Created
May 22, 2018 20:29
-
-
Save aziob/8d0487ff68e863b868c4961f5ffac8e7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'openssl' | |
require 'json' | |
require 'uri' | |
require 'syslog/logger' | |
module ApnCertCheck | |
class << self | |
def execute_if_invoked | |
days_until_expiration(cert_name) if invoked? | |
end | |
private | |
def cert_name | |
raise 'The data bag certificate key name is a required argument.' unless ARGV[0] | |
ARGV[0] | |
end | |
def invoked? | |
__FILE__ == $PROGRAM_NAME | |
end | |
def logger | |
Syslog::Logger.new('apn_cert_check') | |
end | |
def fatal(msg) | |
logger.fatal(msg) | |
end | |
def warn(msg) | |
logger.warn(msg) | |
end | |
def info(msg) | |
logger.info(msg) | |
end | |
def fetch_push_config(cert_name) | |
JSON.parse(`sudo -u eventrobot sh -c "cd /var/www/centurion/current && ./script/rails runner -e production \\"puts({'certificate' => Socialcast.feature_config(:notification_services)['production']['#{cert_name}']['certificate'], 'push_endpoint' => URI(Socialcast.feature_config(:device_notifications)['production']['main']['config']['push_endpoint']).host }.to_json)\\"" 2> /dev/null`) | |
end | |
def days_until_expiration(cert_name) | |
push_data = fetch_push_config(cert_name) | |
raise 'This check is only designed to be run on push endpoint hosts' unless push_data['push_endpoint'] == `hostname -f`.strip | |
certificate = OpenSSL::X509::Certificate.new(push_data['certificate']) | |
result = ((certificate.not_after - Time.now.utc) / 86_400).round | |
cert_summary = %Q(The Apple Push Notification Certificate "#{cert_name}" has #{result} days remaining until expiration.) | |
case result | |
when -Float::INFINITY..-1 | |
fatal %Q(APN EXPIRED The Apple Push Notification Certificate "#{cert_name}" expired #{result.abs} days ago.) | |
when 0..30 | |
warn %Q(APN EMERGENCY: #{cert_summary}) | |
when 31..60 | |
warn %Q(APN URGENT: #{cert_summary}) | |
when 61..90 | |
warn %Q(APN WARNING: #{cert_summary}) | |
else | |
info cert_summary | |
end | |
puts result | |
end | |
end | |
end | |
ApnCertCheck.execute_if_invoked |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment