jobs/TLSCertExpiration.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

#!/usr/bin/env python

from __future__ import absolute_import
from future import standard_library
standard_library.install_aliases()
from builtins import str
import ssl
import time
import logging
import http.client
import OpenSSL
import datetime

from . import JobBase
from . import JobSpawner

class TLSCertExpiration(JobSpawner.JobSpawner):
    servers = [ 
            	
              ]

    class CertChecker(JobBase.JobBase):
        def __init__(self, config, url, frequency, failureNotificationFrequency, failuresBeforeNotification):
            self.config = config
            self.url = url
            self.frequency = frequency
            self.failureNotificationFrequency = failureNotificationFrequency
            self.failuresBeforeNotification = failuresBeforeNotification
            super(TLSCertExpiration.CertChecker, self).__init__(config, url)

        def getName(self):
            return str(self.__class__) + " for " + self.url
        def executeEvery(self):
            return self.frequency
        def notifyOnFailureEvery(self):
            return self.failureNotificationFrequency
        def numberFailuresBeforeNotification(self):
            return self.failuresBeforeNotification
        def execute(self):
            try:
                context = ssl._create_unverified_context()
                c = http.client.HTTPSConnection(self.url, context=context)
                c.request("GET", "/")
                asn1 = c.sock.getpeercert(True)
                x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, asn1)
                na = time.mktime(time.strptime(x509.get_notAfter()[:-1], '%Y%m%d%H%M%S'))
                now = time.time()
                delta = datetime.timedelta(seconds=(na - now))
                if delta < datetime.timedelta(days=30):
                    self.failuremsg = "Server Certificate for " + self.url + " expires in " + str(delta.days) + " days"
                    return False
                return True
            except Exception as e:
                self.failuremsg = "Could not get server certificate " + self.url + "\n" + str(e)
                logging.warn(self.failuremsg)
                return False
        def onFailure(self):
            return self.sendEmail(self.failuremsg, "")
        def onStateChangeSuccess(self):
            return self.sendEmail("Successfully hit " + self.url, "")

    def get_sub_jobs(self, config):
        for s in self.servers:
            yield self.CertChecker(config, s[0], s[1], s[2], s[3])