diff options
| -rw-r--r-- | modules/check_certificate.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/modules/check_certificate.py b/modules/check_certificate.py new file mode 100644 index 00000000..6695fc22 --- /dev/null +++ b/modules/check_certificate.py @@ -0,0 +1,33 @@ +import datetime +from src import ModuleManager, utils +import cryptography.x509, cryptography.hazmat.backends + +class Module(ModuleManager.BaseModule): + @utils.hook("preprocess.connect") + def preprocess_connect(self, event): + certificate_filename = self.bot.config.get("tls-certificate", None) + if not certificate_filename == None: + with open(certificate_filename, "rb") as certificate_file: + certificate = cryptography.x509.load_pem_x509_certificate( + certificate_file.read(), + cryptography.hazmat.backends.default_backend()) + + today = datetime.datetime.utcnow().date() + week = datetime.timedelta(days=7) + + not_valid_until = (today-certificate.not_valid_before.date()).days + not_valid_after = (certificate.not_valid_after.date()-today).days + + if not_valid_until < 0: + self.log.warn( + "Connecting to %s but client certificate is not valid yet", + [str(event["server"])]) + elif not_valid_after < 0: + self.log.warn( + "Connecting to %s but client certificate is no longer " + "valid", [str(event["server"])]) + elif not_valid_after <= 7: + self.log.warn( + "Connecting to %s but client certificate expires in a week", + [str(event["server"])]) + |