refactor: fix many linter warnings
This commit is contained in:
parent
43e4f2a6f0
commit
68b88bc766
7 changed files with 191 additions and 163 deletions
cmd/sslcert
|
@ -4,19 +4,19 @@ import (
|
|||
"bufio"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/textproto"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/karrick/golf"
|
||||
|
||||
"nocternity.net/gomonop/pkg/perfdata"
|
||||
"nocternity.net/gomonop/pkg/plugin"
|
||||
"nocternity.net/gomonop/pkg/program"
|
||||
|
||||
"github.com/karrick/golf"
|
||||
)
|
||||
|
||||
//--------------------------------------------------------------------------------------------------------
|
||||
|
@ -26,7 +26,7 @@ type certGetter interface {
|
|||
getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error)
|
||||
}
|
||||
|
||||
// Full TLS certificate fetcher
|
||||
// Full TLS certificate fetcher.
|
||||
type fullTLSGetter struct{}
|
||||
|
||||
func (f fullTLSGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error) {
|
||||
|
@ -41,17 +41,18 @@ func (f fullTLSGetter) getCertificate(tlsConfig *tls.Config, address string) (*x
|
|||
return conn.ConnectionState().PeerCertificates[0], nil
|
||||
}
|
||||
|
||||
// SMTP+STARTTLS certificate getter
|
||||
// SMTP+STARTTLS certificate getter.
|
||||
type smtpGetter struct{}
|
||||
|
||||
func (f smtpGetter) cmd(tcon *textproto.Conn, expectCode int, text string) (int, string, error) {
|
||||
func (f smtpGetter) cmd(tcon *textproto.Conn, expectCode int, text string) error {
|
||||
id, err := tcon.Cmd("%s", text)
|
||||
if err != nil {
|
||||
return 0, "", err
|
||||
return err
|
||||
}
|
||||
tcon.StartResponse(id)
|
||||
defer tcon.EndResponse(id)
|
||||
return tcon.ReadResponse(expectCode)
|
||||
_, _, err = tcon.ReadResponse(expectCode)
|
||||
return err
|
||||
}
|
||||
|
||||
func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error) {
|
||||
|
@ -64,10 +65,10 @@ func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509
|
|||
if _, _, err := text.ReadResponse(220); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, _, err := f.cmd(text, 250, "HELO localhost"); err != nil {
|
||||
if err := f.cmd(text, 250, "HELO localhost"); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, _, err := f.cmd(text, 220, "STARTTLS"); err != nil {
|
||||
if err := f.cmd(text, 220, "STARTTLS"); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
t := tls.Client(conn, tlsConfig)
|
||||
|
@ -77,9 +78,17 @@ func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509
|
|||
return t.ConnectionState().PeerCertificates[0], nil
|
||||
}
|
||||
|
||||
// ManageSieve STARTTLS certificate getter
|
||||
// ManageSieve STARTTLS certificate getter.
|
||||
type sieveGetter struct{}
|
||||
|
||||
type sieveError struct {
|
||||
msg string
|
||||
}
|
||||
|
||||
func (e sieveError) Error() string {
|
||||
return "Sieve error: " + e.msg
|
||||
}
|
||||
|
||||
func (f sieveGetter) waitOK(conn net.Conn) error {
|
||||
scanner := bufio.NewScanner(conn)
|
||||
for scanner.Scan() {
|
||||
|
@ -88,10 +97,10 @@ func (f sieveGetter) waitOK(conn net.Conn) error {
|
|||
return nil
|
||||
}
|
||||
if strings.HasPrefix(line, "NO ") {
|
||||
return errors.New(line[3:])
|
||||
return sieveError{msg: line[3:]}
|
||||
}
|
||||
if strings.HasPrefix(line, "BYE ") {
|
||||
return errors.New(line[4:])
|
||||
return sieveError{msg: line[4:]}
|
||||
}
|
||||
}
|
||||
return scanner.Err()
|
||||
|
@ -123,23 +132,23 @@ func (f sieveGetter) getCertificate(tlsConfig *tls.Config, address string) (*x50
|
|||
return t.ConnectionState().PeerCertificates[0], nil
|
||||
}
|
||||
|
||||
// Supported StartTLS protocols
|
||||
var certGetters map[string]certGetter = map[string]certGetter{
|
||||
// Supported StartTLS protocols.
|
||||
var certGetters = map[string]certGetter{
|
||||
"": fullTLSGetter{},
|
||||
"smtp": &smtpGetter{},
|
||||
"sieve": &sieveGetter{},
|
||||
}
|
||||
|
||||
// Get a string that represents supported StartTLS protocols
|
||||
// Get a string that represents supported StartTLS protocols.
|
||||
func listSupportedGetters() string {
|
||||
sb := strings.Builder{}
|
||||
strBuilder := strings.Builder{}
|
||||
for key := range certGetters {
|
||||
if sb.Len() != 0 {
|
||||
sb.WriteString(", ")
|
||||
if strBuilder.Len() != 0 {
|
||||
strBuilder.WriteString(", ")
|
||||
}
|
||||
sb.WriteString(key)
|
||||
strBuilder.WriteString(key)
|
||||
}
|
||||
return sb.String()
|
||||
return strBuilder.String()
|
||||
}
|
||||
|
||||
//--------------------------------------------------------------------------------------------------------
|
||||
|
@ -227,7 +236,7 @@ func (program *checkProgram) CheckArguments() bool {
|
|||
return false
|
||||
}
|
||||
if _, ok := certGetters[program.startTLS]; !ok {
|
||||
errstr := fmt.Sprintf("unsupported StartTLS protocol %s", program.startTLS)
|
||||
errstr := "unsupported StartTLS protocol " + program.startTLS
|
||||
program.plugin.SetState(plugin.UNKNOWN, errstr)
|
||||
return false
|
||||
}
|
||||
|
@ -239,6 +248,7 @@ func (program *checkProgram) CheckArguments() bool {
|
|||
// if connecting or performing the TLS handshake fail.
|
||||
func (program *checkProgram) getCertificate() error {
|
||||
tlsConfig := &tls.Config{
|
||||
//nolint:gosec // The whole point is to read the certificate.
|
||||
InsecureSkipVerify: true,
|
||||
MinVersion: tls.VersionTLS10,
|
||||
}
|
||||
|
@ -273,7 +283,7 @@ func (program *checkProgram) checkHostName(name string) bool {
|
|||
return true
|
||||
}
|
||||
}
|
||||
program.plugin.AddLine(fmt.Sprintf("missing DNS name %s in certificate", name))
|
||||
program.plugin.AddLine("missing DNS name " + name + " in certificate")
|
||||
return false
|
||||
}
|
||||
|
||||
|
@ -283,35 +293,41 @@ func (program *checkProgram) checkNames() bool {
|
|||
if len(program.certificate.DNSNames) == 0 {
|
||||
return program.checkSANlessCertificate()
|
||||
}
|
||||
ok := program.checkHostName(program.hostname)
|
||||
certificateIsOk := program.checkHostName(program.hostname)
|
||||
for _, name := range program.extraNames {
|
||||
ok = program.checkHostName(name) && ok
|
||||
certificateIsOk = program.checkHostName(name) && certificateIsOk
|
||||
}
|
||||
if !ok {
|
||||
if !certificateIsOk {
|
||||
program.plugin.SetState(plugin.CRITICAL, "names missing from SAN domain names")
|
||||
}
|
||||
return ok
|
||||
return certificateIsOk
|
||||
}
|
||||
|
||||
// Check a certificate's time to expiry agains the warning and critical
|
||||
// Check a certificate's time to expiry against the warning and critical
|
||||
// thresholds, returning a status code and description based on these
|
||||
// values.
|
||||
func (program *checkProgram) checkCertificateExpiry(tlDays int) (plugin.Status, string) {
|
||||
if tlDays <= 0 {
|
||||
return plugin.CRITICAL, "certificate expired"
|
||||
}
|
||||
|
||||
var limitStr string
|
||||
var state plugin.Status
|
||||
if program.crit > 0 && tlDays <= program.crit {
|
||||
|
||||
switch {
|
||||
case program.crit > 0 && tlDays <= program.crit:
|
||||
limitStr = fmt.Sprintf(" (<= %d)", program.crit)
|
||||
state = plugin.CRITICAL
|
||||
} else if program.warn > 0 && tlDays <= program.warn {
|
||||
|
||||
case program.warn > 0 && tlDays <= program.warn:
|
||||
limitStr = fmt.Sprintf(" (<= %d)", program.warn)
|
||||
state = plugin.WARNING
|
||||
} else {
|
||||
|
||||
default:
|
||||
limitStr = ""
|
||||
state = plugin.OK
|
||||
}
|
||||
|
||||
statusString := fmt.Sprintf("certificate will expire in %d days%s",
|
||||
tlDays, limitStr)
|
||||
return state, statusString
|
||||
|
@ -320,12 +336,12 @@ func (program *checkProgram) checkCertificateExpiry(tlDays int) (plugin.Status,
|
|||
// Set the plugin's performance data based on the time left before the
|
||||
// certificate expires and the thresholds.
|
||||
func (program *checkProgram) setPerfData(tlDays int) {
|
||||
pdat := perfdata.New("validity", perfdata.UOM_NONE, fmt.Sprintf("%d", tlDays))
|
||||
pdat := perfdata.New("validity", perfdata.UomNone, strconv.Itoa(tlDays))
|
||||
if program.crit > 0 {
|
||||
pdat.SetCrit(perfdata.PDRMax(fmt.Sprint(program.crit)))
|
||||
pdat.SetCrit(perfdata.PDRMax(strconv.Itoa(program.crit)))
|
||||
}
|
||||
if program.warn > 0 {
|
||||
pdat.SetWarn(perfdata.PDRMax(fmt.Sprint(program.warn)))
|
||||
pdat.SetWarn(perfdata.PDRMax(strconv.Itoa(program.warn)))
|
||||
}
|
||||
program.plugin.AddPerfData(pdat)
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue