kellya/checkcert
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: add color output for validity check of cert

Browse source
This commit is contained in:
Alex Kelly 2021-09-30 13:34:35 -04:00
parent 889258bdaa
commit fa667578a3
1 changed files with 18 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
checkcert/checkcert.py
View file

@ -13,14 +13,9 @@ from collections import namedtuple
__version__ = "0.1.0" __version__ = "0.1.0"
HostInfo = namedtuple(field_names="cert hostname peername", typename="HostInfo") HostInfo = namedtuple(
field_names="cert hostname peername is_valid", typename="HostInfo"
)
def verify_cert(cert, hostname):
# verify notAfter/notBefore, CA trusted, servername/sni/hostname
cert.has_expired()
# service_identity.pyopenssl.verify_hostname(client_ssl, hostname)
# issuer
def get_certificate(hostname, port): def get_certificate(hostname, port):
@ -44,7 +39,12 @@ def get_certificate(hostname, port):
except ConnectionRefusedError: except ConnectionRefusedError:
pass pass
return HostInfo(cert=crypto_cert, peername=peername, hostname=hostname) return HostInfo(
cert=crypto_cert,
peername=peername,
hostname=hostname,
is_valid=not cert.has_expired(),
)
def get_alt_names(cert): def get_alt_names(cert):
@ -88,20 +88,15 @@ def print_basic_info(hostinfo):
) )
def check_it_out(hostname, port):
hostinfo = get_certificate(hostname, port)
print_basic_info(hostinfo)
@click.command() @click.command()
@click.version_option(__version__, prog_name="checkcert") @click.version_option(__version__, prog_name="checkcert")
@click.option("--san", is_flag=True, help="Output Subject Alternate Names") @click.option("--san", is_flag=True, help="Output Subject Alternate Names")
@click.option( @click.option(
"--dump", is_flag=True, help="Dump the full text version of the x509 certificate" "--dump", is_flag=True, help="Dump the full text version of the x509 certificate"
) )
@click.option("--expires", is_flag=True, help="Display the expiration date") @click.option("--color/--no-color", default=True)
@click.argument("hosts", nargs=-1) @click.argument("hosts", nargs=-1)
def main(san, dump, expires, hosts): def main(san, dump, color, hosts):
# setup the list of tuples # setup the list of tuples
HOSTS = [] HOSTS = []
# handle a domain given with a : in it to specify the port # handle a domain given with a : in it to specify the port
@ -127,7 +122,13 @@ def main(san, dump, expires, hosts):
output_string += f"\tissuer: {get_issuer(hostinfo.cert)}\n" output_string += f"\tissuer: {get_issuer(hostinfo.cert)}\n"
output_string += f"\tnotBefore: {hostinfo.cert.not_valid_before}\n" output_string += f"\tnotBefore: {hostinfo.cert.not_valid_before}\n"
output_string += f"\tnotAfter: {hostinfo.cert.not_valid_after}\n\n" output_string += f"\tnotAfter: {hostinfo.cert.not_valid_after}\n\n"
print(output_string) if hostinfo.is_valid and color:
click.echo(click.style(output_string, fg="green"))
elif not hostinfo.is_valid and color:
click.echo(click.style(output_string, fg="red"))
else:
click.echo(click.style(output_string))
# print(f"Certificate for {domain}\nexpires after: {x509.get_not_after()}") # print(f"Certificate for {domain}\nexpires after: {x509.get_not_after()}")