diff options
Diffstat (limited to 'src/go/collectors/go.d.plugin/modules/x509check/collect.go')
-rw-r--r-- | src/go/collectors/go.d.plugin/modules/x509check/collect.go | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/go/collectors/go.d.plugin/modules/x509check/collect.go b/src/go/collectors/go.d.plugin/modules/x509check/collect.go new file mode 100644 index 000000000..cad0ae169 --- /dev/null +++ b/src/go/collectors/go.d.plugin/modules/x509check/collect.go @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-3.0-or-later + +package x509check + +import ( + "crypto/x509" + "fmt" + "time" + + "github.com/cloudflare/cfssl/revoke" +) + +func (x *X509Check) collect() (map[string]int64, error) { + certs, err := x.prov.certificates() + if err != nil { + return nil, err + } + + if len(certs) == 0 { + return nil, fmt.Errorf("no certificate was provided by '%s'", x.Config.Source) + } + + mx := make(map[string]int64) + + x.collectExpiration(mx, certs) + if x.CheckRevocation { + x.collectRevocation(mx, certs) + } + + return mx, nil +} + +func (x *X509Check) collectExpiration(mx map[string]int64, certs []*x509.Certificate) { + expiry := time.Until(certs[0].NotAfter).Seconds() + mx["expiry"] = int64(expiry) + mx["days_until_expiration_warning"] = x.DaysUntilWarn + mx["days_until_expiration_critical"] = x.DaysUntilCritical + +} + +func (x *X509Check) collectRevocation(mx map[string]int64, certs []*x509.Certificate) { + rev, ok, err := revoke.VerifyCertificateError(certs[0]) + if err != nil { + x.Debug(err) + } + switch { + case ok && rev: + mx["revoked"] = 1 + case ok && !rev: + mx["revoked"] = 0 + } +} |