Skip to content

Commit ab0c7e2

Browse files
aorcsikaorcsik
committed
add full details option to cert check
1 parent 679b79f commit ab0c7e2

1 file changed

Lines changed: 79 additions & 40 deletions

File tree

src/js/tools/cert_check.js

Lines changed: 79 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -23,63 +23,102 @@ const checkDomainAccess = (domain) => {
2323
});
2424
};
2525

26-
const certCheck = (externalDomain, originServer) => {
26+
const certCheck = (externalDomain, originServer, fullDetails = false) => {
2727
return new Promise((resolve, reject) => {
28-
const cmd = `echo -n Q | openssl s_client -servername ${externalDomain} -connect ${originServer}:443 | openssl x509 -noout -dates`;
28+
const certFlags = fullDetails ? '-noout -text' : '-noout -dates';
29+
const cmd = `echo -n Q | openssl s_client -servername ${externalDomain} -connect ${originServer}:443 | openssl x509 ${certFlags}`;
2930
exec(cmd, (_, stdout) => {
30-
const matchStart = stdout.match(/notBefore=(.*)/);
31-
const matchEnd = stdout.match(/notAfter=(.*)/);
32-
if (!matchStart || !matchEnd) {
33-
reject(new Error(`Failed to parse certificate dates from output:\n${stdout}`));
34-
return;
35-
}
36-
checkDomainAccess(externalDomain)
37-
.then((status) => {
38-
resolve({
39-
domain: externalDomain,
40-
server: originServer,
41-
start: new Date(matchStart[1]),
42-
expire: new Date(matchEnd[1]),
43-
httpStatus: status.status,
44-
cloudflareRequestId: status.cloudflareRequestId,
31+
if (fullDetails) {
32+
checkDomainAccess(externalDomain)
33+
.then((status) => {
34+
resolve({
35+
domain: externalDomain,
36+
server: originServer,
37+
fullCertData: stdout,
38+
httpStatus: status.status,
39+
cloudflareRequestId: status.cloudflareRequestId,
40+
});
41+
})
42+
.catch((err) => {
43+
reject(err);
4544
});
46-
})
47-
.catch((err) => {
48-
reject(err);
49-
});
45+
} else {
46+
const matchStart = stdout.match(/notBefore=(.*)/);
47+
const matchEnd = stdout.match(/notAfter=(.*)/);
48+
if (!matchStart || !matchEnd) {
49+
reject(new Error(`Failed to parse certificate dates from output:\n${stdout}`));
50+
return;
51+
}
52+
checkDomainAccess(externalDomain)
53+
.then((status) => {
54+
resolve({
55+
domain: externalDomain,
56+
server: originServer,
57+
start: new Date(matchStart[1]),
58+
expire: new Date(matchEnd[1]),
59+
httpStatus: status.status,
60+
cloudflareRequestId: status.cloudflareRequestId,
61+
});
62+
})
63+
.catch((err) => {
64+
reject(err);
65+
});
66+
}
5067
});
5168
});
5269
};
5370

5471
if (require.main === module) {
55-
const domain = process.argv[2];
72+
const args = process.argv.slice(2);
73+
const fullFlag = args.includes('--full');
74+
const domain = args.find((arg) => !arg.startsWith('--'));
75+
5676
if (!domain || !(domain in dnsConfig)) {
57-
process.stderr.write(`Usage: node cert_check.js <domain>\n`);
77+
process.stderr.write(`Usage: node cert_check.js <domain> [--full]\n`);
5878
process.stderr.write(`Where <domain> is one of: ${Object.keys(dnsConfig).join(', ')}\n`);
79+
process.stderr.write(` --full: Display full certificate details instead of just dates\n`);
5980
process.exit(1);
6081
}
6182
const server = dnsConfig[domain];
6283

6384
process.stdout.write(`Checking certificate for ${domain} (server: ${server}:443)\n`);
64-
certCheck(domain, server)
85+
certCheck(domain, server, fullFlag)
6586
.then((result) => {
66-
const now = new Date();
67-
const daysLeft = Math.round((result.expire - now) / (1000 * 60 * 60 * 24));
68-
process.stdout.write(`Certificate for ${result.domain} (served by ${result.server}):\n`);
69-
process.stdout.write(` Valid from: ${result.start.toISOString()}\n`);
70-
process.stdout.write(
71-
` Valid until: ${result.expire.toISOString()} (${daysLeft} day${daysLeft !== 1 ? 's' : ''} left)\n`,
72-
);
73-
74-
if (result.httpStatus === 200) {
75-
process.stdout.write(`Domain ${domain} is accessible (HTTP ${result.httpStatus})\n`);
87+
if (fullFlag) {
88+
process.stdout.write(
89+
`\n=== Full Certificate Details for ${result.domain} (served by ${result.server}) ===\n\n`,
90+
);
91+
process.stdout.write(result.fullCertData);
92+
process.stdout.write(`\n=== HTTP Status ===\n`);
93+
if (result.httpStatus === 200) {
94+
process.stdout.write(`Domain ${domain} is accessible (HTTP ${result.httpStatus})\n`);
95+
} else {
96+
process.stdout.write(`Warning: Domain ${domain} returned HTTP ${result.httpStatus}\n`);
97+
}
98+
if (result.cloudflareRequestId) {
99+
process.stdout.write(` (served via Cloudflare, cf-ray: ${result.cloudflareRequestId})\n`);
100+
} else {
101+
process.stdout.write(` (not served via Cloudflare)\n`);
102+
}
76103
} else {
77-
process.stdout.write(`Warning: Domain ${domain} returned HTTP ${result.httpStatus}\n`);
78-
}
79-
if (result.cloudflareRequestId) {
80-
process.stdout.write(` (served via Cloudflare, cf-ray: ${result.cloudflareRequestId})\n`);
81-
} else {
82-
process.stdout.write(` (not served via Cloudflare)\n`);
104+
const now = new Date();
105+
const daysLeft = Math.round((result.expire - now) / (1000 * 60 * 60 * 24));
106+
process.stdout.write(`Certificate for ${result.domain} (served by ${result.server}):\n`);
107+
process.stdout.write(` Valid from: ${result.start.toISOString()}\n`);
108+
process.stdout.write(
109+
` Valid until: ${result.expire.toISOString()} (${daysLeft} day${daysLeft !== 1 ? 's' : ''} left)\n`,
110+
);
111+
112+
if (result.httpStatus === 200) {
113+
process.stdout.write(`Domain ${domain} is accessible (HTTP ${result.httpStatus})\n`);
114+
} else {
115+
process.stdout.write(`Warning: Domain ${domain} returned HTTP ${result.httpStatus}\n`);
116+
}
117+
if (result.cloudflareRequestId) {
118+
process.stdout.write(` (served via Cloudflare, cf-ray: ${result.cloudflareRequestId})\n`);
119+
} else {
120+
process.stdout.write(` (not served via Cloudflare)\n`);
121+
}
83122
}
84123
process.exit(0);
85124
})

0 commit comments

Comments
 (0)