certificate-validate
Validate some info in SSL/TLS Certificates.
prerequisites
- Docker
- Internet Access
build
docker build --no-cache --rm -t <NAME_OF_IMAGE> -f ./Dockerfile .
run
variable | description |
---|---|
CERTIFICATE_URL | URL of the certificate to validate |
CERTIFICATE_PORT | Port of the certificate to validate |
CERTIFICATE_TIME_TO_WAIT | Time to wait for the certificate to be validated, is optional, if not set, it will be set to 86400 |
daemon
docker run -d --name certificate_validate \
-e CERTIFICATE_URL=google.com \
-e CERTIFICATE_PORT=443 \
-e CERTIFICATE_TIME_TO_WAIT=6300 \
<NAME_OF_IMAGE>
status
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3b9598147db fabianoflorentino/certificate-validate:latest "/app/entrypoint.sh" 29 minutes ago Up 29 minutes certificate_validate
once
docker run -it --name certificate_validate_test \
--entrypoint "" \
<NAME_OF_IMAGE> \
python /app/certificate.py github.com 443 --exit
logs
RFC (Request for Comments): Internet X.509 Public Key Infrastructure Certificate and CRL Profile
fields | description |
---|---|
"commonName" | Common Name of the certificate |
"subjectAltName" | Subject Alternative Name of the certificate |
"issuer" | Issuer of the certificate |
"type" | Type of the certificate |
"notBefore" | Not Before of the certificate |
"notAfter" | Not After of the certificate |
"daysLeft" | Days left to expire the certificate |
"crl" | Certificate Revocation List of the certificate |
OBS: daysLeft is not part of the RFC, it is calculated based on the notBefore and notAfter fields.
docker exec -it <CONTAINER NAME> cat /app/certificate.log
{
"commonName": "www.github.com",
"subjectAltName": "['www.github.com', '*.github.com', 'github.com', '*.github.io', 'github.io', '*.githubusercontent.com', 'githubusercontent.com']",
"issuer": "DigiCert SHA2 High Assurance Server CA",
"type": "Organization Validation (OV) Web Server SSL Digital Certificate",
"notBefore": "2020-05-06 00:00:00",
"notAfter": "2022-04-14 12:00:00",
"daysLeft": "708",
"crl": "['http://crl3.digicert.com/sha2-ha-server-g6.crl', 'http://crl4.digicert.com/sha2-ha-server-g6.crl']"
}
actions
environment | description |
---|---|
DOCKERHUB | Environment configured on Github |
variable | description |
---|---|
secrets.DOCKERHUB_USERNAME | Username of the dockerhub account |
secrets.DOCKERHUB_TOKEN | Token of the dockerhub account |
GITHUB_REPOSITORY | Your GitHub repository needs to have the same name of Dockerhub Repository |
"Encrypted secrets allow you to store sensitive information in your organization, repository, or repository environments."
Workflow syntax for GitHub Actions
"A workflow is a configurable automated process made up of one or more jobs. You must create a YAML file to define your workflow configuration."
CI
---
name: CI
on:
push:
branches:
- main
paths-ignore:
- 'README.md'
- 'LICENSE'
- 'docs/**'
- '.github/**'
jobs:
build:
environment: DOCKERHUB
name: Build and Push to Docker Hub
runs-on: ubuntu-latest
steps:
# Checkout the repository
- name: Checkout
uses: actions/checkout@v2
# Login to Docker Hub
- name: Login
run: docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
# Build the image
- name: Build
run: |
docker build \
--no-cache \
--rm \
-t $GITHUB_REPOSITORY:latest \
-f ./Dockerfile .
# Push the image to Docker Hub
- name: Push
run: docker push $GITHUB_REPOSITORY:latest
Pylint
name: Pylint
on:
push:
branches:
- main
paths-ignore:
- 'README.md'
- 'LICENSE'
- 'docs/**'
- '.github/**'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.9
uses: actions/setup-python@v2
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -r ./requirements.txt
pip install pylint
- name: Analysing the code with pylint
run: |
pylint `ls -R|grep .py$|xargs`
CodeQL
name: "CodeQL"
on:
push:
branches:
- main
paths-ignore:
- 'README.md'
- 'LICENSE'
- 'docs/**'
- '.github/**'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'python' ]
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1