certificate-validate

Validate some info in SSL/TLS Certificates.

prerequisites

  • Docker
  • Internet Access

build

docker build --no-cache --rm -t <NAME_OF_IMAGE> -f ./Dockerfile .

run

variable description
CERTIFICATE_URL URL of the certificate to validate
CERTIFICATE_PORT Port of the certificate to validate
CERTIFICATE_TIME_TO_WAIT Time to wait for the certificate to be validated, is optional, if not set, it will be set to 86400

daemon

docker run -d --name certificate_validate \
-e CERTIFICATE_URL=google.com \
-e CERTIFICATE_PORT=443 \
-e CERTIFICATE_TIME_TO_WAIT=6300 \
<NAME_OF_IMAGE>

status

docker ps
CONTAINER ID   IMAGE                                 COMMAND                CREATED          STATUS          PORTS     NAMES
e3b9598147db   fabianoflorentino/certificate-validate:latest   "/app/entrypoint.sh"   29 minutes ago   Up 29 minutes             certificate_validate

once

docker run -it --name certificate_validate_test \
--entrypoint "" \
<NAME_OF_IMAGE> \
python /app/certificate.py github.com 443 --exit

logs

RFC (Request for Comments): Internet X.509 Public Key Infrastructure Certificate and CRL Profile

fields description
"commonName" Common Name of the certificate
"subjectAltName" Subject Alternative Name of the certificate
"issuer" Issuer of the certificate
"type" Type of the certificate
"notBefore" Not Before of the certificate
"notAfter" Not After of the certificate
"daysLeft" Days left to expire the certificate
"crl" Certificate Revocation List of the certificate

OBS: daysLeft is not part of the RFC, it is calculated based on the notBefore and notAfter fields.

docker exec -it <CONTAINER NAME> cat /app/certificate.log
{
     "commonName": "www.github.com",
     "subjectAltName": "['www.github.com', '*.github.com', 'github.com', '*.github.io', 'github.io', '*.githubusercontent.com', 'githubusercontent.com']",
     "issuer": "DigiCert SHA2 High Assurance Server CA",
     "type": "Organization Validation (OV) Web Server SSL Digital Certificate",
     "notBefore": "2020-05-06 00:00:00",
     "notAfter": "2022-04-14 12:00:00",
     "daysLeft": "708",
     "crl": "['http://crl3.digicert.com/sha2-ha-server-g6.crl', 'http://crl4.digicert.com/sha2-ha-server-g6.crl']"
}

actions

environment description
DOCKERHUB Environment configured on Github

Environments

variable description
secrets.DOCKERHUB_USERNAME Username of the dockerhub account
secrets.DOCKERHUB_TOKEN Token of the dockerhub account
GITHUB_REPOSITORY Your GitHub repository needs to have the same name of Dockerhub Repository

secrets

"Encrypted secrets allow you to store sensitive information in your organization, repository, or repository environments."

Workflow syntax for GitHub Actions

"A workflow is a configurable automated process made up of one or more jobs. You must create a YAML file to define your workflow configuration."

CI

---
name: CI

on:
  push:
    branches:
      - main
    paths-ignore:
      - 'README.md'
      - 'LICENSE'
      - 'docs/**'
      - '.github/**'

jobs:  
  build:
    environment: DOCKERHUB
    name: Build and Push to Docker Hub
    runs-on: ubuntu-latest

    steps:
      # Checkout the repository
      - name: Checkout
        uses: actions/[email protected]

      # Login to Docker Hub
      - name: Login
        run: docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}

      # Build the image
      - name: Build
        run: |
          docker build \
          --no-cache \
          --rm \
          -t $GITHUB_REPOSITORY:latest \
          -f ./Dockerfile .
      
      # Push the image to Docker Hub
      - name: Push
        run: docker push $GITHUB_REPOSITORY:latest

Pylint

name: Pylint

on:
  push:
    branches:
      - main
    paths-ignore:
      - 'README.md'
      - 'LICENSE'
      - 'docs/**'
      - '.github/**'

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/[email protected]
    - name: Set up Python 3.9
      uses: actions/[email protected]
      with:
        python-version: 3.9
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        python -m pip install -r ./requirements.txt
        pip install pylint
    - name: Analysing the code with pylint
      run: |
        pylint `ls -R|grep .py$|xargs`

CodeQL

name: "CodeQL"

on:
  push:
    branches:
      - main
    paths-ignore:
      - 'README.md'
      - 'LICENSE'
      - 'docs/**'
      - '.github/**'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: [ 'python' ]

    steps:
    - name: Checkout repository
      uses: actions/[email protected]

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/[email protected]
      with:
        languages: ${{ matrix.language }}

    - name: Autobuild
      uses: github/codeql-action/[email protected]

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/[email protected]
GitHub - fabianoflorentino/certificate-validate: Validate some info in SSL/TLS Certificates
Validate some info in SSL/TLS Certificates. Contribute to fabianoflorentino/certificate-validate development by creating an account on GitHub.