github.com/netdata/go.d.plugin@v0.58.1/modules/x509check/collect.go (about) 1 // SPDX-License-Identifier: GPL-3.0-or-later 2 3 package x509check 4 5 import ( 6 "crypto/x509" 7 "fmt" 8 "time" 9 10 "github.com/cloudflare/cfssl/revoke" 11 ) 12 13 func (x *X509Check) collect() (map[string]int64, error) { 14 certs, err := x.prov.certificates() 15 if err != nil { 16 return nil, err 17 } 18 19 if len(certs) == 0 { 20 return nil, fmt.Errorf("no certificate was provided by '%s'", x.Config.Source) 21 } 22 23 mx := make(map[string]int64) 24 25 x.collectExpiration(mx, certs) 26 if x.CheckRevocation { 27 x.collectRevocation(mx, certs) 28 } 29 30 return mx, nil 31 } 32 33 func (x *X509Check) collectExpiration(mx map[string]int64, certs []*x509.Certificate) { 34 expiry := time.Until(certs[0].NotAfter).Seconds() 35 mx["expiry"] = int64(expiry) 36 mx["days_until_expiration_warning"] = x.DaysUntilWarn 37 mx["days_until_expiration_critical"] = x.DaysUntilCritical 38 39 } 40 41 func (x *X509Check) collectRevocation(mx map[string]int64, certs []*x509.Certificate) { 42 rev, ok, err := revoke.VerifyCertificateError(certs[0]) 43 if err != nil { 44 x.Debug(err) 45 } 46 switch { 47 case ok && rev: 48 mx["revoked"] = 1 49 case ok && !rev: 50 mx["revoked"] = 0 51 } 52 }