A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/cloudflare/gokeyless/commit/cd1c9487d459ecff7a06396a5479bf07489d590c below:

Emit certificate expiration metrics for client certificates used in h… · cloudflare/gokeyless@cd1c948 · GitHub

File tree Expand file treeCollapse file tree 2 files changed

+56

-1

lines changed

Filter options

Expand file treeCollapse file tree 2 files changed

+56

-1

lines changed Original file line number Diff line number Diff line change

@@ -0,0 +1,51 @@

 1 +

// Package certmetrics will be used to register and emit metrics for certificates in memory

 2 +

package certmetrics

 3 + 4 +

import (

 5 +

"crypto/x509"

 6 +

"sort"

 7 +

"strings"

 8 + 9 +

"github.com/prometheus/client_golang/prometheus"

 10 +

"github.com/prometheus/client_golang/prometheus/promauto"

 11 +

)

 12 + 13 +

var certificateExpirationTimes = promauto.NewGaugeVec(

 14 +

prometheus.GaugeOpts{

 15 +

Name: "certificate_expiration_timestamp_seconds",

 16 +

Help: "Expiration times of gokeyless certs",

 17 +

},

 18 +

[]string{"serial_no", "cn", "hostnames", "ca", "server", "client"},

 19 +

)

 20 + 21 +

// Observe takes in a list of certs and emits its expiration times

 22 +

func Observe(certs ...*x509.Certificate) {

 23 +

for _, cert := range certs {

 24 +

hostnames := cert.DNSNames

 25 +

sort.Strings(hostnames)

 26 +

labels := prometheus.Labels{

 27 +

"serial_no": cert.SerialNumber.String(),

 28 +

"cn": cert.Subject.CommonName,

 29 +

"hostnames": strings.Join(hostnames, ","),

 30 +

"ca": boolToBinaryString(cert.IsCA),

 31 +

"server": containsKeyUsage(cert.ExtKeyUsage, x509.ExtKeyUsageServerAuth),

 32 +

"client": containsKeyUsage(cert.ExtKeyUsage, x509.ExtKeyUsageClientAuth)}

 33 +

certificateExpirationTimes.With(labels).Set(float64(cert.NotAfter.Unix()))

 34 +

}

 35 +

}

 36 + 37 +

func boolToBinaryString(val bool) string {

 38 +

if val {

 39 +

return "1"

 40 +

}

 41 +

return "0"

 42 +

}

 43 + 44 +

func containsKeyUsage(a []x509.ExtKeyUsage, x x509.ExtKeyUsage) string {

 45 +

for _, e := range a {

 46 +

if e == x || e == x509.ExtKeyUsageAny {

 47 +

return "1"

 48 +

}

 49 +

}

 50 +

return "0"

 51 +

}

 Original file line number Diff line number Diff line change

@@ -24,6 +24,8 @@ import (

 24 24

"sync"

 25 25

"time"

 26 26 27 +

"github.com/cloudflare/gokeyless/certmetrics"

 28 + 27 29

"github.com/cloudflare/cfssl/helpers"

 28 30

"github.com/cloudflare/cfssl/helpers/derhelpers"

 29 31

"github.com/cloudflare/cfssl/log"

@@ -644,7 +646,9 @@ func (s *Server) spawn(l net.Listener, c net.Conn) {

 644 646

tconn.Close()

 645 647

return

 646 648

}

 647 -

limited, err := s.config.isLimited(tconn.ConnectionState())

 649 +

connState := tconn.ConnectionState()

 650 +

certmetrics.Observe(connState.PeerCertificates...)

 651 +

limited, err := s.config.isLimited(connState)

 648 652

if err != nil {

 649 653

log.Errorf("connection %v: could not determine if limited: %v", c.RemoteAddr(), err)

 650 654

tconn.Close()

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4