22//
33// go run certcheck.go https://chrisshort.net
44//
5- // go run certcheck.go https://chrisshort.net 30
6- //
7-
5+ // go run certcheck.go https://chrisshort.net
86package main
97
108import (
@@ -29,9 +27,11 @@ func main() {
2927 os .Exit (1 )
3028 }
3129
30+ // Parse the URL and number of days
3231 url := os .Args [1 ]
3332 var days int = - 1 // Default value if days argument is not provided
3433
34+ // Check if the number of days argument is provided
3535 if len (os .Args ) == 3 {
3636 daysStr := os .Args [2 ]
3737 var err error
@@ -44,19 +44,22 @@ func main() {
4444
4545 tr := & http.Transport {
4646 TLSClientConfig : & tls.Config {
47- InsecureSkipVerify : true , // allow self-signed certificates
47+ // This is required to allow self-signed certificates
48+ InsecureSkipVerify : true ,
4849 },
4950 }
5051
5152 client := & http.Client {Transport : tr }
5253
54+ // Check if the URL is valid
5355 resp , err := client .Get (url )
5456 if err != nil {
5557 fmt .Printf ("Error connecting to %s: %s\n " , url , err )
5658 os .Exit (1 )
5759 }
5860 defer resp .Body .Close ()
5961
62+ // Check if the response was successful
6063 certs := resp .TLS .PeerCertificates
6164 var validChain bool = true
6265 for i := 0 ; i < len (certs )- 1 ; i ++ {
@@ -72,6 +75,7 @@ func main() {
7275 fmt .Printf ("Valid from: %s\n " , cert .NotBefore )
7376 fmt .Printf ("Valid until: %s" , cert .NotAfter )
7477
78+ // Check if the certificate is expired
7579 if days != - 1 {
7680 daysLeft := int (time .Until (cert .NotAfter ).Hours () / 24 )
7781 if daysLeft <= days {
@@ -90,6 +94,12 @@ func main() {
9094 fmt .Printf ("IP Addresses: %v\n " , cert .IPAddresses )
9195 fmt .Printf ("Signature algorithm: %s\n " , cert .SignatureAlgorithm .String ())
9296
97+ // Obtain the cipher information
98+ state := resp .TLS
99+ if state != nil {
100+ fmt .Printf ("Cipher in use: %s\n " , tls .CipherSuiteName (state .CipherSuite ))
101+ }
102+
93103 // Print KeyUsage information if available
94104 if cert .KeyUsage != 0 {
95105 fmt .Println ("KeyUsage:" )
@@ -100,9 +110,16 @@ func main() {
100110 fingerprint := sha256 .Sum256 (cert .Raw )
101111 fmt .Printf ("Fingerprint (SHA-256): %s\n " , hex .EncodeToString (fingerprint [:]))
102112
113+ // Check if the HSTS header is present
114+ hstsHeader := resp .Header .Get ("Strict-Transport-Security" )
115+ if hstsHeader != "" {
116+ fmt .Println ("HSTS Header:" , hstsHeader )
117+ }
118+
103119 fmt .Println ("-----" )
104120 }
105121
122+ // Print the validity of the certificate chain
106123 if validChain {
107124 color .Set (color .Bold , color .FgGreen )
108125 fmt .Println ("Certificate chain is valid and in the correct order." )
@@ -112,6 +129,7 @@ func main() {
112129 }
113130}
114131
132+ // printKeyUsage prints the key usage flags of a certificate.
115133func printKeyUsage (keyUsage x509.KeyUsage ) {
116134 usageStrings := []string {
117135 "Digital Signature" ,
@@ -125,13 +143,15 @@ func printKeyUsage(keyUsage x509.KeyUsage) {
125143 "Decipher Only" ,
126144 }
127145
146+ // Print the key usage flags of a certificate.
128147 for i , usage := range usageStrings {
129148 if keyUsage & (1 << i ) != 0 {
130149 fmt .Printf ("- %s\n " , usage )
131150 }
132151 }
133152}
134153
154+ // parseDays parses the number of days from a string.
135155func parseDays (daysStr string ) (int , error ) {
136156 days , err := strconv .Atoi (daysStr )
137157 if err != nil {
0 commit comments