initial

author: Mitch Riedstra <mitch@riedstra.us> 2021-01-24 10:31:53 -0500
committer: Mitch Riedstra <mitch@riedstra.us> 2021-01-24 10:31:53 -0500
commit: a4554be33914fd7cd77eea3326a747078bbe4c50 (patch)
tree: 5e97506f384344662f9d3e55a6f83f88c76d6217 /cert.go
download: checkup-a4554be33914fd7cd77eea3326a747078bbe4c50.tar.gz
checkup-a4554be33914fd7cd77eea3326a747078bbe4c50.tar.xz
1 files changed, 41 insertions, 0 deletions
diff --git a/cert.go b/cert.go
new file mode 100644
index 0000000..2bf3cde
--- /dev/null
+++ b/cert.go
@@ -0,0 +1,41 @@
+package checkup
+
+import (
+	"bytes"
+	"crypto/tls"
+	"fmt"
+	"time"
+)
+
+func CertExpiresSoon(hostname, port string, window time.Duration) (*tls.Conn, error) {
+	conn, err := tls.Dial("tcp", hostname+":"+port,
+		&tls.Config{ServerName: hostname})
+
+	if err != nil {
+		return conn, err
+	}
+
+	t := time.Now().Add(window)
+
+	cert := conn.ConnectionState().PeerCertificates[0]
+
+	if t.After(cert.NotAfter) {
+		return conn, fmt.Errorf("Cert expires soon: %s ( %d days )",
+			cert.NotAfter, (cert.NotAfter.Unix()-time.Now().Unix())/(60*60*24))
+	}
+
+	return conn, err
+}
+
+func CertInfo(conn *tls.Conn) string {
+	buf := &bytes.Buffer{}
+	cs := conn.ConnectionState()
+	certs := cs.PeerCertificates
+	for _, cert := range certs {
+		fmt.Fprintf(buf, "Permitted: %v\n", cert.DNSNames)
+		fmt.Fprintf(buf, "Permitted: %v\n", cert.PermittedDNSDomains)
+		fmt.Fprintf(buf, "Not before: %v\n", cert.NotBefore)
+		fmt.Fprintf(buf, "Not after: %v\n", cert.NotAfter)
+	}
+	return string(buf.Bytes())
+}
author	Mitch Riedstra <mitch@riedstra.us>	2021-01-24 10:31:53 -0500
committer	Mitch Riedstra <mitch@riedstra.us>	2021-01-24 10:31:53 -0500
commit	a4554be33914fd7cd77eea3326a747078bbe4c50 (patch)
tree	5e97506f384344662f9d3e55a6f83f88c76d6217 /cert.go
download	checkup-a4554be33914fd7cd77eea3326a747078bbe4c50.tar.gz checkup-a4554be33914fd7cd77eea3326a747078bbe4c50.tar.xz