature Algorithm: #{chain_certificate.signature_algorithm}"
-    output[:long] << "Issuer: #{chain_certificate.issuer.to_s[/CN=(.+)/, 1]}"
+    output[:data] << "Serial Number: #{chain_certificate.serial.to_s(16).downcase}"
+    output[:data] << "Signature Algorithm: #{chain_certificate.signature_algorithm}"
+    output[:data] << "Issuer: #{chain_certificate.issuer.to_s[/CN=(.+)/, 1]}"
     # output[:long] << "---\n"
 end
 
@@ -186,11 +196,8 @@ chain_check_status = true
 chain_order_status = true
 
 chain.each_with_index do |chain_certificate, index|
-    output[:short] << "#{index} s:#{chain_certificate.subject.to_s}"
-    output[:short] << "  i:#{chain_certificate.issuer.to_s}"
-
     long_output(chain_certificate, output)
-    output[:long] << "---"
+    output[:data] << "---"
 
     if chain_check_status
         check_status = chain.any? do |possible_issuer|
@@ -209,25 +216,23 @@ chain.each_with_index do |chain_certificate, index|
         unless check_status
             if certificate_store.verify chain_certificate
                 long_output(certificate_store.chain.last, output)
-                output[:long] << "---"
+                output[:data] << "---"
             else
                 chain_check_status = false
-                output[:issues] << "  Root certificate is not trusted."
+                output[:issues] << bad["  Root certificate is not trusted."]
             end
         end
     else
         chain_check_status = false
-        output[:issues] << " Chain is broken."
+        output[:issues] << bad[" Chain is broken."]
     end
 end
 
 unless chain_order_status
-    output[:issues] << "  Incorrect chain order."
+    output[:issues] << warning["  Incorrect chain order."]
 end
 
 puts output[:header]
-puts output[:short]
-puts "---\n"
 puts output[:hostname_check]
 puts output[:date_check]
 puts output[:ocsp_check]
@@ -236,4 +241,4 @@ unless output[:issues].empty?
     puts output[:issues]
 end
 puts "---\n"
-puts output[:long]
+puts output[:data]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: check_certificate_chain
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.2.0
 platform: ruby
 authors:
 - Jora Porcu
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-11 00:00:00.000000000 Z
+date: 2018-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: openssl
@@ -24,8 +24,22 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-description: CLI tool to displayh certificate chain and OCSP status
-email: jora@gmail.com
+- !ruby/object:Gem::Dependency
+  name: pastel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: CLI tool to display certificate chain and OCSP status
+email: admin@punani.ru
 executables:
 - check_certificate_chain
 extensions: []
@@ -52,8 +66,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
-summary: CLI tool to check certificate chain
+summary: CLI tool to display certificate chain and OCSP status
 test_files: []