Add check 'certificate' to collect TLS cert details

2024-05-01 08:34:51 +02:00 · 2018-10-02 18:06:40 +02:00 · 2018-10-02 18:06:40 +02:00 · 0539c4802c
parent 456272a2af
commit 0539c4802c
2 changed files with 64 additions and 0 deletions
--- a/checks/init.py
+++ b/checks/init.py
@ -6,6 +6,7 @@ functionality of a site or individual pages.
 import logging

 from checks import charset
+from checks import certificate
 from checks import dns_resolution
 from checks import duplicate_content
 from checks import domain_variations
@ -33,6 +34,7 @@ def perform_checks(input_url):
        ('http_and_https', http_and_https),
        ('dns_resolution', dns_resolution),
        ('url_reachability', url_reachability),
+        ('certificate', certificate),
        ('url_canonicalization', url_canonicalization),
        ('page_content', page_content),
        ('duplicate_content', duplicate_content),
--- a/checks/certificate.py
+++ b/checks/certificate.py
@ -0,0 +1,62 @@
+"""
+Gathers information on the TLS/SSL certificate used by a server
+"""
+
+from urllib.parse import urlparse
+import logging
+import ssl
+from datetime import datetime
+from datetime import timezone
+
+from OpenSSL import crypto
+
+from checks.abstract_checker import AbstractChecker
+
+class Checker(AbstractChecker):
+    def __init__(self, config, previous_results=None):
+        super().__init__(config, previous_results)
+    
+    def run(self):
+        results = {}
+
+        for url in self.config.urls:
+            if url.startswith('https://'):
+                results[url] = self.get_certificate(url)
+
+        return results
+    
+    def get_certificate(self, url):
+        result = {
+            'exception': None,
+            'serial_number': None,
+            'subject': None,
+            'issuer': None,
+            'not_before': None,
+            'not_after': None
+        }
+
+        parsed = urlparse(url)
+        try:
+            cert = ssl.get_server_certificate((parsed.hostname, 443))
+            x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
+            result['serial_number'] = str(x509.get_serial_number())
+
+            nb = x509.get_notBefore().decode('utf-8')
+            na = x509.get_notAfter().decode('utf-8')
+            
+            # parse '2018 06 27 00 00 00Z'
+            result['not_before'] = datetime(int(nb[0:4]), int(nb[4:6]), int(nb[6:8]), int(nb[8:10]), int(nb[10:12]), int(nb[12:14]), tzinfo=timezone.utc).isoformat()
+            result['not_after']  = datetime(int(na[0:4]), int(na[4:6]), int(na[6:8]), int(na[8:10]), int(na[10:12]), int(na[12:14]), tzinfo=timezone.utc).isoformat()
+
+            # decode and convert from bytes to unicode
+            result['subject'] = dict([tuple(map(lambda x: x.decode('utf-8'), tup)) for tup in x509.get_subject().get_components()])
+            result['issuer']  = dict([tuple(map(lambda x: x.decode('utf-8'), tup)) for tup in x509.get_issuer().get_components()])
+            
+        except Exception as e:
+            result['exception'] = {
+                'type': str(type(e)),
+                'message': str(e),
+            }
+            logging.warning("Error when getting certificate for %s: %r" % (url, e))
+
+        return result