Merge pull request #167 from dahag-ag/feat/ssl-issuer

[sslcertificates] Add issuer name as label
HeinleinSupport · Oct 1, 2024 · 60375e9 · 60375e9
2 parents 2480b9d + cf01326
commit 60375e9
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 11 deletions.
diff --git a/sslcertificates/agents/plugins/sslcertificates b/sslcertificates/agents/plugins/sslcertificates
@@ -36,22 +36,23 @@ get_cert_info() {
     certfile="$1"
     single="$2"
     if [ -f "$certfile" -a -r "$certfile" -a \( ! -L "$certfile" -o "$single" \) ] && ! [[ $certfile =~ .*~$ ]] && ! [[ $certfile =~ .*_CA.crt$ ]] && ! [[ $certfile =~ .*/ca-certificates.crt$ ]]; then
-	inform='DER'
-	if grep -q -- '-----BEGIN CERTIFICATE-----' "$certfile"; then
-	    inform='PEM'
-	fi
+        inform='DER'
+        if grep -q -- '-----BEGIN CERTIFICATE-----' "$certfile"; then
+            inform='PEM'
+        fi
 
-	cert_subject=$($OPENSSL x509 -inform $inform -noout -subject -nameopt utf8 -in "$certfile" 2> /dev/null) || return
-	cert_subject=$(cut -d "=" -f 2- <<<"$cert_subject" | sed -e 's/"/\\"/g')
+        cert_subject=$($OPENSSL x509 -inform $inform -noout -subject -nameopt utf8 -in "$certfile" 2> /dev/null) || return
+        cert_subject=$(cut -d "=" -f 2- <<<"$cert_subject" | sed -e 's/"/\\"/g')
         if ! grep -q '@snakeoil.dom' <<<"$cert_subject"; then
-	    cert_startdate=$($OPENSSL x509 -inform $inform -noout -startdate -in "$certfile" | cut -d "=" -f 2 )
-	    cert_startdate_epoch=$(date --date "$cert_startdate" '+%s')
+            cert_startdate=$($OPENSSL x509 -inform $inform -noout -startdate -in "$certfile" | cut -d "=" -f 2 )
+            cert_startdate_epoch=$(date --date "$cert_startdate" '+%s')
             cert_enddate=$($OPENSSL x509 -inform $inform -noout -enddate -in "$certfile" | cut -d "=" -f 2 )
             cert_enddate_epoch=$(date --date "$cert_enddate" '+%s')
             cert_algosign=$($OPENSSL x509 -inform $inform -noout -text -in "$certfile" | awk '/Signature Algorithm: / { print $3; exit;}' )
             cert_issuer_hash=$($OPENSSL x509 -inform $inform -noout -issuer_hash -in "$certfile" )
+            cert_issuer=$($OPENSSL x509 -inform $inform -noout -issuer -in "$certfile" | sed -e 's/ = /=/g' -e 's/, /,/g' -e 's/issuer=//')
 
-            echo "{\"file\": \"$certfile\", \"starts\": $cert_startdate_epoch, \"expires\": $cert_enddate_epoch, \"algosign\": \"$cert_algosign\", \"issuer_hash\": \"$cert_issuer_hash\", \"subj\": \"$cert_subject\"}"
+            echo "{\"file\": \"$certfile\", \"starts\": $cert_startdate_epoch, \"expires\": $cert_enddate_epoch, \"algosign\": \"$cert_algosign\", \"issuer_hash\": \"$cert_issuer_hash\", \"issuer\": \"$cert_issuer\", \"subj\": \"$cert_subject\"}"
         fi
     fi
 }
@@ -61,10 +62,10 @@ echo '<<<sslcertificates:sep(0)>>>'
 for dir in $CERT_DIRS; do
     if [ -d "$dir" ]; then
         for certfile in "$dir"/*; do
-	    get_cert_info "$certfile"
+            get_cert_info "$certfile"
         done
     else
-	get_cert_info "$dir" 1
+        get_cert_info "$dir" 1
     fi
 done
 

diff --git a/sslcertificates/agents/windows/plugins/sslcertificates.ps1 b/sslcertificates/agents/windows/plugins/sslcertificates.ps1
@@ -10,11 +10,17 @@ foreach ($CertLocation in $CertLocations) {
     ElseIf ($_.Subject) {$subject = $_.Subject}
     Else {$subject = $_.Thumbprint}
 
+    # Reverse issuer, so it starts with e.g. C=US to match the output of the Linux agent.
+    $issuer = $_.Issuer -split ',' | ForEach-Object { $_.Trim() }
+    [array]::Reverse($issuer)
+    $issuer = $issuer -join ','
+
     $data = [ordered]@{
       starts = (New-TimeSpan -Start $UnixEpoch -End $_.NotBefore).TotalSeconds ;
       expires = (New-TimeSpan -Start $UnixEpoch -End $_.NotAfter).TotalSeconds ;
       subj = $subject.Unicode ;
       thumb = $_.Thumbprint ;
+      issuer = $issuer ;
       algosign = $_.SignatureAlgorithm.FriendlyName ;
     }
 

diff --git a/sslcertificates/lib/check_mk/base/plugins/agent_based/sslcertificates.py b/sslcertificates/lib/check_mk/base/plugins/agent_based/sslcertificates.py
@@ -72,6 +72,8 @@ def discover_sslcertificates(params, section):
         sl = []
         if data.get('issuer_hash'):
             sl.append(ServiceLabel(u'sslcertificates/issuer_hash', data['issuer_hash']))
+        if data.get('issuer'):
+            sl.append(ServiceLabel(u'sslcertificates/issuer', data['issuer']))
         if data.get('algosign'):
             sl.append(ServiceLabel(u'sslcertificates/algorithm', data['algosign']))
         yield Service(item=name, labels=sl)