diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2019-10-08 21:05:19 +0300 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2019-10-08 21:05:19 +0300 |
| commit | 10e75a2790e7b36095c2f0a4a2ae529b0af59d82 (patch) | |
| tree | 8ca90a4f6fa3e1de0a94fe2c1c3c3331dd524649 | |
| parent | 4852ae36c0491eccdadd857aab44934f1017c6f5 (diff) | |
| download | certmon-10e75a2790e7b36095c2f0a4a2ae529b0af59d82.tar.gz certmon-10e75a2790e7b36095c2f0a4a2ae529b0af59d82.tar.bz2 | |
Check one host per invocation
| -rw-r--r-- | certwatch.go | 112 |
1 files changed, 49 insertions, 63 deletions
diff --git a/certwatch.go b/certwatch.go index e75d09e..188de0c 100644 --- a/certwatch.go +++ b/certwatch.go @@ -26,3 +26,2 @@ var statusString = []string{StatusOK: `OK`, type CertResult struct { - Address string Subject string @@ -34,2 +33,3 @@ type CertResult struct { type CertResultList struct { + Address string Status int @@ -38,33 +38,9 @@ type CertResultList struct { -// The cnmap interface -type cnmap map[string]bool - -func (mp *cnmap) Set(value string) error { - if *mp == nil { - *mp = make(map[string]bool) - } - for _, cn := range strings.Split(value, ",") { - (*mp)[cn] = true - } - return nil -} - -func (mp *cnmap) String() string { - var a []string - for k := range *mp { - a = append(a, k) - } - return strings.Join(a, `,`) -} - -func (mp cnmap) Selected(cert *x509.Certificate) bool { - if mp == nil { +func CertMatch(cert *x509.Certificate, cn string) bool { + if cn == `` || cert.Subject.CommonName == cn { return true } - if v, p := mp[cert.Subject.CommonName]; p { - return v - } for _, name := range cert.DNSNames { - if v, p := mp[name]; p { - return v + if cn == name { + return true } @@ -79,3 +55,2 @@ var verboseOption bool var helpOption bool -var selectCN cnmap var host string @@ -88,3 +63,2 @@ func init() { flag.BoolVar(&helpOption, `h`, false, `show help summary`) - flag.Var(&selectCN, `s`, `comma-separated list of allowed CNs`) flag.StringVar(&host, `H`, ``, `host name`) @@ -95,3 +69,3 @@ func init() { fmt.Fprintf(flag.CommandLine.Output(), - "Usage: %s [OPTIONS] [HOST...]\n", + "Usage: %s [OPTIONS] [CN...]\n", os.Args[0]) @@ -109,11 +83,15 @@ func main() { } - - res := CertResultList{Status: StatusOK} - - if host != `` { - res.Check(host) + if host == `` { + fmt.Fprintf(os.Stderr, "-H option is mandatory\n") + flag.Usage() + os.Exit(2) } - - for _, arg := range flag.Args() { - res.Check(arg) + + res := CertResultList{Address: host, Status: StatusOK} + if len(flag.Args()) > 0 { + for _, cn := range flag.Args() { + res.Check(cn) + } + } else { + res.Check(``) } @@ -123,12 +101,7 @@ func main() { -var conf = &tls.Config { - InsecureSkipVerify: true, -} - func (res CertResult) FormatHR() { if res.Status == StatusUnknown { - fmt.Printf("%s - %s;", res.Address, res.Error) + fmt.Printf("%s - %s;", res.Subject, res.Error) } else { - fmt.Printf("%s[%s] TTL %s;", - res.Address, res.Subject, res.Ttl.String()) + fmt.Printf("%s TTL %s;", res.Subject, res.Ttl.String()) } @@ -146,3 +119,3 @@ func (rl CertResultList) Format() { //'label'=value[UOM];[warn];[crit];[min];[max] - fmt.Printf("%s - ", statusString[rl.Status]) + fmt.Printf("%s - %s ", statusString[rl.Status], rl.Address) rl.Result[0].FormatHR() @@ -172,3 +145,4 @@ func (rl *CertResultList) Append(res CertResult) { -func (rl *CertResultList) Check(addr string) { +func (rl *CertResultList) Check(cn string) { + addr := rl.Address; a := strings.Split(addr, `:`) @@ -180,4 +154,3 @@ func (rl *CertResultList) Check(addr string) { default: - rl.Append(CertResult{Address: addr, - Status: StatusUnknown, + rl.Append(CertResult{Status: StatusUnknown, Error: `bad address`}) @@ -186,5 +159,12 @@ func (rl *CertResultList) Check(addr string) { + conf := &tls.Config { + InsecureSkipVerify: true, + ServerName: cn, + } + conn, err := tls.Dial("tcp", addr, conf) if err != nil { - rl.Append(CertResult{Address: addr, Status: StatusUnknown, Error: err.Error()}) + rl.Append(CertResult{Subject: cn, + Status: StatusUnknown, + Error: err.Error()}) return @@ -199,15 +179,9 @@ func (rl *CertResultList) Check(addr string) { } - if !selectCN.Selected(cert) { - continue + if cn == `` { + cn = cert.Subject.CommonName } - if (verboseOption) { - fmt.Printf("Host: %s\n", addr) - fmt.Printf("CN: %s\n", cert.Subject.CommonName) - fmt.Printf("DNS: %s\n", strings.Join(cert.DNSNames, `,`)) - fmt.Printf("Expires: %s\n", cert.NotAfter.String()) - fmt.Println() + if !CertMatch(cert, cn) { + continue } - res := CertResult{Address: addr, - Subject: cert.Subject.CommonName, - Status: StatusOK} + res := CertResult{Subject: cn, Status: StatusOK} res.Ttl = time.Until(cert.NotAfter) @@ -219,3 +193,15 @@ func (rl *CertResultList) Check(addr string) { rl.Append(res) + if (verboseOption) { + fmt.Printf("Host: %s\n", addr) + fmt.Printf("CN: %s\n", cert.Subject.CommonName) + fmt.Printf("DNS: %s\n", strings.Join(cert.DNSNames, `,`)) + fmt.Printf("Expires: %s\n", cert.NotAfter.String()) + fmt.Printf("Status: %s\n", statusString[res.Status]) + fmt.Println() + } + return } + rl.Append(CertResult{Status: StatusUnknown, + Subject: cn, + Error: `No such CN`}) } |