aziob/apn_cert_checker.rb

## apn_cert_checker.rb
#!/usr/bin/env ruby
require 'openssl'
require 'json'
require 'uri'
require 'syslog/logger'

module ApnCertCheck

  class << self
    def execute_if_invoked
      days_until_expiration(cert_name) if invoked?
    end

    private

    def cert_name
      raise 'The data bag certificate key name is a required argument.' unless ARGV[0]
      ARGV[0]
    end

    def invoked?
      __FILE__ == $PROGRAM_NAME
    end

    def logger
      Syslog::Logger.new('apn_cert_check')
    end

    def fatal(msg)
      logger.fatal(msg)
    end

    def warn(msg)
      logger.warn(msg)
    end

    def info(msg)
      logger.info(msg)
    end

    def fetch_push_config(cert_name)
      JSON.parse(`sudo -u eventrobot sh -c "cd /var/www/centurion/current && ./script/rails runner -e production \\"puts({'certificate' => Socialcast.feature_config(:notification_services)['production']['#{cert_name}']['certificate'], 'push_endpoint' => URI(Socialcast.feature_config(:device_notifications)['production']['main']['config']['push_endpoint']).host }.to_json)\\"" 2> /dev/null`)
    end

    def days_until_expiration(cert_name)
      push_data = fetch_push_config(cert_name)
      raise 'This check is only designed to be run on push endpoint hosts' unless push_data['push_endpoint'] == `hostname -f`.strip
      certificate = OpenSSL::X509::Certificate.new(push_data['certificate'])
      result = ((certificate.not_after - Time.now.utc) / 86_400).round
      cert_summary = %Q(The Apple Push Notification Certificate "#{cert_name}" has #{result} days remaining until expiration.)
      case result
      when -Float::INFINITY..-1
        fatal %Q(APN EXPIRED The Apple Push Notification Certificate "#{cert_name}" expired #{result.abs} days ago.)
      when 0..30
        warn %Q(APN EMERGENCY: #{cert_summary})
      when 31..60
        warn %Q(APN URGENT: #{cert_summary})
      when 61..90
        warn %Q(APN WARNING: #{cert_summary})
      else
        info cert_summary
      end
      puts result
    end
  end
end

ApnCertCheck.execute_if_invoked
	#!/usr/bin/env ruby
	require 'openssl'
	require 'json'
	require 'uri'
	require 'syslog/logger'

	module ApnCertCheck

	class << self
	def execute_if_invoked
	days_until_expiration(cert_name) if invoked?
	end

	private

	def cert_name
	raise 'The data bag certificate key name is a required argument.' unless ARGV[0]
	ARGV[0]
	end

	def invoked?
	__FILE__ == $PROGRAM_NAME
	end

	def logger
	Syslog::Logger.new('apn_cert_check')
	end

	def fatal(msg)
	logger.fatal(msg)
	end

	def warn(msg)
	logger.warn(msg)
	end

	def info(msg)
	logger.info(msg)
	end

	def fetch_push_config(cert_name)
	JSON.parse(`sudo -u eventrobot sh -c "cd /var/www/centurion/current && ./script/rails runner -e production \\"puts({'certificate' => Socialcast.feature_config(:notification_services)['production']['#{cert_name}']['certificate'], 'push_endpoint' => URI(Socialcast.feature_config(:device_notifications)['production']['main']['config']['push_endpoint']).host }.to_json)\\"" 2> /dev/null`)
	end

	def days_until_expiration(cert_name)
	push_data = fetch_push_config(cert_name)
	raise 'This check is only designed to be run on push endpoint hosts' unless push_data['push_endpoint'] == `hostname -f`.strip
	certificate = OpenSSL::X509::Certificate.new(push_data['certificate'])
	result = ((certificate.not_after - Time.now.utc) / 86_400).round
	cert_summary = %Q(The Apple Push Notification Certificate "#{cert_name}" has #{result} days remaining until expiration.)
	case result
	when -Float::INFINITY..-1
	fatal %Q(APN EXPIRED The Apple Push Notification Certificate "#{cert_name}" expired #{result.abs} days ago.)
	when 0..30
	warn %Q(APN EMERGENCY: #{cert_summary})
	when 31..60
	warn %Q(APN URGENT: #{cert_summary})
	when 61..90
	warn %Q(APN WARNING: #{cert_summary})
	else
	info cert_summary
	end
	puts result
	end
	end
	end

	ApnCertCheck.execute_if_invoked