Add TLS certs expiration metric

2020-12-18 18:44:03 +01:00 · 2020-12-18 18:44:03 +01:00 · a3327c4430
commit a3327c4430
parent 3140a4e0cd
15 changed files with 291 additions and 62 deletions
--- a/pkg/tls/certificate_store.go
+++ b/pkg/tls/certificate_store.go
@ -56,15 +56,16 @@ func (c CertificateStore) getDefaultCertificateDomains() []string {

 // GetAllDomains return a slice with all the certificate domain.
 func (c CertificateStore) GetAllDomains() []string {
-	allCerts := c.getDefaultCertificateDomains()
+	allDomains := c.getDefaultCertificateDomains()

 	// Get dynamic certificates
 	if c.DynamicCerts != nil && c.DynamicCerts.Get() != nil {
-		for domains := range c.DynamicCerts.Get().(map[string]*tls.Certificate) {
-			allCerts = append(allCerts, domains)
+		for domain := range c.DynamicCerts.Get().(map[string]*tls.Certificate) {
+			allDomains = append(allDomains, domain)
 		}
 	}
-	return allCerts
+
+	return allDomains
 }

 // GetBestCertificate returns the best match certificate, and caches the response.
--- a/pkg/tls/tlsmanager.go
+++ b/pkg/tls/tlsmanager.go
@ -131,6 +131,27 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) {
 	return tlsConfig, err
 }

+// GetCertificates returns all stored certificates.
+func (m *Manager) GetCertificates() []*x509.Certificate {
+	var certificates []*x509.Certificate
+
+	// We iterate over all the certificates.
+	for _, store := range m.stores {
+		if store.DynamicCerts != nil && store.DynamicCerts.Get() != nil {
+			for _, cert := range store.DynamicCerts.Get().(map[string]*tls.Certificate) {
+				x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
+				if err != nil {
+					continue
+				}
+
+				certificates = append(certificates, x509Cert)
+			}
+		}
+	}
+
+	return certificates
+}
+
 func (m *Manager) getStore(storeName string) *CertificateStore {
 	_, ok := m.stores[storeName]
 	if !ok {