-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.py
78 lines (63 loc) · 2.6 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env python3
import datetime
import jinja2
import json
import requests
import socket
import ssl
from dateutil import parser
# Add hosts in this list in pair of ('host', port)
HOSTS = [
('google.com', 443),
('facebook.com', 443)
]
SLACK_WEBHOOK = None
DAYS_BEFORE_WARNING = 30
def get_certificate_info(host, port):
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
context.check_hostname = True
context.load_default_certs()
socket.setdefaulttimeout(2.0)
error = None
certificate_info = None
try:
with socket.create_connection((host, port)) as sock:
with context.wrap_socket(sock=sock, server_hostname=host) as ssock:
certificate_info = ssock.getpeercert(binary_form=False)
except socket.gaierror:
error = f'Hostname {host} can\'t be resolved'
except socket.timeout:
error = f'Connection timed out to {host}:{port}'
except ssl.SSLCertVerificationError as e:
error = '{0} for {1}'.format(e.verify_message.capitalize(), host)
return (error, certificate_info)
def certificate_valid_date(certificate_info, validity):
if validity in certificate_info:
return certificate_info[validity]
return
def certificate_valid_days(certificate_validity):
validity_datetime = parser.parse(certificate_validity)
now_datetime = datetime.datetime.now(datetime.timezone.utc).replace(microsecond=0)
diff_days = (validity_datetime - now_datetime).days
return diff_days
def send_slack_message(**kwargs):
if SLACK_WEBHOOK:
jinja_loader = jinja2.FileSystemLoader(searchpath="./")
jinja_env = jinja2.Environment(loader=jinja_loader)
json_template = jinja_env.get_template('slack_payload.json.j2')
json_template_rendered = json_template.render(**kwargs)
return requests.post(SLACK_WEBHOOK, json.dumps(json.loads(json_template_rendered)))
return
def main():
for sslhost in HOSTS:
host , port = sslhost
err, info = get_certificate_info(host,port)
if info is not None:
certificate_valid_not_after = certificate_valid_date(info, 'notAfter')
certificate_days = certificate_valid_days(certificate_valid_not_after)
if certificate_days <= DAYS_BEFORE_WARNING:
send_slack_message(timestamp=datetime.datetime.now().timestamp(), domain=host, days=certificate_days, msg="Domain certificate is about to expire")
elif err is not None:
send_slack_message(timestamp=datetime.datetime.now().timestamp(), error_msg=True, msg=err)
if __name__ == '__main__':
main()