From 4dd44366e1a6b27de0bbee13425682f26f0afc50 Mon Sep 17 00:00:00 2001
From: Klaus-Uwe Mitterer <git@klaus-uwe.me>
Date: Wed, 16 Mar 2016 16:49:56 +0100
Subject: [PATCH] Adding the SSL expiry monitor

---
 sslexpiry.py         | 17 +++++++++++++++++
 ssltools/__init__.py |  7 +++++++
 2 files changed, 24 insertions(+)
 create mode 100755 sslexpiry.py
 create mode 100644 ssltools/__init__.py

diff --git a/sslexpiry.py b/sslexpiry.py
new file mode 100755
index 0000000..94de56a
--- /dev/null
+++ b/sslexpiry.py
@@ -0,0 +1,17 @@
+#!/usr/bin/python3
+
+import ast, datetime, setuptools, ssltools, twitools
+
+if __name__ == "__main__":
+ hosts = ast.literal_eval(setuptools.getSetting("SSL", "hosts"))
+ pbefore = int(setuptools.getSetting("SSL", "pbefore"))
+ pafter = int(setuptools.getSetting("SSL", "pafter"))
+
+ for h in hosts:
+  expiry = ssltools.getRemoteExpiry(h[0], h[1])
+  diff = expiry - datetime.datetime.now()
+  if diff < datetime.timedelta(days=pbefore):
+   if expiry > datetime.datetime.now():
+    print("@%s %s certificate expiring soon (%s). Please renew." % (h[2], h[0], expiry))
+   elif expiry + datetime.timedelta(days=pafter) < datetime.datetime.now():
+    print("@%s %s certificate has expired! (%s) Please renew ASAP!" % (h[2], h[0], expiry))
diff --git a/ssltools/__init__.py b/ssltools/__init__.py
new file mode 100644
index 0000000..25294fe
--- /dev/null
+++ b/ssltools/__init__.py
@@ -0,0 +1,7 @@
+import datetime, OpenSSL, ssl
+
+def getRemoteCert(host, port):
+ return ssl.get_server_certificate((host, port))
+
+def getRemoteExpiry(host,port):
+ return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")