Skip to content

Instantly share code, notes, and snippets.

@YOwatari

YOwatari/go.mod

Last active April 19, 2023 04:43
Show Gist options
  • Save YOwatari/3e268b08b9427b45941f5d3b88dbceb7 to your computer and use it in GitHub Desktop.
Save YOwatari/3e268b08b9427b45941f5d3b88dbceb7 to your computer and use it in GitHub Desktop.
Download ZIP
Get a rough list of domains from route53 and verify the certificate
Raw
go.mod
module gist.github.com/3e268b08b9427b45941f5d3b88dbceb7
go 1.20
require (
github.com/aws/aws-sdk-go-v2 v1.17.8
github.com/aws/aws-sdk-go-v2/config v1.18.21
github.com/aws/aws-sdk-go-v2/service/route53 v1.27.7
golang.org/x/sync v0.1.0
)
require (
github.com/aws/aws-sdk-go-v2/credentials v1.13.20 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 // indirect
github.com/aws/smithy-go v1.13.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
)
Raw
go.sum
github.com/aws/aws-sdk-go-v2 v1.17.8 h1:GMupCNNI7FARX27L7GjCJM8NgivWbRgpjNI/hOQjFS8=
github.com/aws/aws-sdk-go-v2 v1.17.8/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2/config v1.18.21 h1:ENTXWKwE8b9YXgQCsruGLhvA9bhg+RqAsL9XEMEsa2c=
github.com/aws/aws-sdk-go-v2/config v1.18.21/go.mod h1:+jPQiVPz1diRnjj6VGqWcLK6EzNmQ42l7J3OqGTLsSY=
github.com/aws/aws-sdk-go-v2/credentials v1.13.20 h1:oZCEFcrMppP/CNiS8myzv9JgOzq2s0d3v3MXYil/mxQ=
github.com/aws/aws-sdk-go-v2/credentials v1.13.20/go.mod h1:xtZnXErtbZ8YGXC3+8WfajpMBn5Ga/3ojZdxHq6iI8o=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 h1:jOzQAesnBFDmz93feqKnsTHsXrlwWORNZMFHMV+WLFU=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2/go.mod h1:cDh1p6XkSGSwSRIArWRc6+UqAQ7x4alQ0QfpVR6f+co=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 h1:dpbVNUjczQ8Ae3QKHbpHBpfvaVkRdesxpTOe9pTouhU=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32/go.mod h1:RudqOgadTWdcS3t/erPQo24pcVEoYyqj/kKW5Vya21I=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 h1:QH2kOS3Ht7x+u0gHCh06CXL/h6G8LQJFpZfFBYBNboo=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26/go.mod h1:vq86l7956VgFr0/FWQ2BWnK07QC3WYsepKzy33qqY5U=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 h1:HbH1VjUgrCdLJ+4lnnuLI4iVNRvBbBELGaJ5f69ClA8=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33/go.mod h1:zG2FcwjQarWaqXSCGpgcr3RSjZ6dHGguZSppUL0XR7Q=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 h1:uUt4XctZLhl9wBE1L8lobU3bVN8SNUP7T+olb0bWBO4=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26/go.mod h1:Bd4C/4PkVGubtNe5iMXu5BNnaBi/9t/UsFspPt4ram8=
github.com/aws/aws-sdk-go-v2/service/route53 v1.27.7 h1:f/EOUu/Qw1IAMP6GJDzV50/hICt9/JOdhYAjego/8nk=
github.com/aws/aws-sdk-go-v2/service/route53 v1.27.7/go.mod h1:Jhu94omkrksnqX6Xs4Qo10eA1Fx+2NYKjZMU4GvZLp0=
github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 h1:5cb3D6xb006bPTqEfCNaEA6PPEfBXxxy4NNeX/44kGk=
github.com/aws/aws-sdk-go-v2/service/sso v1.12.8/go.mod h1:GNIveDnP+aE3jujyUSH5aZ/rktsTM5EvtKnCqBZawdw=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 h1:NZaj0ngZMzsubWZbrEFSB4rgSQRbFq38Sd6KBxHuOIU=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8/go.mod h1:44qFP1g7pfd+U+sQHLPalAPKnyfTZjJsYR4xIwsJy5o=
github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 h1:Qf1aWwnsNkyAoqDqmdM3nHwN78XQjec27LjM6b9vyfI=
github.com/aws/aws-sdk-go-v2/service/sts v1.18.9/go.mod h1:yyW88BEPXA2fGFyI2KCcZC3dNpiT0CZAHaF+i656/tQ=
github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
Raw
main.go
package main
import (
"context"
"crypto/tls"
"fmt"
"log"
"net"
"os"
"strings"
"sync"
"time"
"golang.org/x/sync/semaphore"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/route53"
"github.com/aws/aws-sdk-go-v2/service/route53/types"
)
func main() {
if len(os.Args) < 2 {
log.Fatalf("usage: %s <zone id>", os.Args[0])
}
zoneID := os.Args[1]
run(zoneID)
}
func run(zoneID string) {
domains := list(zoneID)
var wg sync.WaitGroup
sem := semaphore.NewWeighted(10)
for _, domain := range domains {
wg.Add(1)
_ = sem.Acquire(context.Background(), 1)
domain := domain // captured
go func() {
defer sem.Release(1)
defer wg.Done()
err := check(domain)
if err != nil {
log.Print(err)
}
}()
}
wg.Wait()
}
func list(zoneID string) []string {
log.Printf("listing resource record sets for %s", zoneID)
cfg, err := config.LoadDefaultConfig(context.Background())
if err != nil {
panic(err)
}
r53 := route53.NewFromConfig(cfg)
input := &route53.ListResourceRecordSetsInput{
HostedZoneId: aws.String(zoneID),
}
output, err := r53.ListResourceRecordSets(context.Background(), input)
if err != nil {
log.Fatalf("failed to list resource record sets: %v", err)
return nil
}
ret := make([]string, 0)
for _, record := range output.ResourceRecordSets {
rt := record.Type
if rt == types.RRTypeNs || rt == types.RRTypeA {
name := aws.ToString(record.Name)
name = strings.Replace(name, "\\052.", "", 1)
name = name[:len(name)-1]
ret = append(ret, name)
}
}
return ret
}
func check(domain string) error {
log.Printf("checking %s", domain)
conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:443", domain), time.Second*5)
if err != nil {
if strings.Contains(err.Error(), "no such host") {
return nil
}
return err
}
defer conn.Close()
tlsConf := &tls.Config{
InsecureSkipVerify: true,
ServerName: domain,
}
tlsConn := tls.Client(conn, tlsConf)
if err := tlsConn.Handshake(); err != nil {
return fmt.Errorf("failed to handshake: domain:%s, err:%v", domain, err)
}
defer tlsConn.Close()
certs := tlsConn.ConnectionState().PeerCertificates
if len(certs) > 0 {
cert := certs[0]
currentTime := time.Now().Add(14 * 24 * time.Hour)
if currentTime.Compare(cert.NotBefore) <= 0 || currentTime.Compare(cert.NotAfter) >= 0 {
return fmt.Errorf("certificate is about to expire or not yet valid: domain:%s, before:%s, after:%s", domain, cert.NotBefore, cert.NotAfter)
}
switch cert.Issuer.Organization[0] {
case "Amazon", "Google Trust Services LLC":
return nil
default:
return fmt.Errorf("invalid certificate issuer: domain:%s, issuer:%s", domain, cert.Issuer.Organization[0])
}
}
return fmt.Errorf("no certificate")
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment