Class: TLSChecker::CertificateChecker

Inherits:

Object

• Object
• TLSChecker::CertificateChecker

Defined in:

lib/tls_checker/certificate_checker.rb

Instance Attribute Summary

• #address ⇒ Object readonly

  Returns the value of attribute address.

• #hostname ⇒ Object readonly

  Returns the value of attribute hostname.

• #port ⇒ Object readonly

  Returns the value of attribute port.

• #starttls ⇒ Object readonly

  Returns the value of attribute starttls.

Instance Method Summary

• #certificate ⇒ Object
• #check ⇒ Object
• #humanized_address ⇒ Object
• #initialize(hostname, address, port, starttls) ⇒ CertificateChecker constructor

  A new instance of CertificateChecker.

• #service ⇒ Object
• #to_e ⇒ Object

  rubocop:disable Metrics/MethodLength.

• #to_s ⇒ Object

Constructor Details

#initialize(hostname, address, port, starttls) ⇒ CertificateChecker

Returns a new instance of CertificateChecker.

# File 'lib/tls_checker/certificate_checker.rb', line 9

def initialize(hostname, address, port, starttls)
  @hostname = hostname
  @address = address
  @port = port
  @starttls = starttls

  @certificate = nil
  @certificate_failure = nil
  @tls_socket = nil
end

Instance Attribute Details

#address ⇒ Object (readonly)

Returns the value of attribute address.

# File 'lib/tls_checker/certificate_checker.rb', line 20

def address
  @address
end

#hostname ⇒ Object (readonly)

Returns the value of attribute hostname.

# File 'lib/tls_checker/certificate_checker.rb', line 20

def hostname
  @hostname
end

#port ⇒ Object (readonly)

Returns the value of attribute port.

# File 'lib/tls_checker/certificate_checker.rb', line 20

def port
  @port
end

#starttls ⇒ Object (readonly)

Returns the value of attribute starttls.

# File 'lib/tls_checker/certificate_checker.rb', line 20

def starttls
  @starttls
end

Instance Method Details

#certificate ⇒ Object

# File 'lib/tls_checker/certificate_checker.rb', line 49

def certificate
  return @certificate unless @certificate.nil?

  if tls_socket.peer_cert
    @certificate = OpenSSL::X509::Certificate.new(tls_socket.peer_cert)
  else
    @certificate_failure = 'No peer certificate (TLS handshake failed?)'
    @certificate = false
  end
rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH, Errno::ETIMEDOUT, SocketRecvTimeout, IO::TimeoutError => e
  @certificate_failure = "#{e.class.name}: #{e.message}"
  @certificate = false
end

#check ⇒ Object

# File 'lib/tls_checker/certificate_checker.rb', line 41

def check
  !!certificate
end

#humanized_address ⇒ Object

# File 'lib/tls_checker/certificate_checker.rb', line 67

def humanized_address
  if @address.is_a?(Resolv::IPv6)
    "[#{@address}]"
  else
    @address.to_s
  end
end

#service ⇒ Object

# File 'lib/tls_checker/certificate_checker.rb', line 63

def service
  "X.509/#{hostname}/#{humanized_address}:#{port}"
end

#to_e ⇒ Object

rubocop:disable Metrics/MethodLength

# File 'lib/tls_checker/certificate_checker.rb', line 22

def to_e # rubocop:disable Metrics/MethodLength
  if certificate
    InternetSecurityEvent::TLSStatus.build(hostname, certificate)
  else
    {
      state:       'critical',
      description: @certificate_failure || "#{hostname} does not have a valid certificate",
    }
  end.merge(
    service:  service,
    af:       af,
    hostname: hostname,
    address:  address.to_s,
    port:     port,
    ttl:      12.hours.to_i,
    tags:     ['tls-checker'],
  )
end

#to_s ⇒ Object

# File 'lib/tls_checker/certificate_checker.rb', line 45

def to_s
  description
end