sslstatus: ssl check with native go

Author: wuriyanto48

services/sslstatus/sslcheck.go

@@ -0,0 +1,51 @@
+package sslstatus
+
+import (
+	"crypto/tls"
+	"fmt"
+	"strings"
+	"time"
+)
+
+func checkSSLExpiry(domain string) string {
+	conn, err := tls.Dial("tcp", domain+":443", &tls.Config{})
+	if err != nil {
+		return fmt.Sprintf("error: %s - %v\n", strings.TrimPrefix(domain, "*."), err)
+	}
+
+	defer conn.Close()
+
+	cleanDomain := strings.TrimPrefix(domain, "*.")
+
+	certs := conn.ConnectionState().PeerCertificates
+	if len(certs) > 0 {
+		cert := certs[0]
+		daysLeft := int(time.Until(cert.NotAfter).Hours() / 24)
+
+		status := "Info"
+		if daysLeft <= 30 {
+			status = "Warning"
+		} else if daysLeft <= 15 {
+			status = "Danger"
+		} else if daysLeft <= 7 {
+			status = "Critical"
+		}
+
+		return fmt.Sprintf("%s: %s will expire in %d days (%s)\n",
+			status,
+			cleanDomain,
+			daysLeft,
+			cert.NotAfter.Format(time.RFC1123))
+	}
+
+	return fmt.Sprintf("failed to perform a TLS handshake for the domain: %s \n", cleanDomain)
+}
+
+func checkSSLExpiryMulti(domains []string) string {
+	var sb strings.Builder
+
+	for _, domain := range domains {
+		sb.WriteString(checkSSLExpiry(domain))
+	}
+	return sb.String()
+}

services/sslstatus/sslstatus.go

@@ -1,19 +1,12 @@
 package sslstatus
 
 import (
-	"bytes"
-	"encoding/json"
-	"fmt"
 	"log"
-	"net"
-	"net/url"
 	"strings"
 	"time"
 
 	"github.com/telkomdev/tob"
 	"github.com/telkomdev/tob/config"
-	"github.com/telkomdev/tob/data"
-	"github.com/telkomdev/tob/httpx"
 	"github.com/telkomdev/tob/util"
 )
 
@@ -32,12 +25,6 @@ type SSLStatus struct {
 	notificatorConfig config.Config
 }
 
-type target struct {
-	Success bool   `json:"success"`
-	Message string `json:"message"`
-	Data    string `json:"data"`
-}
-
 var SEVERITIES = []string{"Warning", "Danger", "Critical"}
 
 // NewSSLStatus SSLStatus's constructor
@@ -59,112 +46,26 @@ func (d *SSLStatus) Name() string {
 	return "sslstatus"
 }
 
-// Resolve hostname to IPv4 address
-func (d *SSLStatus) resolveIPv4() string {
-	ipv4 := "N/A"
-
-	hostUrl, err := url.Parse(d.url)
-	if err != nil {
-		if d.verbose {
-			d.logger.Println(err)
-		}
-		return ipv4
-	}
-	hostname := hostUrl.Hostname()
-
-	ips, err := net.LookupIP(hostname)
-	if err != nil {
-		if d.verbose {
-			d.logger.Println(err)
-		}
-		return ipv4
-	}
-
-	for _, ip := range ips {
-		if ip.To4() != nil {
-			ipv4 = ip.String()
-			break
-		}
-	}
-
-	return ipv4
-}
-
 // Ping will try to ping the service
 func (d *SSLStatus) Ping() []byte {
-	shellFilePathStr, ok := d.configs["shellFile"].(string)
+	domains, ok := d.configs["domains"].([]interface{})
 	if !ok {
 		if d.verbose {
-			d.logger.Println("shellFilePathStr is not valid")
-		}
-		return []byte("NOT_OK")
-	}
-
-	if d.verbose {
-		d.logger.Printf("tob-http-agent check %s SSL Status\n", shellFilePathStr)
-	}
-
-	fileSystemPayload := data.FileSystem{
-		Path: shellFilePathStr,
-	}
-
-	payloadJSON, err := json.Marshal(fileSystemPayload)
-	if err != nil {
-		if d.verbose {
-			d.logger.Println(err)
+			d.logger.Println("domains is not in the SSL_status config")
 		}
 		return []byte("NOT_OK")
 	}
 
-	headers := make(map[string]string)
-	headers["Content-Type"] = "application/json"
+	var domianStrs []string
 
-	resp, err := httpx.HTTPPost(fmt.Sprintf("%s/check-ssl", d.url), bytes.NewBuffer(payloadJSON), headers, 120)
-	if err != nil {
-		if d.verbose {
-			d.logger.Println(err)
-		}
-		return []byte("NOT_OK")
-	}
-
-	statusOK := resp.StatusCode >= 200 && resp.StatusCode < 300
-	if !statusOK {
-		if d.verbose {
-			d.logger.Printf("SSLStatus Ping status: %d\n", resp.StatusCode)
-		}
-
-		return []byte("NOT_OK")
-	}
-
-	if d.verbose {
-		d.logger.Printf("SSLStatus Ping status: %d\n", resp.StatusCode)
-	}
-
-	defer func() { resp.Body.Close() }()
-
-	var target target
-
-	err = json.NewDecoder(resp.Body).Decode(&target)
-	if err != nil {
-		if d.verbose {
-			d.logger.Println(err)
+	for _, domain := range domains {
+		domainStr, ok := domain.(string)
+		if ok {
+			domianStrs = append(domianStrs, domainStr)
 		}
-
-		return []byte("NOT_OK")
 	}
 
-	if d.verbose {
-		d.logger.Println(target)
-	}
-
-	sslStatusData := target.Data
-
-	ipv4 := d.resolveIPv4()
-
-	if d.verbose {
-		d.logger.Println("IP :", ipv4)
-		d.logger.Println("sslStatusData: ", sslStatusData)
-	}
+	sslStatusData := checkSSLExpiryMulti(domianStrs)
 
 	d.SetMessage(sslStatusData)