Files @ b3456703e541
Branch filter:

Location: C3L-NOC/tls-expiry-tracker/backend/web.py

b3456703e541 2.3 KiB text/x-python Show Annotation Show as Raw Download as Raw
x
feat: replace web with more generic SSL verificator and handlers
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python3
import ssl
from rich.console import Console
from cryptography import x509
import socket

import tls_utils
from tls_utils import TLSDetails

class SSLHandler:
    def __init__(self, host: str, port: int, context: ssl.SSLContext):
        self.host = host
        self.port = port
        self.context = context

    def connect(self, verification: bool) -> int:
        if verification:
            with self.context.wrap_socket(socket.socket(), server_hostname=self.host) as s:
                s.connect((self.host, self.port))
                cert = s.getpeercert()
                return tls_utils.get_validity_days(cert)[1]
        else:
            pem_cert = ssl.get_server_certificate((self.host, self.port), timeout=5)
            cert = x509.load_pem_x509_certificate(pem_cert.encode())
            not_after = cert.not_valid_after.timestamp()
            return tls_utils.get_expiry_timestamps(not_after)[1]

class SSLVerificator:
    def __init__(self, context: ssl.SSLContext):
        self.context = context

    def connect(self, domain: str, port: int) -> TLSDetails:
        handler = SSLHandler(domain, port, self.context)
        try:
            expiry = handler.connect(True)
            return TLSDetails(domain_name=domain, expires_in_days=expiry)
        except ssl.SSLCertVerificationError as e:
            if e.verify_code == tls_utils.EXPIRED:
                expiry = handler.connect(False)
                return TLSDetails(domain_name=domain, expires_in_days=expiry)
            elif e.verify_code == tls_utils.REVOKED:
                return TLSDetails(domain_name=domain, error_message="was revoked.")
            elif e.verify_code == tls_utils.SELF_SIGNED:
                return TLSDetails(domain_name=domain, error_message="is self-signed.")
            elif e.verify_code == tls_utils.ROOT_NOT_TRUSTED:
                return TLSDetails(domain_name=domain, error_message="invalid: root not trusted.")
            else:
                return TLSDetails(domain_name=domain, error_message="failed verification: " + e.verify_message + ".")
        except ssl.SSLError as e:
            return TLSDetails(domain_name=domain, error_message="could not establish a secure connection: " + e.reason + ".")
        except Exception as e:
            return TLSDetails(domain_name=domain, error_message="could not connect: " + str(e) + ".")
Server instance: saturn-268215 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support