luzifer/promcertcheck
1
0
Fork 0
mirror of https://github.com/Luzifer/promcertcheck.git synced 2024-09-19 09:22:57 +00:00
Code Issues Releases Wiki Activity

Minor refactorings

Browse Source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2017-11-05 17:38:33 +01:00
parent f33bab0447
commit 1a6262c51f
Signed by: luzifer
GPG Key ID: DC2729FDD34BE99E
3 changed files with 36 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -10,7 +10,8 @@ test:
--probe="https://gobuilder.me/" \ --probe="https://gobuilder.me/" \
--probe="https://pwd.luzifer.io/" \ --probe="https://pwd.luzifer.io/" \
--probe="https://www.itpad.de/" \ --probe="https://www.itpad.de/" \
--probe="https://mondash.org/" --probe="https://mondash.org/" \
--log-level debug
container: container:
docker build -t luzifer/promcertcheck . docker build -t luzifer/promcertcheck .

4
cert.go
View File

@ -26,7 +26,7 @@ func (p probeResult) String() string {
case certificateOK: case certificateOK:
return "Certificate OK" return "Certificate OK"
case certificateExpiresSoon: case certificateExpiresSoon:
return fmt.Sprintf("Certificate expires within %s", config.ExpireWarning) return fmt.Sprintf("Certificate expires within %s", cfg.ExpireWarning)
case certificateInvalid: case certificateInvalid:
return "Certificate invalid / intermediate certificates not present" return "Certificate invalid / intermediate certificates not present"
case certificateNotFound: case certificateNotFound:
@ -91,7 +91,7 @@ func checkCertificate(probeURL *url.URL) (probeResult, *x509.Certificate) {
return certificateInvalid, verifyCert return certificateInvalid, verifyCert
} }
if verifyCert.NotAfter.Sub(time.Now()) < config.ExpireWarning { if verifyCert.NotAfter.Sub(time.Now()) < cfg.ExpireWarning {
checkLogger.Debug("Certificate expires soon") checkLogger.Debug("Certificate expires soon")
return certificateExpiresSoon, verifyCert return certificateExpiresSoon, verifyCert
} }

50
main.go
View File

@ -21,13 +21,13 @@ import (
) )
var ( var (
config = struct { cfg struct {
Debug bool `flag:"debug" default:"false" description:"Output debugging data"`
ExpireWarning time.Duration `flag:"expire-warning" default:"744h" description:"When to warn about a soon expiring certificate"` ExpireWarning time.Duration `flag:"expire-warning" default:"744h" description:"When to warn about a soon expiring certificate"`
RootsDir string `flag:"roots-dir" default:"" description:"Directory to load custom RootCA certs from to be trusted (*.pem)"` RootsDir string `flag:"roots-dir" default:"" description:"Directory to load custom RootCA certs from to be trusted (*.pem)"`
LogLevel string `flag:"log-level" default:"info" description:"Verbosity of logs to use (debug, info, warning, error, ...)"` LogLevel string `flag:"log-level" default:"info" description:"Verbosity of logs to use (debug, info, warning, error, ...)"`
Probes []string `flag:"probe" default:"" description:"URLs to check for certificate issues"` Probes []string `flag:"probe" default:"" description:"URLs to check for certificate issues"`
}{} VersionAndExit bool `flag:"version" default:"false" description:"Print program version and exit"`
}
version = "dev" version = "dev"
@ -45,11 +45,16 @@ type probeMonitor struct {
} }
func init() { func init() {
if err := rconfig.Parse(&config); err != nil { if err := rconfig.Parse(&cfg); err != nil {
log.Fatalf("Unable to parse CLI parameters: %s", err) log.Fatalf("Unable to parse CLI parameters: %s", err)
} }
if logLevel, err := log.ParseLevel(config.LogLevel); err == nil { if cfg.VersionAndExit {
fmt.Printf("promcertcheck %s\n", version)
os.Exit(0)
}
if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
log.SetLevel(logLevel) log.SetLevel(logLevel)
} else { } else {
log.Fatalf("Unable to parse log level: %s", err) log.Fatalf("Unable to parse log level: %s", err)
@ -91,12 +96,12 @@ func main() {
} }
func loadAdditionalRootCAPool() error { func loadAdditionalRootCAPool() error {
if config.RootsDir == "" { if cfg.RootsDir == "" {
// Nothing specified, not loading anything but sys certs // Nothing specified, not loading anything but sys certs
return nil return nil
} }
return filepath.Walk(config.RootsDir, func(path string, info os.FileInfo, err error) error { return filepath.Walk(cfg.RootsDir, func(path string, info os.FileInfo, err error) error {
if err != nil { if err != nil {
return err return err
} }
@ -122,7 +127,7 @@ func loadAdditionalRootCAPool() error {
} }
func registerProbes() { func registerProbes() {
for _, probe := range config.Probes { for _, probe := range cfg.Probes {
probeURL, _ := url.Parse(probe) probeURL, _ := url.Parse(probe)
monitors := &probeMonitor{} monitors := &probeMonitor{}
@ -149,26 +154,25 @@ func registerProbes() {
} }
func refreshCertificateStatus() { func refreshCertificateStatus() {
for _, probe := range config.Probes { for _, probe := range cfg.Probes {
probeURL, _ := url.Parse(probe) probeURL, _ := url.Parse(probe)
verificationResult, verifyCert := checkCertificate(probeURL) verificationResult, verifyCert := checkCertificate(probeURL)
if config.Debug { probeLog := log.WithFields(log.Fields{
fmt.Printf("---\nProbe: %s\nResult: %s\n", "host": probeURL.Host,
probeURL.Host, "result": verificationResult,
verificationResult, })
)
if verifyCert != nil { if verifyCert != nil {
fmt.Printf("Version: %d\nSerial: %d\nSubject: %s\nExpires: %s\nIssuer: %s\nAlt Names: %s\n", probeLog = probeLog.WithFields(log.Fields{
verifyCert.Version, "version": verifyCert.Version,
verifyCert.SerialNumber, "serial": verifyCert.SerialNumber,
verifyCert.Subject.CommonName, "subject": verifyCert.Subject.CommonName,
verifyCert.NotAfter, "expires": verifyCert.NotAfter,
verifyCert.Issuer.CommonName, "issuer": verifyCert.Issuer.CommonName,
strings.Join(verifyCert.DNSNames, ", "), "alt_names": strings.Join(verifyCert.DNSNames, ", "),
) })
}
} }
probeLog.Debug("Probe finished")
if verifyCert != nil { if verifyCert != nil {
probeMonitors[probeURL.Host].Expires.Set(float64(verifyCert.NotAfter.UTC().Unix())) probeMonitors[probeURL.Host].Expires.Set(float64(verifyCert.NotAfter.UTC().Unix()))