def get_cert_info(cert: crypto.X509, host): """Get all the information about cert""" context = {} if not cert: return context cert_subject = cert.get_subject() context['issued_to'] = cert_subject.CN # common name context['issued_o'] = cert_subject.O # organization name context['issuer_o'] = cert.get_issuer().O context['cert_valid'] = False if cert.has_expired() else True context['self_signed'] = True if context['issuer_o'] == context[ 'issued_o'] else False # Prometheus metrics if context['cert_valid']: if context['self_signed']: counter.labels(endpoint=host, check='valid', self_signed='yes').inc() else: counter.labels(endpoint=host, check='valid', self_signed='no').inc() else: counter.labels(endpoint=host, check='not valid', self_signed='n/a').inc() return context
def get_cert_info(cert: X509) -> CertInfo: names: Set[str] = set() key_usage: Set[str] = set() subj = cert.get_subject() names.add(subj.commonName) for i in range(cert.get_extension_count()): ext = cert.get_extension(i) if ext.get_short_name() == b'subjectAltName': for san in str(ext).split(','): san = san.strip() if san.startswith('DNS:'): san = san[4:] names.add(san) elif ext.get_short_name() == b'extendedKeyUsage': key_usage.add(str(ext)) return CertInfo(names=names, key_usage=key_usage)