src/x509-info/src/main.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

extern crate webpki_roots;

mod client;

use chrono::TimeZone as _;
use clap::Parser;
use x509_parser::prelude::*;

#[derive(Parser, Debug)]
#[clap(author, version, about, long_about = None)]
struct Args {
    /// Domain to check
    domain: String,

    /// Port to check
    #[clap(short, long, default_value_t = 443)]
    port: u16,
}

fn main() {
    let args = Args::parse();

    let domain = args.domain;

    let certs = client::get_certificates(domain, args.port);

    match certs {
        Ok(certs) => {
            let (_, cert) =
                x509_parser::certificate::X509Certificate::from_der(certs[0].as_ref()).unwrap();
            pretty_print(cert);
        }
        Err(e) => {
            println!("error: {}", e);
            std::process::exit(1);
        }
    };
}

fn pretty_print(cert: X509Certificate) {
    println!(
        "\tSubject: CN={} O={} L={}",
        cert.subject()
            .iter_common_name()
            .next()
            .and_then(|cn| cn.as_str().ok())
            .unwrap(),
        cert.subject()
            .iter_organization()
            .next()
            .and_then(|o| o.as_str().ok())
            .unwrap_or_default(),
        cert.subject()
            .iter_locality()
            .next()
            .and_then(|l| l.as_str().ok())
            .unwrap_or_default(),
    );
    println!(
        "\tIssuer:  CN={} O={} L={}",
        cert.issuer()
            .iter_common_name()
            .next()
            .and_then(|cn| cn.as_str().ok())
            .unwrap(),
        cert.issuer()
            .iter_organization()
            .next()
            .and_then(|o| o.as_str().ok())
            .unwrap_or_default(),
        cert.issuer()
            .iter_locality()
            .next()
            .and_then(|l| l.as_str().ok())
            .unwrap_or_default(),
    );

    let not_before = chrono::Local
        .timestamp(cert.validity().not_before.timestamp(), 0)
        .to_rfc3339();

    let not_after = chrono::Local
        .timestamp(cert.validity().not_after.timestamp(), 0)
        .to_rfc3339();

    if let Some(subnames) = subject_alternative_name(cert) {
        let dns_names = subnames.join(", ");
        println!("\tDNS Names: {}", dns_names);
    }

    println!("\tValidity Period");
    println!("\t\tNot before: {}", not_before);
    println!("\t\tNot After:  {}", not_after);
}

fn subject_alternative_name(cert: X509Certificate) -> Option<Vec<String>> {
    let mut subnames = Vec::new();
    if let Ok(Some(san)) = cert.subject_alternative_name() {
        let san = san.value;
        for name in &san.general_names {
            if let GeneralName::DNSName(name) = name {
                subnames.push(name.to_string());
            }
        }
    }
    Some(subnames)
}