Documentation ¶
Overview ¶
Package certs provides common/shared utility code to support applications in this module which process certificates.
Index ¶
- Constants
- func ChainPosition(cert *x509.Certificate, certChain []*x509.Certificate) string
- func CheckSANsEntries(cert *x509.Certificate, certChain []*x509.Certificate, ...) (int, error)
- func ExpirationStatus(cert *x509.Certificate, ageCritical time.Time, ageWarning time.Time) string
- func FormatCertSerialNumber(sn *big.Int) string
- func FormattedExpiration(expireTime time.Time) string
- func GenerateCertsReport(certChain []*x509.Certificate, ageCritical time.Time, ageWarning time.Time) string
- func GetCertsFromFile(filename string) ([]*x509.Certificate, []byte, error)
- func HasExpiredCert(certChain []*x509.Certificate) bool
- func HasExpiringCert(certChain []*x509.Certificate, ageCritical time.Time, ageWarning time.Time) bool
- func IsExpiredCert(cert *x509.Certificate) bool
- func IsExpiringCert(cert *x509.Certificate, ageCritical time.Time, ageWarning time.Time) bool
- func NextToExpire(certChain []*x509.Certificate, excludeExpired bool) *x509.Certificate
- func NumExpiredCerts(certChain []*x509.Certificate) int
- func NumExpiringCerts(certChain []*x509.Certificate, ageCritical time.Time, ageWarning time.Time) int
- func OneLineCheckSummary(serviceState string, certChain []*x509.Certificate, certsSummary string) string
- type ChainStatus
- type DiscoveredCertChain
- type DiscoveredCertChains
Constants ¶
const CertCheckOneLineSummaryExpiredTmpl string = "%s: %s cert %q expired %s (on %s) %s"
CertCheckOneLineSummaryExpiredTmpl is a shared template string used for emitting one-line service check status output for certificate chains with expired certificates.
const CertCheckOneLineSummaryTmpl string = "%s: %s cert %q expires next with %s (until %s) %s"
CertCheckOneLineSummaryTmpl is a shared template string used for emitting one-line service check status output for certificate chains whose certificates have not expired yet.
const CertValidityDateLayout string = "2006-01-02 15:04:05 -0700 MST"
CertValidityDateLayout is the chosen date layout for displaying certificate validity date/time values across our application.
Variables ¶
This section is empty.
Functions ¶
func ChainPosition ¶
func ChainPosition(cert *x509.Certificate, certChain []*x509.Certificate) string
ChainPosition receives a cert and the cert chain that it belongs to and returns a string indicating what position or "role" it occurpies in the certificate chain.
https://en.wikipedia.org/wiki/X.509 https://tools.ietf.org/html/rfc5280
func CheckSANsEntries ¶
func CheckSANsEntries(cert *x509.Certificate, certChain []*x509.Certificate, expectedEntries []string) (int, error)
CheckSANsEntries receives a x509 certificate, the x509 certificate chain it is a part of and a list of expected SANs entries that should be present for the certificate. The number of unmatched SANs entries is returned along with an error if validation failed.
func ExpirationStatus ¶
ExpirationStatus receives a certificate and the expiration threshold values for CRITICAL and WARNING states and returns a human-readable string indicating the overall status at a glance.
func FormatCertSerialNumber ¶
FormatCertSerialNumber receives a certificate serial number in its native type and formats it in the text format used by OpenSSL (and many other tools).
Example: DE:FD:50:2B:C5:7F:79:F4
func FormattedExpiration ¶
FormattedExpiration receives a Time value and converts it to a string representing the largest useful whole units of time in days and hours. For example, if a certificate has 1 year, 2 days and 3 hours remaining, this function will return the string 367d 3h, but if only 3 hours remain then 3h will be returned.
func GenerateCertsReport ¶
func GenerateCertsReport(certChain []*x509.Certificate, ageCritical time.Time, ageWarning time.Time) string
GenerateCertsReport receives a slice of x509 certificates, CRITICAL age threshold and WARNING age threshold values generates a formatted report suitable for display on the console or (potentially) via Microsoft Teams provided suitable conversion is performed on the output.
func GetCertsFromFile ¶
func GetCertsFromFile(filename string) ([]*x509.Certificate, []byte, error)
GetCertsFromFile is a helper function for retrieving a certificates chain from a specified filename.
func HasExpiredCert ¶
func HasExpiredCert(certChain []*x509.Certificate) bool
HasExpiredCert receives a slice of x509 certificates and indicates whether any of the certificates in the chain have expired.
func HasExpiringCert ¶
func HasExpiringCert(certChain []*x509.Certificate, ageCritical time.Time, ageWarning time.Time) bool
HasExpiringCert receives a slice of x509 certificates, CRITICAL age threshold and WARNING age threshold values and ignoring any certificates already expired, uses the provided thresholds to determine if any certificates are about to expire. A boolean value is returned to indicate the results of this check.
func IsExpiredCert ¶
func IsExpiredCert(cert *x509.Certificate) bool
IsExpiredCert receives a x509 certificate and returns a boolean value indicating whether the cert has expired.
func IsExpiringCert ¶
IsExpiringCert receives a x509 certificate, CRITICAL age threshold and WARNING age threshold values and uses the provided thresholds to determine if the certificate is about to expire. A boolean value is returned to indicate the results of this check.
func NextToExpire ¶
func NextToExpire(certChain []*x509.Certificate, excludeExpired bool) *x509.Certificate
NextToExpire receives a slice of x509 certificates and a boolean flag indicating whether already expired certificates should be excluded. If not excluded, the first expired certificate is returned, otherwise the first certificate out of the pool set to expire next is returned.
func NumExpiredCerts ¶
func NumExpiredCerts(certChain []*x509.Certificate) int
NumExpiredCerts receives a slice of x509 certificates and returns a count of how many certificates have expired.
func NumExpiringCerts ¶
func NumExpiringCerts(certChain []*x509.Certificate, ageCritical time.Time, ageWarning time.Time) int
NumExpiringCerts receives a slice of x509 certificates, CRITICAL age threshold and WARNING age threshold values and ignoring any certificates already expired, uses the provided thresholds to determine if any certificates are about to expire. A count of expiring certificates is returned.
func OneLineCheckSummary ¶
func OneLineCheckSummary(serviceState string, certChain []*x509.Certificate, certsSummary string) string
OneLineCheckSummary receives the desired service check state as a prefix, a certificate chain, a cert summary as a suffix and then generates a one-line summary of the check results for display and notification purposes.
Types ¶
type ChainStatus ¶
type ChainStatus struct { // HasExpiredCerts indicates whether the certificate chain has any // expired certificates. HasExpiredCerts bool // HasExpiringCerts indicates whether the certificate chain has any // certificates set to expire before the WARNING or CRITICAL age // thresholds. HasExpiringCerts bool // ExpiredCertsCount is the number of expired certificates in the chain. ExpiredCertsCount int // ExpiringCertsCount is the number of certificates expiring before one of // the WARNING or CRITICAL age thresholds. ExpiringCertsCount int // ValidCertsCount is the number of certificates not yet expired or // expiring ValidCertsCount int // TotalCertsCount is the total number of certificates in a chain TotalCertsCount int // ServiceCheckStatus is the overall status of the service check backed on // the presence of (or lack thereof) expired or expiring certificates. ServiceCheckStatus string // Summary is a high-level overview of the number of expired, expiring and // certificates not yet crossing over a WARNING or CRITICAL age threshold. Summary string }
ChainStatus provides a quick status overview of the certificates in a provided certificate chain.
func ChainSummary ¶
func ChainSummary( certChain []*x509.Certificate, certsExpireAgeCritical time.Time, certsExpireAgeWarning time.Time, ) ChainStatus
ChainSummary receives a certificate chain, the critical age threshold and the warning age threshold and generates a summary of certificate details.
type DiscoveredCertChain ¶
type DiscoveredCertChain struct { Host string Port int Certs []*x509.Certificate }
DiscoveredCertChain is a poorly named type that represents the certificate chain found on a specific host along with that hosts IP/Name and port.
type DiscoveredCertChains ¶
type DiscoveredCertChains []DiscoveredCertChain
DiscoveredCertChains is a collection of discovered certificate chains for specified hosts and ports.
func (DiscoveredCertChains) HasProblems ¶
func (dcc DiscoveredCertChains) HasProblems( certsExpireAgeCritical time.Time, certsExpireAgeWarning time.Time) bool
HasProblems asserts that no evaluated certificates are expired or expiring soon.
func (DiscoveredCertChains) NumProblems ¶
func (dcc DiscoveredCertChains) NumProblems( certsExpireAgeCritical time.Time, certsExpireAgeWarning time.Time) int
NumProblems indicates how many evaluated certificates are expired or expiring soon.