Puppet Function: cert_date_valid

Defined in:

lib/puppet/functions/cert_date_valid.rb

Function type:

Ruby 4.x API

Summary

Checks SSL cetificate date validity.

Overview

cert_date_valid(String *$certfile) ⇒ Any

Parameter: path to ssl certificate

Parameters:

• *certfile (String) —

  The certificate file to check.

Returns:

• (Any) —

  false if the certificate is expired or not yet valid,

# File 'lib/puppet/functions/cert_date_valid.rb', line 7

Puppet::Functions.create_function(:cert_date_valid) do
  # @param certfile The certificate file to check.
  #
  # @return false if the certificate is expired or not yet valid,
  # or the number of seconds the certificate is still valid for.
  #
  dispatch :valid? do
    repeated_param 'String', :certfile
  end

  def valid?(certfile)
    require 'time'
    require 'openssl'

    content = File.read(certfile)
    cert = OpenSSL::X509::Certificate.new(content)

    if cert.not_before.nil? && cert.not_after.nil?
      raise 'No date found in certificate'
    end

    now = Time.now

    if now > cert.not_after
      # certificate is expired
      false
    elsif now < cert.not_before
      # certificate is not yet valid
      false
    elsif cert.not_after <= cert.not_before
      # certificate will never be valid
      false
    else
      # return number of seconds certificate is still valid for
      (cert.not_after - now).to_i
    end
  end
end