diff options
author | Franck Cuny <franck@fcuny.net> | 2024-04-28 19:32:25 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2024-04-28 19:32:25 -0700 |
commit | 4a42092b5f743f1e3f3898e04b11a779b5f22125 (patch) | |
tree | 38355333f9c9408ac8526c3f3dd31d5d4ae4c388 | |
parent | add a script to fetch cheeseboard's menu (diff) | |
download | world-4a42092b5f743f1e3f3898e04b11a779b5f22125.tar.gz |
replaced with https://github.com/fcuny/x509-info
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | cmd/x509info/README.md | 54 | ||||
-rw-r--r-- | cmd/x509info/main.go | 150 |
3 files changed, 1 insertions, 205 deletions
diff --git a/Makefile b/Makefile index 695c129..4c051b5 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ BUILD_DATE ?= $(shell TZ=UTC0 date +%Y-%m-%dT%H:%M:%SZ) PKG:=github.com/fcuny/world -BINARIES = bin/x509-info bin/flake-info +BINARIES = bin/flake-info ALL_BINARIES = $(foreach binary, $(BINARIES), ./$(binary)) diff --git a/cmd/x509info/README.md b/cmd/x509info/README.md deleted file mode 100644 index 479771c..0000000 --- a/cmd/x509info/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# x509-info - -At this point it's pretty clear that I'll never remember the syntax for `openssl` to show various information about a certificate. At last I will not have to google for that syntax ever again. - -## Usage - -``` shell -Usage: - x509-info [DOMAIN] - x509-info (-f long) [DOMAIN] - -Options: - -f, --format Format the result. Valid values: short, long. Default: short - -i, --insecure Skip the TLS validation. Default: false - -p, --port Specify the port. Default: 443 - -v, --version Print version information - -h, --help Print this message -``` - -The default format will print a short message: -``` shell -$ ./bin/x509-info github.com -github.com, valid until Thu, 14 Mar 2024 23:59:59 UTC (86 days left) -``` - -It's possible to get more details: -``` shell -$ ./bin/x509-info -f long github.com -certificate - version: 3 - serial: 17034156255497985825694118641198758684 - subject: github.com - issuer: DigiCert TLS Hybrid ECC SHA384 2020 CA1 - -validity: - not before: Tue, 14 Feb 2023 00:00:00 UTC - not after: Thu, 14 Mar 2024 23:59:59 UTC - validity days: 394 - remaining days: 86 - -SANs: - • github.com - • www.github.com -``` - -You can also check expired certificates: -``` shell -$ ./bin/x509-info -i expired.badssl.com -*.badssl.com, not valid since Sun, 12 Apr 2015 23:59:59 UTC (expired 3172 days ago) -``` - -## Notes - -Could the same be achieved with a wrapper around `openssl` ? yes. diff --git a/cmd/x509info/main.go b/cmd/x509info/main.go deleted file mode 100644 index c425c45..0000000 --- a/cmd/x509info/main.go +++ /dev/null @@ -1,150 +0,0 @@ -package main - -import ( - "crypto/tls" - "crypto/x509" - "flag" - "fmt" - "html/template" - "os" - "time" - - "github.com/fcuny/world/internal/version" -) - -const usage = `Usage: - x509-info [DOMAIN] - x509-info (-f long) [DOMAIN] - -Options: - -f, --format Format the result. Valid values: short, long. Default: short - -i, --insecure Skip the TLS validation. Default: false - -p, --port Specify the port. Default: 443 - -v, --version Print version information - -h, --help Print this message -` - -func main() { - flag.Usage = func() { fmt.Fprintf(os.Stderr, "%s\n", usage) } - - var ( - portFlag int - outputFormatFlag string - insecureFlag bool - versionFlag bool - ) - - flag.IntVar(&portFlag, "port", 443, "Port to check") - flag.IntVar(&portFlag, "p", 443, "Port to check") - flag.StringVar(&outputFormatFlag, "format", "short", "Format the output") - flag.StringVar(&outputFormatFlag, "f", "short", "Format the output") - flag.BoolVar(&insecureFlag, "insecure", false, "Whether to bypass secure flag checks") - flag.BoolVar(&insecureFlag, "i", false, "Whether to bypass secure flag checks") - flag.BoolVar(&versionFlag, "version", false, "Print version information") - flag.BoolVar(&versionFlag, "v", false, "Print version information") - - flag.Parse() - - if versionFlag { - information := version.VersionAndBuildInfo() - fmt.Println(information) - return - } - - if flag.NArg() != 1 { - fmt.Fprintf(os.Stderr, "too many arguments: got %d, expected 1\n", flag.NArg()) - flag.Usage() - os.Exit(1) - } - - domain := flag.Arg(0) - - certs, err := getCertificates(domain, portFlag, insecureFlag) - if err != nil { - fmt.Fprintf(os.Stderr, "error: %v\n", err) - os.Exit(1) - } - - switch outputFormatFlag { - case "long": - printLong(certs) - default: - printShort(certs) - } -} - -func getCertificates(domain string, port int, insecureSkipVerify bool) ([]*x509.Certificate, error) { - conf := &tls.Config{ - InsecureSkipVerify: insecureSkipVerify, - } - - remote := fmt.Sprintf("%s:%d", domain, port) - - conn, err := tls.Dial("tcp", remote, conf) - if err != nil { - return nil, fmt.Errorf("failed to get the certificate for %s: %v", remote, err) - } - - defer conn.Close() - - certs := conn.ConnectionState().PeerCertificates - return certs, nil -} - -func printShort(certs []*x509.Certificate) { - cert := certs[0] - - now := time.Now() - remainingDays := cert.NotAfter.Sub(now) - - if remainingDays > 0 { - fmt.Printf("%s, valid until %s (%d days left)\n", cert.Subject.CommonName, cert.NotAfter.Format(time.RFC1123), int(remainingDays.Hours()/24)) - } else { - fmt.Printf("%s, not valid since %s (expired %d days ago)\n", cert.Subject.CommonName, cert.NotAfter.Format(time.RFC1123), int(remainingDays.Abs().Hours()/24)) - } -} - -const tmplLong = `certificate - version: {{ .Version }} - serial: {{ .SerialNumber }} - subject: {{ .Subject.CommonName }} - issuer: {{ .Issuer.CommonName }} - -validity: - not before: {{ rfc1123 .NotBefore }} - not after: {{ rfc1123 .NotAfter }} - validity days: {{ validFor .NotBefore .NotAfter }} - remaining days: {{ remainingDays .NotAfter }} - -SANs: -{{- range $i, $name := .DNSNames }} - • {{ $name }} -{{- end }} -` - -func printLong(certs []*x509.Certificate) { - funcMap := template.FuncMap{ - "validFor": func(before, after time.Time) int { - validForDays := after.Sub(before) - return int(validForDays.Hours() / 24) - }, - "remainingDays": func(notAfter time.Time) int { - now := time.Now() - remainingDays := notAfter.Sub(now) - return int(remainingDays.Hours() / 24) - }, - "rfc1123": func(date time.Time) string { - return date.Format(time.RFC1123) - }, - } - - tmpl, err := template.New("tmpl").Funcs(funcMap).Parse(tmplLong) - if err != nil { - panic(err) - } - - err = tmpl.Execute(os.Stdout, certs[0]) - if err != nil { - panic(err) - } -} |