C3L-NOC/tls-expiry-tracker Changeset - aea800cedcbd · Chaos Computer Club Lëtzebuerg Projects

Changeset - aea800cedcbd

Parent rev.

Child rev.

[Not reviewed]

0 2 0

x - 11 months ago 2024-05-09 21:08:54
xbr@c3l.lu

fix: clean up console logging

2 files changed with 7 insertions and 7 deletions:

backend/generic_handler.py

backend/tls_utils.py

0 comments (0 inline, 0 general)

backend/generic_handler.py

➞

Show inline comments

@@ @@ -25,29 +25,29 @@ class GenericHandler(ABC): @@
             raise ValueError("Invalid protocol")
 class Verificator:
     def __init__(self, context: ssl.SSLContext):
         self.context = context
     def connect(self, domain: str, port: int, protocol: str) -> TLSDetails:
         handler = GenericHandler.create_handler(protocol)(domain, port, self.context)
         try:
             expiry = handler.connect(True)
             return TLSDetails(domain_name=domain, expires_in_days=expiry)
         except ssl.SSLCertVerificationError as e:
             if e.verify_code == EXPIRED:
                 expiry = handler.connect(False)
                 return TLSDetails(domain_name=domain, expires_in_days=expiry)
             elif e.verify_code == REVOKED:
                 # This never happens, as we do not have any CRLs or OCSP set up :(
                 # It's a massive pain and I'm not sure it's worth the considerable extra code
                 # Maybe look into MetLife/OCSPChecker but idk
                 return TLSDetails(domain_name=domain, error_message="was revoked.")
             elif e.verify_code == SELF_SIGNED:
                 return TLSDetails(domain_name=domain, error_message="is self-signed.")
             elif e.verify_code == ROOT_NOT_TRUSTED:
                 return TLSDetails(domain_name=domain, error_message="invalid: root not trusted.")
             else:
-                return TLSDetails(domain_name=domain, error_message="failed verification: " + e.verify_message + ".")
                 return TLSDetails(domain_name=domain, error_message="failed verification: " + e.verify_message)
         except ssl.SSLError as e:
-            return TLSDetails(domain_name=domain, error_message="could not establish a secure connection: " + e.reason + ".")
             return TLSDetails(domain_name=domain, error_message="could not establish a secure connection: " + e.reason)
         except Exception as e:
             return TLSDetails(domain_name=domain, error_message="could not connect: " + str(e) + ".")
@@ \ No newline at end of file @@
             return TLSDetails(domain_name=domain, error_message="could not connect: " + str(e))
@@ \ No newline at end of file @@

backend/tls_utils.py

➞

Show inline comments

 #!/usr/bin/env python3
 from rich.console import Console
 import datetime
 import math
 EXPIRED = 10
 REVOKED = 23
 SELF_SIGNED = 18
 ROOT_NOT_TRUSTED = 19
 class TLSDetails:
     domain_name = None
     expires_in_days = None
     error_message = None
     connection_error = False
     def __init__(self, domain_name : str = None, expires_in_days : str = None, error_message : str = None, connection_error : bool = False):
         self.domain_name = domain_name
         self.expires_in_days = expires_in_days
         self.error_message = error_message
         self.connection_error = connection_error
     def print(self, console: Console):
         if self.connection_error:
-            console.log("[orange bold underline]" + self.domain_name, self.error_message, style="orange")
             console.log("[bold underline]" + self.domain_name, self.error_message, style="orange")
         elif self.error_message != None:
-            console.log("[red bold underline]" + self.domain_name, self.error_message, style="red")
             console.log("[bold underline]" + self.domain_name, self.error_message, style="red")
         elif self.expires_in_days < 0:
-            console.log("[red bold underline]" + self.domain_name, "expired", abs(self.expires_in_days), "days ago.", style="red")
             console.log("[bold underline]" + self.domain_name, "expired", abs(self.expires_in_days), "days ago.", style="red")
         else:
-            console.log("[green bold underline]" + self.domain_name, "expires in", self.expires_in_days, "days", style="green")
             console.log("[bold underline]" + self.domain_name, "expires in", self.expires_in_days, "days", style="green")
 def compare_expiry_timestamps(expiry_timestamp: int, now_timestamp: int = datetime.datetime.now(datetime.UTC).timestamp()) -> tuple[bool, int]:
     seconds_left = expiry_timestamp - now_timestamp
     valid = seconds_left >= 0
     # We use floor(), which, when negative, will round towards -1
     if not valid:
         seconds_left = -seconds_left
     days_left = math.floor(seconds_left / 86400)
     # We need to restore the inversion
     if not valid:
         days_left = -days_left
     return (valid, days_left)
 # Returns if the cert is valid, and the number of days left until expiry (negative if expired)
 def check_cert_validity(cert) -> tuple[bool, int]:
     # Get expiry date
     notAfter = cert['notAfter']
     notAfter_date = datetime.datetime.strptime(notAfter, '%b %d %H:%M:%S %Y %Z')
     # datetime to UNIX time
     notAfter_timestamp = notAfter_date.timestamp()
     expiry = compare_expiry_timestamps(notAfter_timestamp)
     return (expiry[0], expiry[1])

0 comments (0 inline, 0 general)