ksmith/OrbitWard
1
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects Releases Wiki Activity

Show TLS certificate validity details

Browse Source 
Include healthy TLS certificate validity in website check messages and show latest website check results in the UI.
This commit is contained in:
Keith Smith
2026-05-23 15:33:54 -06:00
parent 16932957b2
commit a8c160bc05
4 changed files with 68 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
worker/app/collectors/website.py
+27 -10
View File
@@ -28,13 +28,22 @@ class WebsiteCheckResult:
message: str
@dataclass(frozen=True)
class TlsExpiryResult:
status: str
response_time_ms: int
message: str
async def run_website_check(config: WebsiteCheckConfig) -> WebsiteCheckResult:
started = perf_counter()
tls_message: str | None = None
if config.check_tls_expiry:
tls_result = await check_tls_expiry(config.url, config.tls_warning_days, config.timeout_seconds)
if tls_result is not None:
if tls_result.status != "up":
return tls_result
tls_message = tls_result.message
try:
async with httpx.AsyncClient(follow_redirects=True, timeout=config.timeout_seconds) as client:
@@ -61,38 +70,46 @@ async def run_website_check(config: WebsiteCheckConfig) -> WebsiteCheckResult:
response_time_ms=response_time_ms,
message="Unexpected text was present",
)
return WebsiteCheckResult(status="up", response_time_ms=response_time_ms, message="Website check passed")
message = "Website check passed"
if tls_message:
message = f"{message}; {tls_message}"
return WebsiteCheckResult(status="up", response_time_ms=response_time_ms, message=message)
async def check_tls_expiry(url: str, warning_days: int, timeout_seconds: float) -> WebsiteCheckResult | None:
async def check_tls_expiry(url: str, warning_days: int, timeout_seconds: float) -> TlsExpiryResult:
parsed_url = urlparse(url)
if parsed_url.scheme != "https":
return None
return TlsExpiryResult(status="up", response_time_ms=0, message="TLS expiry check skipped for non-HTTPS target")
if not parsed_url.hostname:
return WebsiteCheckResult(status="down", response_time_ms=None, message="TLS check could not determine the hostname")
return TlsExpiryResult(status="down", response_time_ms=0, message="TLS check could not determine the hostname")
started = perf_counter()
try:
expires_at = await _get_certificate_expiry(parsed_url.hostname, parsed_url.port or 443, timeout_seconds)
except (OSError, ssl.SSLError, ValueError) as exc:
return WebsiteCheckResult(status="down", response_time_ms=None, message=f"TLS certificate check failed: {exc}")
return TlsExpiryResult(status="down", response_time_ms=int((perf_counter() - started) * 1000), message=f"TLS certificate check failed: {exc}")
response_time_ms = int((perf_counter() - started) * 1000)
now = datetime.now(UTC)
days_remaining = (expires_at - now).total_seconds() / 86400
days_remaining_text = str(max(0, int(days_remaining)))
if days_remaining < 0:
return WebsiteCheckResult(
return TlsExpiryResult(
status="down",
response_time_ms=response_time_ms,
message=f"TLS certificate expired on {expires_at.date().isoformat()}",
)
if days_remaining <= warning_days:
return WebsiteCheckResult(
return TlsExpiryResult(
status="warning",
response_time_ms=response_time_ms,
message=f"TLS certificate expires in {int(days_remaining)} days on {expires_at.date().isoformat()}",
message=f"TLS certificate expires in {days_remaining_text} days on {expires_at.date().isoformat()}",
)
return None
return TlsExpiryResult(
status="up",
response_time_ms=response_time_ms,
message=f"TLS certificate valid for {days_remaining_text} days until {expires_at.date().isoformat()}",
)
async def _get_certificate_expiry(hostname: str, port: int, timeout_seconds: float) -> datetime: