class Object

Constants

AFTER
BEFORE
NOW

Check certificate expiration date

Public Instance Methods

days() click to toggle source
# File bin/check_certificate_chain, line 135
def days
    ((AFTER - NOW).to_i.abs / 86400).to_s
end
is_root?(certificate) click to toggle source
# File bin/check_certificate_chain, line 99
def is_root?(certificate)
    self_signed = certificate.exceptionless_verify certificate.public_key

    basic_constraints = certificate.extensions.find do |extension|
        extension.oid.eql?("basicConstraints")
    end
    return false if basic_constraints.nil?
    ca, value = basic_constraints.value.split(":")
    is_ca = ca.eql?("CA") && value.eql?("TRUE")

    self_signed && is_ca
end
long_output(chain_certificate, output) click to toggle source
# File bin/check_certificate_chain, line 234
def long_output(chain_certificate, output)

    output[:data] << "Common name: #{chain_certificate.subject.to_s[/CN=(.+)/, 1]}"
    sans = chain_certificate.extensions.find{|extension| extension.oid.eql?("subjectAltName")}
    unless sans.nil?
        sans = sans.value.delete("DSN:")
        output[:data] << "SANs: #{sans}"
    end
    output[:data] << chain_certificate.not_before.strftime("Valid from %B %-d, %Y ") +
                     chain_certificate.not_after.strftime("to %B %-d, %Y")
    output[:data] << "Serial Number: #{chain_certificate.serial.to_s(16).downcase}"
    output[:data] << "Signature Algorithm: #{chain_certificate.signature_algorithm}"
    output[:data] << "Issuer: #{chain_certificate.issuer.to_s[/CN=(.+)/, 1]}"
    # output[:long] << "---\n"
end
ocsp_post(ocsp_uri, ocsp_request) click to toggle source
# File bin/check_certificate_chain, line 163
def ocsp_post(ocsp_uri, ocsp_request)
    Net::HTTP.start(ocsp_uri.host, ocsp_uri.port) do |http|
        http.post ocsp_uri.path, ocsp_request.to_der, {"Content-Type" => "application/ocsp-request"}
    end
end
usage() click to toggle source
# File bin/check_certificate_chain, line 28
def usage
        puts "Usage: script.rb servername:host:port",
             "Usage: script.rb host:port",
             "Usage: script.rb host",
             "Notice: if servername omitted, script takes host as TSL SNI servername",
             "Notice: if port is omitted script takes 443 as default"
        exit 1
end