Puppet Function: openssl::cert_date_valid

Defined in:
lib/puppet/functions/openssl/cert_date_valid.rb
Function type:
Ruby 4.x API

Summary

Checks SSL cetificate date validity.

Overview

openssl::cert_date_valid(String $certfile)Any

Parameter: path to ssl certificate

Parameters:

  • certfile (String)

    The certificate file to check.

Returns:

  • (Any)

    false if the certificate is expired or not yet valid,



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/puppet/functions/openssl/cert_date_valid.rb', line 9

Puppet::Functions.create_function(:'openssl::cert_date_valid') do
  # @param certfile The certificate file to check.
  #
  # @return false if the certificate is expired or not yet valid,
  # or the number of seconds the certificate is still valid for.
  #
  dispatch :valid? do
    param 'String', :certfile
  end

  def valid?(certfile)
    require 'time'
    require 'openssl'

    content = File.read(certfile)
    cert = OpenSSL::X509::Certificate.new(content)

    raise KeyError, 'No date found in certificate' if cert.not_before.nil? && cert.not_after.nil?

    now = Time.now

    if now > cert.not_after
      # certificate is expired
      false
    elsif now < cert.not_before # rubocop:disable Lint/DuplicateBranch
      # certificate is not yet valid
      false
    elsif cert.not_after <= cert.not_before # rubocop:disable Lint/DuplicateBranch
      # certificate will never be valid
      false
    else
      # return number of seconds certificate is still valid for
      (cert.not_after - now).to_i
    end
  end
end