Merge pull request #1 from greg-solutions/feature/extend_cert_expire_…

…data Extend information about last cert of chain
greg-solutions · Apr 23, 2020 · b869cef · b869cef
2 parents 589f4d5 + 3619688
commit b869cef
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 0 deletions.
diff --git a/prober/http.go b/prober/http.go
@@ -225,6 +225,10 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
 			Name: "probe_ssl_earliest_cert_expiry",
 			Help: "Returns earliest SSL cert expiry in unixtime",
 		})
+		probeSSLLastCertExpiry = prometheus.NewGauge(prometheus.GaugeOpts{
+			Name: "probe_ssl_last_cert_expiry",
+			Help: "Returns last SSL cert expiry date",
+		})
 
 		probeHTTPVersionGauge = prometheus.NewGauge(prometheus.GaugeOpts{
 			Name: "probe_http_version",
@@ -490,7 +494,9 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
 	if resp.TLS != nil {
 		isSSLGauge.Set(float64(1))
 		registry.MustRegister(probeSSLEarliestCertExpiryGauge)
+		registry.MustRegister(probeSSLLastCertExpiry)
 		probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(resp.TLS).Unix()))
+		probeSSLLastCertExpiry.Set(float64(getLastCertExpiry(resp.TLS).Unix()))
 		if httpConfig.FailIfSSL {
 			level.Error(logger).Log("msg", "Final request was over SSL")
 			success = false

diff --git a/prober/tcp.go b/prober/tcp.go
@@ -94,6 +94,10 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
 		Name: "probe_ssl_earliest_cert_expiry",
 		Help: "Returns earliest SSL cert expiry date",
 	})
+	probeSSLLastCertExpiry := prometheus.NewGauge(prometheus.GaugeOpts{
+		Name: "probe_ssl_last_cert_expiry",
+		Help: "Returns last SSL cert expiry date",
+	})
 	probeFailedDueToRegex := prometheus.NewGauge(prometheus.GaugeOpts{
 		Name: "probe_failed_due_to_regex",
 		Help: "Indicates if probe failed due to regex",
@@ -119,7 +123,9 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
 	if module.TCP.TLS {
 		state := conn.(*tls.Conn).ConnectionState()
 		registry.MustRegister(probeSSLEarliestCertExpiry)
+		registry.MustRegister(probeSSLLastCertExpiry)
 		probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix()))
+		probeSSLLastCertExpiry.Set(float64(getLastCertExpiry(&state).Unix()))
 	}
 	scanner := bufio.NewScanner(conn)
 	for i, qr := range module.TCP.QueryResponse {
@@ -187,7 +193,9 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
 			// Get certificate expiry.
 			state := tlsConn.ConnectionState()
 			registry.MustRegister(probeSSLEarliestCertExpiry)
+			registry.MustRegister(probeSSLLastCertExpiry)
 			probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix()))
+			probeSSLLastCertExpiry.Set(float64(getLastCertExpiry(&state).Unix()))
 		}
 	}
 	return true

diff --git a/prober/tcp_test.go b/prober/tcp_test.go
@@ -175,6 +175,7 @@ func TestTCPConnectionWithTLS(t *testing.T) {
 	}
 	expectedResults := map[string]float64{
 		"probe_ssl_earliest_cert_expiry": float64(certExpiry.Unix()),
+		"probe_ssl_last_cert_expiry":     float64(certExpiry.Unix()),
 	}
 	checkRegistryResults(expectedResults, mfs, t)
 }
@@ -288,6 +289,7 @@ func TestTCPConnectionQueryResponseStartTLS(t *testing.T) {
 	}
 	expectedResults := map[string]float64{
 		"probe_ssl_earliest_cert_expiry": float64(certExpiry.Unix()),
+		"probe_ssl_last_cert_expiry":     float64(certExpiry.Unix()),
 	}
 	checkRegistryResults(expectedResults, mfs, t)
 }

diff --git a/prober/tls.go b/prober/tls.go
@@ -27,3 +27,6 @@ func getEarliestCertExpiry(state *tls.ConnectionState) time.Time {
 	}
 	return earliest
 }
+func getLastCertExpiry(state *tls.ConnectionState) time.Time {
+	return state.PeerCertificates[0].NotAfter
+}