mirror of
https://github.com/netzbegruenung/green-spider.git
synced 2024-05-01 08:34:51 +02:00
Add check 'certificate' to collect TLS cert details
This commit is contained in:
parent
456272a2af
commit
0539c4802c
|
@ -6,6 +6,7 @@ functionality of a site or individual pages.
|
|||
import logging
|
||||
|
||||
from checks import charset
|
||||
from checks import certificate
|
||||
from checks import dns_resolution
|
||||
from checks import duplicate_content
|
||||
from checks import domain_variations
|
||||
|
@ -33,6 +34,7 @@ def perform_checks(input_url):
|
|||
('http_and_https', http_and_https),
|
||||
('dns_resolution', dns_resolution),
|
||||
('url_reachability', url_reachability),
|
||||
('certificate', certificate),
|
||||
('url_canonicalization', url_canonicalization),
|
||||
('page_content', page_content),
|
||||
('duplicate_content', duplicate_content),
|
||||
|
|
62
checks/certificate.py
Normal file
62
checks/certificate.py
Normal file
|
@ -0,0 +1,62 @@
|
|||
"""
|
||||
Gathers information on the TLS/SSL certificate used by a server
|
||||
"""
|
||||
|
||||
from urllib.parse import urlparse
|
||||
import logging
|
||||
import ssl
|
||||
from datetime import datetime
|
||||
from datetime import timezone
|
||||
|
||||
from OpenSSL import crypto
|
||||
|
||||
from checks.abstract_checker import AbstractChecker
|
||||
|
||||
class Checker(AbstractChecker):
|
||||
def __init__(self, config, previous_results=None):
|
||||
super().__init__(config, previous_results)
|
||||
|
||||
def run(self):
|
||||
results = {}
|
||||
|
||||
for url in self.config.urls:
|
||||
if url.startswith('https://'):
|
||||
results[url] = self.get_certificate(url)
|
||||
|
||||
return results
|
||||
|
||||
def get_certificate(self, url):
|
||||
result = {
|
||||
'exception': None,
|
||||
'serial_number': None,
|
||||
'subject': None,
|
||||
'issuer': None,
|
||||
'not_before': None,
|
||||
'not_after': None
|
||||
}
|
||||
|
||||
parsed = urlparse(url)
|
||||
try:
|
||||
cert = ssl.get_server_certificate((parsed.hostname, 443))
|
||||
x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
|
||||
result['serial_number'] = str(x509.get_serial_number())
|
||||
|
||||
nb = x509.get_notBefore().decode('utf-8')
|
||||
na = x509.get_notAfter().decode('utf-8')
|
||||
|
||||
# parse '2018 06 27 00 00 00Z'
|
||||
result['not_before'] = datetime(int(nb[0:4]), int(nb[4:6]), int(nb[6:8]), int(nb[8:10]), int(nb[10:12]), int(nb[12:14]), tzinfo=timezone.utc).isoformat()
|
||||
result['not_after'] = datetime(int(na[0:4]), int(na[4:6]), int(na[6:8]), int(na[8:10]), int(na[10:12]), int(na[12:14]), tzinfo=timezone.utc).isoformat()
|
||||
|
||||
# decode and convert from bytes to unicode
|
||||
result['subject'] = dict([tuple(map(lambda x: x.decode('utf-8'), tup)) for tup in x509.get_subject().get_components()])
|
||||
result['issuer'] = dict([tuple(map(lambda x: x.decode('utf-8'), tup)) for tup in x509.get_issuer().get_components()])
|
||||
|
||||
except Exception as e:
|
||||
result['exception'] = {
|
||||
'type': str(type(e)),
|
||||
'message': str(e),
|
||||
}
|
||||
logging.warning("Error when getting certificate for %s: %r" % (url, e))
|
||||
|
||||
return result
|
Loading…
Reference in a new issue