Net-SSL-ExpireDate-1.25000755004002004002 014703434541 15122 5ustar00hirose31hirose31000000000000README100644004002004002 553114703434541 16067 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25NAME Net::SSL::ExpireDate - obtain expiration date of certificate SYNOPSIS use Net::SSL::ExpireDate; $ed = Net::SSL::ExpireDate->new( https => 'example.com' ); $ed = Net::SSL::ExpireDate->new( https => 'example.com:10443' ); $ed = Net::SSL::ExpireDate->new( ssl => 'example.com:465' ); # smtps $ed = Net::SSL::ExpireDate->new( ssl => 'example.com:995' ); # pop3s $ed = Net::SSL::ExpireDate->new( file => '/etc/ssl/cert.pem' ); if (defined $ed->expire_date) { # do something $expire_date = $ed->expire_date; # return DateTime instance $expired = $ed->is_expired; # examine already expired $expired = $ed->is_expired('2 months'); # will expire after 2 months $expired = $ed->is_expired(DateTime::Duration->new(months=>2)); # ditto } DESCRIPTION Net::SSL::ExpireDate get certificate from network (SSL) or local file and obtain its expiration date. METHODS new $ed = Net::SSL::ExpireDate->new( %option ) This method constructs a new "Net::SSL::ExpireDate" instance and returns it. %option is to specify certificate. KEY VALUE ---------------------------- ssl "hostname[:port]" https (same as above ssl) file "path/to/certificate" timeout "Timeout in seconds" sni "Server Name Indicator" expire_date $expire_date = $ed->expire_date; Return expiration date by "DateTime" instance. begin_date $begin_date = $ed->begin_date; Return beginning date by "DateTime" instance. not_after Synonym for expire_date. not_before Synonym for begin_date. is_expired $expired = $ed->is_expired; Obtain already expired or not. You can specify interval to obtain will expire on the future time. Acceptable intervals are human readable string (parsed by "Time::Duration::Parse") and "DateTime::Duration" instance. # will expire after 2 months $expired = $ed->is_expired('2 months'); $expired = $ed->is_expired(DateTime::Duration->new(months=>2)); type return type of examinee certificate. "ssl" or "file". target return hostname or path of examinee certificate. BUGS AND LIMITATIONS No bugs have been reported. Please report any bugs or feature requests to bug-net-ssl-expiredate@rt.cpan.org, or through the web interface at http://rt.cpan.org. AUTHOR HIROSE Masaaki REPOSITORY http://github.com/hirose31/net-ssl-expiredate git clone git://github.com/hirose31/net-ssl-expiredate.git patches and collaborators are welcome. SEE ALSO COPYRIGHT & LICENSE Copyright HIROSE Masaaki This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. Changes100644004002004002 527514703434541 16507 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25Revision history for Net-SSL-ExpireDate 1.25 2024-10-15 09:43:57+00:00 UTC [NO FEATURE CHANGES] - Change build system 1.24 2022-06-22 * Add extension ec_point_formats ref: #14 * Refactor: add notes on TLS protocol 1.23 2022-02-02 * Adding support for SNI ref: #13 1.22 2021-10-11 * Update expire date in test cases ref: #12 1.21 2020-06-15 * "record type is SSL3_AL_FATAL" occurred (added suppoted groups) #9 1.20 2017-02-07 * Update expire date in test cases ref: #6 1.19 2017-01-13 * Add some SSL extensions (signature_algorithms, heartbeat) ref: https://rt.cpan.org/Ticket/Display.html?id=118163 1.18 2017-01-10 * Fix handling servername (SNI) contains numeric character ref: issue #5 1.17 2016-01-22 * Update certificate for t/02.file.t ref: https://rt.cpan.org/Public/Bug/Display.html?id=111353 1.16 2016-01-12 * Add modern cipher suites and change SSLv3 to TLSv1 #2 1.15 2015-12-09 * Remove debugging code 1.14 2015-12-09 * Process SSL3_RT_ALERT correctly ref: https://rt.cpan.org/Public/Bug/Display.html?id=110171 * update expire date of test case 1.13 2015-04-17 * Just update a certificates 1.12 2014-06-03 * Support SNI (Server Name Indication) extension ref: https://rt.cpan.org/Public/Bug/Display.html?id=94573 1.11 2013-04-30 * Support TLS v1.2 1.10 2011-03-16 * no feature changes * use UNIVERSAL::require instead of eval EXPR * update expire date of test case 1.09 2010-11-08 * support timeout. (thanks http://sharl.haun.org/d/2010110801) 1.08 2010-10-22 * fixed require IO::Socket::INET. 1.07 2010-10-21 * use IO::Socket::INET6 instead of ::INET if available. (thanks https://rt.cpan.org/Public/Bug/Display.html?id=62236 ) 1.06 2009-06-30 * change test URL. (01.https_client-auth.t) * move some tests to xt. 1.05 2008-05-01 * support https which requires client authentication. now, Net-SSL-ExpireDate talks SSL protocol directly not using OpenSSL. inspired: keepalived-extcheck, SSL_HELLO http://lab.klab.org/modules/mediawiki/index.php/Software#keepalived-extcheck (thanks: yasui0906) 1.04 2007-04-12 * require IO::Socket::SSL >= 0.99. because IO::Socket::SSL < 0.98 cause segmentation fault. (thanks: tokuhirom) 1.03 2007-03-01 * replace "https" (keyword in constructor) with "ssl". you can check SMTP over SSL: "ssl => 'example.com:465'" without incongruity. ;p) (thanks: mizzy) 1.02 2006-11-26 * neither functional changes nor bug fixes. * fixed module dependence. 1.01 2006-11-22 * added sample scripts to "samples" directory. * added new getter methods: ExpireDate#type and #target. 1.00 2006-11-18 * Initial release. LICENSE100644004002004002 4655314703434541 16245 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25This software is copyright (c) 2024 by HIROSE Masaaki . This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2024 by HIROSE Masaaki . This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Perl Artistic License 1.0 --- This software is Copyright (c) 2024 by HIROSE Masaaki . This is free software, licensed under: The Perl Artistic License 1.0 The "Artistic License" Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder as specified below. "Copyright Holder" is whoever is named in the copyright or copyrights for the package. "You" is you, if you're thinking about copying or distributing this Package. "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as uunet.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) give non-standard executables non-standard names, and clearly document the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. You may embed this Package's interpreter within an executable of yours (by linking); this shall be construed as a mere form of aggregation, provided that the complete Standard Version of the interpreter is so embedded. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whoever generated them, and may be sold commercially, and may be aggregated with this Package. If such scripts or library files are aggregated with this Package via the so-called "undump" or "unexec" methods of producing a binary executable image, then distribution of such an image shall neither be construed as a distribution of this Package nor shall it fall under the restrictions of Paragraphs 3 and 4, provided that you do not represent such an executable image as a Standard Version of this Package. 7. C subroutines (or comparably compiled subroutines in other languages) supplied by you and linked into this Package in order to emulate subroutines and variables of the language defined by this Package shall not be considered part of this Package, but are the equivalent of input as in Paragraph 6, provided these subroutines do not change the language in any way that would cause it to fail the regression tests for the language. 8. Aggregation of this Package with a commercial distribution is always permitted provided that the use of this Package is embedded; that is, when no overt attempt is made to make this Package's interfaces visible to the end user of the commercial distribution. Such use shall not be construed as a distribution of this Package. 9. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End cpanfile100644004002004002 143514703434541 16712 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25# -*- mode: cperl -*- requires 'perl', '5.008005'; requires 'Class::Accessor'; requires 'IO::Socket'; requires 'Crypt::OpenSSL::X509'; requires 'Date::Parse'; requires 'DateTime'; requires 'DateTime::Duration'; requires 'Time::Duration::Parse'; requires 'UNIVERSAL::require'; on configure => sub { requires 'Module::Build::Tiny', '0.039'; }; on develop => sub { requires 'App::scan_prereqs_cpanfile', '0.09'; requires 'Pod::Wordlist'; requires 'Test::Fixme'; requires 'Test::Kwalitee'; requires 'Test::Kwalitee::Extra'; requires 'Test::Spelling', '0.12'; requires 'Test::More', '0.96'; requires 'Test::Pod'; requires 'Test::Vars'; requires 'Test::Perl::Critic'; }; on test => sub { requires 'Test::More', '0.96'; requires 'Test::Base'; }; dist.ini100644004002004002 43114703434541 16625 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25name = Net-SSL-ExpireDate author = HIROSE Masaaki license = Perl_5 copyright_holder = HIROSE Masaaki copyright_year = 2024 [@Filter] -bundle = @Milla -remove = PodSyntaxTests -remove = NextRelease [NextRelease] time_zone = UTC [MetaProvides::Package] Build.PL100644004002004002 27214703434541 16460 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25# This Build.PL for Net-SSL-ExpireDate was generated by Dist::Zilla::Plugin::ModuleBuildTiny 0.017. use strict; use warnings; use 5.008005; use Module::Build::Tiny 0.034; Build_PL(); META.yml100644004002004002 275614703434541 16466 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25--- abstract: 'obtain expiration date of certificate' author: - 'HIROSE Masaaki ' build_requires: Test::Base: '0' Test::More: '0.96' configure_requires: Module::Build::Tiny: '0.039' dynamic_config: 0 generated_by: 'Dist::Milla version v1.0.22, Dist::Zilla version 6.032, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Net-SSL-ExpireDate no_index: directory: - eg - examples - inc - share - t - xt provides: Net::SSL::ExpireDate: file: lib/Net/SSL/ExpireDate.pm version: '1.25' requires: Class::Accessor: '0' Crypt::OpenSSL::X509: '0' Date::Parse: '0' DateTime: '0' DateTime::Duration: '0' IO::Socket: '0' Time::Duration::Parse: '0' UNIVERSAL::require: '0' perl: '5.008005' resources: bugtracker: https://github.com/hirose31/Net-SSL-ExpireDate/issues homepage: https://github.com/hirose31/Net-SSL-ExpireDate repository: https://github.com/hirose31/Net-SSL-ExpireDate.git version: '1.25' x_contributors: - '68user ' - 'antonc42 ' - 'Dan Conway ' - 'hirose31 ' - 'HIROSE Masaaki ' - 'Jamie Hill ' x_generated_by_perl: v5.34.0 x_serialization_backend: 'YAML::Tiny version 1.73' x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later' x_static_install: 1 MANIFEST100644004002004002 110614703434541 16332 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.032. Build.PL Changes LICENSE MANIFEST META.json META.yml README cpanfile dist.ini lib/Net/SSL/ExpireDate.pm sample/cert-expire.t sample/cert-list.txt sample/check-cert-expire.pl t/00.load.t t/00_compile.t t/01.https.t t/01.https_client-auth.t t/01_new.t t/02.file.t t/03.accessor.t t/04.ssl.t t/Util.pm t/author-critic.t t/author-dependencies.t t/author-pod-spell.t t/cert.pem t/perlcriticrc t/release-fixme.t t/release-kwalitee-extra.t t/release-kwalitee.t t/release-pod-syntax.t t/release-unused-vars.t t000755004002004002 014703434541 15306 5ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25Util.pm100644004002004002 73014703434541 16701 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/tpackage t::Util; use strict; use warnings; use base qw(Exporter); our @EXPORT = qw(p); use Data::Dumper; sub p($) { local $Data::Dumper::Indent = 1; local $Data::Dumper::Deepcopy = 1; local $Data::Dumper::Sortkeys = 1; local $Data::Dumper::Terse = 1; local $Data::Dumper::Useqq = 1; local $Data::Dumper::Quotekeys = 0; my $d = Dumper($_[0]); $d =~ s/\\x\{([0-9a-z]+)\}/chr(hex($1))/ge; print STDERR $d; } 1; __END__ META.json100644004002004002 541314703434541 16627 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25{ "abstract" : "obtain expiration date of certificate", "author" : [ "HIROSE Masaaki " ], "dynamic_config" : 0, "generated_by" : "Dist::Milla version v1.0.22, Dist::Zilla version 6.032, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Net-SSL-ExpireDate", "no_index" : { "directory" : [ "eg", "examples", "inc", "share", "t", "xt" ] }, "prereqs" : { "configure" : { "requires" : { "Module::Build::Tiny" : "0.039" } }, "develop" : { "requires" : { "App::scan_prereqs_cpanfile" : "0.09", "Dist::Milla" : "v1.0.22", "Pod::Wordlist" : "0", "Test::Fixme" : "0", "Test::Kwalitee" : "0", "Test::Kwalitee::Extra" : "0", "Test::More" : "0.96", "Test::Perl::Critic" : "0", "Test::Pod" : "0", "Test::Spelling" : "0.12", "Test::Vars" : "0" } }, "runtime" : { "requires" : { "Class::Accessor" : "0", "Crypt::OpenSSL::X509" : "0", "Date::Parse" : "0", "DateTime" : "0", "DateTime::Duration" : "0", "IO::Socket" : "0", "Time::Duration::Parse" : "0", "UNIVERSAL::require" : "0", "perl" : "5.008005" } }, "test" : { "requires" : { "Test::Base" : "0", "Test::More" : "0.96" } } }, "provides" : { "Net::SSL::ExpireDate" : { "file" : "lib/Net/SSL/ExpireDate.pm", "version" : "1.25" } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "https://github.com/hirose31/Net-SSL-ExpireDate/issues" }, "homepage" : "https://github.com/hirose31/Net-SSL-ExpireDate", "repository" : { "type" : "git", "url" : "https://github.com/hirose31/Net-SSL-ExpireDate.git", "web" : "https://github.com/hirose31/Net-SSL-ExpireDate" } }, "version" : "1.25", "x_contributors" : [ "68user ", "antonc42 ", "Dan Conway ", "hirose31 ", "HIROSE Masaaki ", "Jamie Hill " ], "x_generated_by_perl" : "v5.34.0", "x_serialization_backend" : "Cpanel::JSON::XS version 4.27", "x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later", "x_static_install" : 1 } 01_new.t100644004002004002 41114703434541 16700 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/tuse strict; use Test::More; use FindBin; use lib "$FindBin::Bin/.."; use t::Util; require Net::SSL::ExpireDate; Net::SSL::ExpireDate->import; note("new"); my $obj = new_ok("Net::SSL::ExpireDate" => [ https => 'badssl.com' ]); # diag explain $obj done_testing; 04.ssl.t100644004002004002 362014703434541 16657 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t# -*- mode: cperl; -*- use Test::Base; use Net::SSL::ExpireDate; if ($ENV{TEST_HTTPS}) { plan tests => 7 * blocks; } else { plan skip_all => 'set TEST_HTTPS=1 if you want to test https access'; } filters { expire_date => [qw(eval)], begin_date => [qw(eval)], not_after => [qw(eval)], not_before => [qw(eval)], is_expired => [qw(eval)], }; our %NOT_BEFORE = ( year => 2024, month => 8, day => 9, hour => 15, minute => 5, second => 44, time_zone => 'UTC' ); our %NOT_AFTER = ( year => 2024, month => 11, day => 7, hour => 15, minute => 5, second => 43, time_zone => 'UTC' ); run { my $block = shift; my $ed = Net::SSL::ExpireDate->new( ssl => $block->input ); my $expire_date = $ed->expire_date; is_deeply $expire_date, $block->expire_date, 'expire_date'; my $begin_date = $ed->begin_date; is_deeply $begin_date, $block->begin_date, 'begin_date'; my $not_after = $ed->not_after; is_deeply $not_after, $block->not_after, 'not_after'; my $not_before = $ed->not_before; is_deeply $not_before, $block->not_before, 'not_before'; my $is_expired = $ed->is_expired; is $is_expired, $block->is_expired, 'is_expired'; my $will_expired; $will_expired = $ed->is_expired('10 years'); is $will_expired, $block->will_expired, 'will_expired string'; $will_expired = $ed->is_expired(DateTime::Duration->new(years=>10)); is $will_expired, $block->will_expired, 'will_expired DateTime::Duration'; } __END__ === badssl.com --- input: badssl.com --- expire_date DateTime->new(%main::NOT_AFTER); --- begin_date DateTime->new(%main::NOT_BEFORE); --- not_after DateTime->new(%main::NOT_AFTER); --- not_before DateTime->new(%main::NOT_BEFORE); --- is_expired: undef --- will_expired: 1 cert.pem100644004002004002 222414703434541 17106 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t-----BEGIN CERTIFICATE----- MIIDNDCCAhwCCQCy6QPx9BDeszANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJK UDEOMAwGA1UECAwFVG9reW8xEzARBgNVBAcMClNoaWJ1eWEta3UxDjAMBgNVBAoM BUlST1JJMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMTcwMjA3MDMzMTUw WhcNMjcwMjA1MDMzMTUwWjBcMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8x EzARBgNVBAcMClNoaWJ1eWEta3UxDjAMBgNVBAoMBUlST1JJMRgwFgYDVQQDDA93 d3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn Ge+Li7D7i6o2y3vpGxJW/UNxaZFJylcJS3QJFATToOMPe/JCTvw6d1poHFN374Yd hSG8kFgoLTUlcs+4FlbVnimNaC+tCkcyGGKCoxg+Ojv1xgc0axTyF29k2vEmU+LP PzH/LVaK8uyFwY0iSARzQaY0kls3jitFLj0UyDz1BzYcTFgIWfcgR3j5RN2kg/4K 51Qet5BIMuASKZ4bMgQgSIu+TYjci3lQKSlVfUtcQdg/C1JDqTh7qlPuFU1matKS YzylWFO8uhK3kebi8ncRtnyp3CxIe8naJ77oTOcbR/ohoVwXRsLBtoWRfZs96k7D 89TrFJsmEzbrKyG+HY1XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAZ9myVTc/M6 bFvkq56v4erRkz+d7fTbffj+dvGHpfDbvQNcK6wFVvEVtPvVdEi9ihYyLu7mhBZd TXi0qyzRJPpceHrxRX2moB8RVvd9yA4RPdpthKIBym9d87t7heCnTYxtzkSGridq HcuBaxpfJ/O3sKlpwRuwaBsnT1ot4yc9SoKkyhaoW1esv4MSndVWNdDwSpJHQX3e VqYR/P0MaLHUGSKA5EkDJVeTsl/an4XjLVSgTFNCnmIkCgG17Gm3c6Y7iieYYeCt s3BjWzbDVxeOS5Ojxfx0/eo/ibz+YTkMRoKde/VrUcTOZN0tU5CH67eRfnkQjrB7 UZXz4FQvvD8= -----END CERTIFICATE----- 00.load.t100644004002004002 22014703434541 16742 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/tuse Test::More tests => 1; BEGIN { use_ok( 'Net::SSL::ExpireDate' ); } diag( "Testing Net::SSL::ExpireDate $Net::SSL::ExpireDate::VERSION" ); 02.file.t100644004002004002 361314703434541 16775 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t# -*- mode: cperl; -*- use Test::Base; use Net::SSL::ExpireDate; use FindBin; plan tests => 7 * blocks; filters { expire_date => [qw(eval)], begin_date => [qw(eval)], not_after => [qw(eval)], not_before => [qw(eval)], is_expired => [qw(eval)], }; # Not Before: Feb 7 03:31:50 2017 GMT # Not After : Feb 5 03:31:50 2027 GMT our %NOT_BEFORE = ( year => 2017, month => 2, day => 7, hour => 3, minute => 31, second => 50, time_zone => 'UTC', ); our %NOT_AFTER = ( year => 2027, month => 2, day => 5, hour => 3, minute => 31, second => 50, time_zone => 'UTC', ); run { my $block = shift; my $ed = Net::SSL::ExpireDate->new( file => "$FindBin::Bin/cert.pem" ); my $expire_date = $ed->expire_date; is_deeply $expire_date, $block->expire_date, 'expire_date'; my $begin_date = $ed->begin_date; is_deeply $begin_date, $block->begin_date, 'begin_date'; my $not_after = $ed->not_after; is_deeply $not_after, $block->not_after, 'not_after'; my $not_before = $ed->not_before; is_deeply $not_before, $block->not_before, 'not_before'; my $is_expired = $ed->is_expired; is $is_expired, $block->is_expired, 'is_expired'; my $will_expired; $will_expired = $ed->is_expired('10 years'); is $will_expired, $block->will_expired, 'will_expired string'; $will_expired = $ed->is_expired(DateTime::Duration->new(years=>10)); is $will_expired, $block->will_expired, 'will_expired DateTime::Duration'; } __END__ === rt.cpan.org --- input: rt.cpan.org --- expire_date DateTime->new(%main::NOT_AFTER); --- begin_date DateTime->new(%main::NOT_BEFORE); --- not_after DateTime->new(%main::NOT_AFTER); --- not_before DateTime->new(%main::NOT_BEFORE); --- is_expired: undef --- will_expired: 1 01.https.t100644004002004002 446714703434541 17227 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t# -*- mode: cperl; -*- use Test::Base; use Net::SSL::ExpireDate; if ($ENV{TEST_HTTPS}) { plan tests => 7 * blocks; } else { plan skip_all => 'set TEST_HTTPS=1 if you want to test https access'; } filters { expire_date => [qw(eval)], begin_date => [qw(eval)], not_after => [qw(eval)], not_before => [qw(eval)], is_expired => [qw(eval)], }; our %NOT_BEFORE = ( year => 2024, month => 8, day => 9, hour => 15, minute => 5, second => 44, time_zone => 'UTC' ); our %NOT_AFTER = ( year => 2024, month => 11, day => 7, hour => 15, minute => 5, second => 43, time_zone => 'UTC' ); run { my $block = shift; my $ed = Net::SSL::ExpireDate->new( https => $block->input, ($block->name eq 'SNI' ? (sni => $block->sni ) : ()), ); my $expire_date = $ed->expire_date; is $expire_date->iso8601, $block->expire_date->iso8601, 'expire_date'; my $begin_date = $ed->begin_date; is $begin_date->iso8601, $block->begin_date->iso8601, 'begin_date'; my $not_after = $ed->not_after; is $not_after->iso8601, $block->not_after->iso8601, 'not_after'; my $not_before = $ed->not_before; is $not_before->iso8601, $block->not_before->iso8601, 'not_before'; my $is_expired = $ed->is_expired; is $is_expired, $block->is_expired, 'is_expired'; my $will_expired; $will_expired = $ed->is_expired('10 years'); is $will_expired, $block->will_expired, 'will_expired string'; $will_expired = $ed->is_expired(DateTime::Duration->new(years=>10)); is $will_expired, $block->will_expired, 'will_expired DateTime::Duration'; } __END__ === badssl.com --- input: badssl.com --- expire_date DateTime->new(%main::NOT_AFTER); --- begin_date DateTime->new(%main::NOT_BEFORE); --- not_after DateTime->new(%main::NOT_AFTER); --- not_before DateTime->new(%main::NOT_BEFORE); --- is_expired: undef --- will_expired: 1 === SNI --- input: blah-blah-blah.badssl.com --- sni: badssl.com --- expire_date DateTime->new(%main::NOT_AFTER); --- begin_date DateTime->new(%main::NOT_BEFORE); --- not_after DateTime->new(%main::NOT_AFTER); --- not_before DateTime->new(%main::NOT_BEFORE); --- is_expired: undef --- will_expired: 1 00_compile.t100644004002004002 12414703434541 17537 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/tuse strict; use Test::More; BEGIN { use_ok 'Net::SSL::ExpireDate' } done_testing; perlcriticrc100644004002004002 014703434541 17764 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t03.accessor.t100644004002004002 72114703434541 17636 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t# -*- mode: cperl; -*- use Test::Base; use Net::SSL::ExpireDate; use FindBin; plan tests => 2 * blocks; run { my $block = shift; my $ed = Net::SSL::ExpireDate->new( $block->type => $block->target ); is $ed->type, $block->type, $block->name.': type'; is $ed->target, $block->target, $block->name.': target'; } __END__ === rt.cpan.org --- type: ssl --- target: rt.cpan.org === cert.pem --- type: file --- target eval "$FindBin::Bin/cert.pem"; author-critic.t100644004002004002 40314703434541 20365 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t#!perl BEGIN { unless ($ENV{AUTHOR_TESTING}) { print qq{1..0 # SKIP these tests are for testing by the author\n}; exit } } use strict; use warnings; use Test::Perl::Critic (-profile => "perlcritic.rc") x!! -e "perlcritic.rc"; all_critic_ok(); release-fixme.t100644004002004002 62514703434541 20344 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t#!perl BEGIN { unless ($ENV{RELEASE_TESTING}) { require Test::More; Test::More::plan(skip_all => 'these tests are for release candidate testing'); } } # This test is generated by Dist::Zilla::Plugin::Test::Fixme use strict; use warnings; use Test::More; eval { require Test::Fixme; Test::Fixme->import(); }; plan(skip_all => "Test::Fixme not installed: $@; skipping") if $@; run_tests(); sample000755004002004002 014703434541 16324 5ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25cert-expire.t100755004002004002 146514703434541 21111 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/sample#!/usr/bin/env perl # -*- mode: cperl; -*- use Test::Base; use Net::SSL::ExpireDate; use Regexp::Common qw(net); my $Check_Duration; # $Check_Duration = '15 years'; plan tests => 1 * blocks; run { my $block = shift; my $ed = Net::SSL::ExpireDate->new( build_arg($block->name) ); is($ed->is_expired($Check_Duration) && $ed->expire_date->iso8601, undef, $block->name); }; sub build_arg { my ($v) = @_; if ($v =~ m{^(file)://(.+)}) { return $1 => $2; } elsif ($v =~ m{^(https)://([^/]+)}) { return $1 => $2; } elsif ($v =~ m{^$RE{net}{domain}{-nospace}{-keep}$}) { return 'https' => $1; } elsif (-r $v) { return 'file' => $v; } else { croak "$v: assume file. but cannot read."; } } __END__ === rt.cpan.org === www.google.com cert-list.txt100644004002004002 5314703434541 21071 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/samplehttps://rt.cpan.org https://www.google.com author-pod-spell.t100644004002004002 114714703434541 21035 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t BEGIN { unless ($ENV{AUTHOR_TESTING}) { require Test::More; Test::More::plan(skip_all => 'these tests are for testing by the author'); } } use strict; use warnings; use Test::More; eval { require Test::Spelling; Test::Spelling->VERSION(0.12); Test::Spelling->import(); }; plan(skip_all => "Test::Spelling not installed: $@; skipping") if $@; eval { require Pod::Wordlist; Pod::Wordlist->import(); }; plan(skip_all => "Pod::Wordlist not installed: $@; skipping") if $@; add_stopwords(); all_pod_files_spelling_ok( qw( bin lib ) ); __DATA__ HIROSE Masaaki hirose31 lib Str fixme examinee ssl release-kwalitee.t100644004002004002 74414703434541 21043 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t BEGIN { unless ($ENV{RELEASE_TESTING}) { require Test::More; Test::More::plan(skip_all => 'these tests are for release candidate testing'); } } # this test was generated with Dist::Zilla::Plugin::Test::Kwalitee 2.11 use strict; use warnings; use Test::More 0.88; eval { require Test::Kwalitee; Test::Kwalitee->VERSION(1.21); Test::Kwalitee->import(qw(kwalitee_ok)); }; plan(skip_all => "Test::Kwalitee not installed: $@; skipping") if $@; kwalitee_ok(); done_testing; release-pod-syntax.t100644004002004002 64714703434541 21346 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t#!perl BEGIN { unless ($ENV{RELEASE_TESTING}) { require Test::More; Test::More::plan(skip_all => 'these tests are for release candidate testing'); } } # This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests. use Test::More; eval { require Test::Pod; Test::Pod->VERSION(1.41); Test::Pod->import(); }; plan(skip_all => "Test::Pod not installed: $@; skipping") if $@; all_pod_files_ok(); author-dependencies.t100644004002004002 70614703434541 21544 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t BEGIN { unless ($ENV{AUTHOR_TESTING}) { require Test::More; Test::More::plan(skip_all => 'these tests are for testing by the author'); } } use strict; use warnings; use Test::More; eval "use App::scan_prereqs_cpanfile"; plan skip_all => "App::scan_prereqs_cpanfile required for testing module dependencies" if $@; my $diff = `scan-prereqs-cpanfile --ignore junk,sample --diff cpanfile`; is($diff, "", "diff cpanfile"); done_testing; release-unused-vars.t100644004002004002 40014703434541 21477 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t BEGIN { unless ($ENV{RELEASE_TESTING}) { print qq{1..0 # SKIP these tests are for release candidate testing\n}; exit } } use Test::More 0.96 tests => 1; use Test::Vars; subtest 'unused vars' => sub { all_vars_ok(ignore_vars => ['$len']); }; 01.https_client-auth.t100644004002004002 364014703434541 21514 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t# -*- mode: cperl; -*- use Test::Base; use Net::SSL::ExpireDate; if ($ENV{TEST_HTTPS}) { plan tests => 7 * blocks; } else { plan skip_all => 'set TEST_HTTPS=1 if you want to test https access'; } filters { expire_date => [qw(eval)], begin_date => [qw(eval)], not_after => [qw(eval)], not_before => [qw(eval)], is_expired => [qw(eval)], }; our %NOT_BEFORE = ( year => 2024, month => 8, day => 9, hour => 15, minute => 5, second => 44, time_zone => 'UTC' ); our %NOT_AFTER = ( year => 2024, month => 11, day => 7, hour => 15, minute => 5, second => 43, time_zone => 'UTC' ); run { my $block = shift; my $ed = Net::SSL::ExpireDate->new( https => $block->input ); my $expire_date = $ed->expire_date; is_deeply $expire_date, $block->expire_date, 'expire_date'; my $begin_date = $ed->begin_date; is_deeply $begin_date, $block->begin_date, 'begin_date'; my $not_after = $ed->not_after; is_deeply $not_after, $block->not_after, 'not_after'; my $not_before = $ed->not_before; is_deeply $not_before, $block->not_before, 'not_before'; my $is_expired = $ed->is_expired; is $is_expired, $block->is_expired, 'is_expired'; my $will_expired; $will_expired = $ed->is_expired('10 years'); is $will_expired, $block->will_expired, 'will_expired string'; $will_expired = $ed->is_expired(DateTime::Duration->new(years=>10)); is $will_expired, $block->will_expired, 'will_expired DateTime::Duration'; } __END__ === client.badssl.com --- input: client.badssl.com --- expire_date DateTime->new(%main::NOT_AFTER); --- begin_date DateTime->new(%main::NOT_BEFORE); --- not_after DateTime->new(%main::NOT_AFTER); --- not_before DateTime->new(%main::NOT_BEFORE); --- is_expired: undef --- will_expired: 1 SSL000755004002004002 014703434541 17000 5ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/lib/NetExpireDate.pm100644004002004002 4605314703434541 21560 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/lib/Net/SSLpackage Net::SSL::ExpireDate; use strict; use warnings; use Carp; our $VERSION = '1.25'; use base qw(Class::Accessor); use Crypt::OpenSSL::X509 qw(FORMAT_ASN1); use Date::Parse; use DateTime; use DateTime::Duration; use Time::Duration::Parse; use UNIVERSAL::require; my $Socket = 'IO::Socket::INET6'; unless ($Socket->require) { $Socket = 'IO::Socket::INET'; $Socket->require or die $@; } __PACKAGE__->mk_accessors(qw(type target)); my $SSL3_RT_CHANGE_CIPHER_SPEC = 20; my $SSL3_RT_ALERT = 21; my $SSL3_RT_HANDSHAKE = 22; my $SSL3_RT_APPLICATION_DATA = 23; my $SSL3_MT_HELLO_REQUEST = 0; my $SSL3_MT_CLIENT_HELLO = 1; my $SSL3_MT_SERVER_HELLO = 2; my $SSL3_MT_CERTIFICATE = 11; my $SSL3_MT_SERVER_KEY_EXCHANGE = 12; my $SSL3_MT_CERTIFICATE_REQUEST = 13; my $SSL3_MT_SERVER_DONE = 14; my $SSL3_MT_CERTIFICATE_VERIFY = 15; my $SSL3_MT_CLIENT_KEY_EXCHANGE = 16; my $SSL3_MT_FINISHED = 20; my $SSL3_AL_WARNING = 0x01; my $SSL3_AL_FATAL = 0x02; my $SSL3_AD_CLOSE_NOTIFY = 0; my $SSL3_AD_UNEXPECTED_MESSAGE = 10; # fatal my $SSL3_AD_BAD_RECORD_MAC = 20; # fatal my $SSL3_AD_DECOMPRESSION_FAILURE = 30; # fatal my $SSL3_AD_HANDSHAKE_FAILURE = 40; # fatal my $SSL3_AD_NO_CERTIFICATE = 41; my $SSL3_AD_BAD_CERTIFICATE = 42; my $SSL3_AD_UNSUPPORTED_CERTIFICATE = 43; my $SSL3_AD_CERTIFICATE_REVOKED = 44; my $SSL3_AD_CERTIFICATE_EXPIRED = 45; my $SSL3_AD_CERTIFICATE_UNKNOWN = 46; my $SSL3_AD_ILLEGAL_PARAMETER = 47; # fatal sub new { my ($class, %opt) = @_; my $self = bless { type => undef, target => undef, expire_date => undef, timeout => undef, }, $class; if ( $opt{https} or $opt{ssl} ) { $self->{type} = 'ssl'; $self->{target} = $opt{https} || $opt{ssl}; } elsif ($opt{file}) { $self->{type} = 'file'; $self->{target} = $opt{file}; if (! -r $self->{target}) { croak "$self->{target}: $!"; } } else { croak "missing option: neither ssl nor file"; } if ($opt{timeout}) { $self->{timeout} = $opt{timeout}; } if ($opt{sni}) { $self->{sni} = $opt{sni}; } return $self; } sub expire_date { my $self = shift; if (! $self->{expire_date}) { if ($self->{type} eq 'ssl') { my ($host, $port) = split /:/, $self->{target}, 2; $port ||= 443; ### $host ### $port my $cert = eval { _peer_certificate($host, $port, $self->{timeout}, $self->{sni}); }; warn $@ if $@; return unless $cert; my $x509 = Crypt::OpenSSL::X509->new_from_string($cert, FORMAT_ASN1); my $begin_date_str = $x509->notBefore; my $expire_date_str = $x509->notAfter; $self->{expire_date} = DateTime->from_epoch(epoch => str2time($expire_date_str)); $self->{begin_date} = DateTime->from_epoch(epoch => str2time($begin_date_str)); } elsif ($self->{type} eq 'file') { my $x509 = Crypt::OpenSSL::X509->new_from_file($self->{target}); $self->{expire_date} = DateTime->from_epoch(epoch => str2time($x509->notAfter)); $self->{begin_date} = DateTime->from_epoch(epoch => str2time($x509->notBefore)); } else { croak "unknown type: $self->{type}"; } } return $self->{expire_date}; } sub begin_date { my $self = shift; if (! $self->{begin_date}) { $self->expire_date; } return $self->{begin_date}; } *not_after = \&expire_date; *not_before = \&begin_date; sub is_expired { my ($self, $duration) = @_; $duration ||= DateTime::Duration->new(); if (! $self->{begin_date}) { $self->expire_date; } if (! ref($duration)) { # if scalar $duration = DateTime::Duration->new(seconds => parse_duration($duration)); } my $dx = DateTime->now()->add_duration( $duration ); ### dx: $dx->iso8601 return DateTime->compare($dx, $self->{expire_date}) >= 0 ? 1 : (); } sub _peer_certificate { my($host, $port, $timeout, $sni) = @_; my $cert; no warnings 'once'; no strict 'refs'; ## no critic *{$Socket.'::write_atomically'} = sub { my($self, $data) = @_; my $length = length $data; my $offset = 0; my $read_byte = 0; while ($length > 0) { my $r = $self->syswrite($data, $length, $offset) || last; $offset += $r; $length -= $r; $read_byte += $r; } return $read_byte; }; my $sock = { PeerAddr => $host, PeerPort => $port, Proto => 'tcp', Timeout => $timeout, }; $sock = $Socket->new( %$sock ) or croak "cannot create socket: $!"; my $servername; if ($sni) { $servername = $sni; } elsif ($host !~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/) { $servername = $host; } _send_client_hello($sock, $servername); my $do_loop = 1; while ($do_loop) { my $record = _get_record($sock); if ($record->{type} != $SSL3_RT_HANDSHAKE) { if ($record->{type} == $SSL3_RT_ALERT) { my $d1 = unpack 'C', substr $record->{data}, 0, 1; my $d2 = unpack 'C', substr $record->{data}, 1, 1; if ($d1 eq $SSL3_AL_WARNING) { ; # go ahead } else { croak "record type is SSL3_AL_FATAL. [desctioption: $d2]"; } } else { croak "record type is not HANDSHAKE"; } } while (my $handshake = _get_handshake($record)) { croak "too many loop" if $do_loop++ >= 10; if ($handshake->{type} == $SSL3_MT_HELLO_REQUEST) { ; } elsif ($handshake->{type} == $SSL3_MT_CERTIFICATE_REQUEST) { ; } elsif ($handshake->{type} == $SSL3_MT_SERVER_HELLO) { ; } elsif ($handshake->{type} == $SSL3_MT_CERTIFICATE) { my $data = $handshake->{data}; my $len1 = $handshake->{length}; my $len2 = (vec($data, 0, 8)<<16)+(vec($data, 1, 8)<<8)+vec($data, 2, 8); my $len3 = (vec($data, 3, 8)<<16)+(vec($data, 4, 8)<<8)+vec($data, 5, 8); croak "X509: length error" if $len1 != $len2 + 3; $cert = substr $data, 6; # DER format } elsif ($handshake->{type} == $SSL3_MT_SERVER_KEY_EXCHANGE) { ; } elsif ($handshake->{type} == $SSL3_MT_SERVER_DONE) { $do_loop = 0; } else { ; } } } _sendalert($sock, $SSL3_AL_FATAL, $SSL3_AD_HANDSHAKE_FAILURE) or croak $!; $sock->close; return $cert; } sub _send_client_hello { my($sock, $servername) = @_; my(@buf, $len); # Record Layer # Content Type: Handshake push @buf, $SSL3_RT_HANDSHAKE; # Version: TLS 1.0 (SSL 3.1) push @buf, 3, 1; # Length: set later push @buf, undef, undef; my $pos_record_len = $#buf-1; ## Handshake Protocol: Client Hello push @buf, $SSL3_MT_CLIENT_HELLO; ## Length: set later push @buf, undef, undef, undef; my $pos_handshake_len = $#buf-2; ## Version: TLS 1.2 push @buf, 3, 3; # TLS 1.2 ## Random my $time = time; push @buf, (($time>>24) & 0xFF); push @buf, (($time>>16) & 0xFF); push @buf, (($time>> 8) & 0xFF); push @buf, (($time ) & 0xFF); for (1..28) { push @buf, int(rand(0xFF)); } ## Session ID Length: 0 push @buf, 0; # https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 my @cipher_suites = ( 0xc02c, # TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xc030, # TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x009f, # TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0xcca9, # TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xcca8, # TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xccaa, # TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xc02b, # TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xc02f, # TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x009e, # TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0xc024, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xc028, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0x006b, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0xc023, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xc027, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0x0067, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0xc00a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xc014, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0039, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0xc009, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xc013, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0033, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x009d, # TLS_RSA_WITH_AES_256_GCM_SHA384 0x009c, # TLS_RSA_WITH_AES_128_GCM_SHA256 0x003d, # TLS_RSA_WITH_AES_256_CBC_SHA256 0x003c, # TLS_RSA_WITH_AES_128_CBC_SHA256 0x0035, # TLS_RSA_WITH_AES_256_CBC_SHA 0x002f, # TLS_RSA_WITH_AES_128_CBC_SHA 0x00ff, # TLS_EMPTY_RENEGOTIATION_INFO_SCSV ); $len = scalar(@cipher_suites) * 2; ## Cipher Suites Length push @buf, (($len >> 8) & 0xFF); push @buf, (($len ) & 0xFF); ## Cipher Suites for my $i (@cipher_suites) { push @buf, (($i >> 8) & 0xFF); push @buf, (($i ) & 0xFF); } ## Compression Methods Length push @buf, 1; ## Compression Methods: null push @buf, 0; ## Extensions Length: set later my @ext = (undef, undef); ## Extension: server_name if ($servername) { # SNI (Server Name Indication) my $sn_len = length $servername; ### Type: Server Name push @ext, 0, 0; ### Length # 5 is this part(2) + Server Name Indication Length(3) push @ext, ((($sn_len+5) >> 8) & 0xFF); push @ext, ((($sn_len+5) ) & 0xFF); ### Server Name Indication extension #### Server Name list length # 3 is this part(2) + Server Name Type(1) push @ext, ((($sn_len+3) >> 8) & 0xFF); push @ext, ((($sn_len+3) ) & 0xFF); #### Server Name Type: host_name push @ext, 0; #### Server Name length push @ext, (($sn_len >> 8) & 0xFF); push @ext, (($sn_len ) & 0xFF); #### Server Name for my $c (split //, $servername) { push @ext, ord($c); } } ## Extension: supported_groups ### Type: supported_groups push @ext, 0x00, 0x0a; my @supported_groups = ( 0x0017, # secp256r1 0x0018, # secp384r1 0x0019, # secp521r1 0x001d, # x25519 0x001e, # x448 ); ### Length # Supported Group List Length(2) + Supported Groups $len = 2 + scalar(@supported_groups) * 2; push @ext, (($len >> 8) & 0xFF); push @ext, (($len ) & 0xFF); ### Supported Group List Length $len = scalar(@supported_groups) * 2; push @ext, (($len >> 8) & 0xFF); push @ext, (($len ) & 0xFF); ### Supported Groups for my $i (@supported_groups) { push @ext, (($i >> 8) & 0xFF); push @ext, (($i ) & 0xFF); } ## Extension: signature_algorithms (>= TLSv1.2) ### Type: signature_algorithms push @ext, 0x00, 0x0D; # https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1 # enum { # none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), # sha512(6), (255) # } HashAlgorithm; # enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) # } SignatureAlgorithm; my @signature_algorithms = ( 0x0403, # ecdsa_secp256r1_sha256 0x0503, # ecdsa_secp384r1_sha384 0x0603, # ecdsa_secp521r1_sha512 0x0807, # ed25519 0x0808, # ed448 0x0809, # rsa_pss_pss_sha256 0x080a, # rsa_pss_pss_sha384 0x080b, # rsa_pss_pss_sha512 0x0804, # rsa_pss_rsae_sha256 0x0805, # rsa_pss_rsae_sha384 0x0806, # rsa_pss_rsae_sha512 0x0401, # rsa_pkcs1_sha256 0x0501, # rsa_pkcs1_sha384 0x0601, # rsa_pkcs1_sha512 0x0303, # SHA224 ECDSA 0x0203, # ecdsa_sha1 0x0301, # SHA224 RSA 0x0201, # rsa_pkcs1_sha1 0x0302, # SHA224 DSA 0x0202, # SHA1 DSA 0x0402, # SHA256 DSA 0x0502, # SHA384 DSA 0x0602, # SHA512 DSA ); ### Length # Signature Hash Algorithms Length(2) + Signature hash Algorithms $len = 2 + scalar(@signature_algorithms) * 2; push @ext, (($len >> 8) & 0xFF); push @ext, (($len ) & 0xFF); ### Signature Hash Algorithms Length $len = scalar(@signature_algorithms) * 2; push @ext, (($len >> 8) & 0xFF); push @ext, (($len ) & 0xFF); ### Signature Hash Algorithms for my $i (@signature_algorithms) { push @ext, (($i >> 8) & 0xFF); push @ext, (($i ) & 0xFF); } ## Extension: ec_point_formats ### Type: ec_point_formats push @ext, 0x00, 0x0b; ### Length: 4 push @ext, 0x00, 0x04; ### EC point formats Length: 3 push @ext, 0x03; ### Elliptic curves point formats push @ext, 0x00; # uncompressed push @ext, 0x01; # ansiX962_compressed_prime push @ext, 0x02; # ansiX962_compressed_char2 (2) ## Extension: Heartbeat push @ext, 0x00, 0x0F, # Type: heartbeat 0x00, 0x01, # Lengh 0x01, # Peer allowed to send requests ; ## Extensions Length my $ext_len = scalar(@ext) - 2; if ($ext_len > 0) { $ext[0] = (($ext_len) >> 8) & 0xFF; $ext[1] = (($ext_len) ) & 0xFF; push @buf, @ext; } # Record Length $len = scalar(@buf) - $pos_record_len - 2; $buf[ $pos_record_len ] = (($len >> 8) & 0xFF); $buf[ $pos_record_len+1 ] = (($len ) & 0xFF); ## Handshake Length $len = scalar(@buf) - $pos_handshake_len - 3; $buf[ $pos_handshake_len ] = (($len >> 16) & 0xFF); $buf[ $pos_handshake_len+1 ] = (($len >> 8) & 0xFF); $buf[ $pos_handshake_len+2 ] = (($len ) & 0xFF); my $data = ''; for my $c (@buf) { $data .= pack('C', $c); } return $sock->write_atomically($data); } sub _get_record { my($sock) = @_; my $record = { type => -1, version => -1, length => -1, read => 0, data => "", }; $sock->read($record->{type} , 1) or croak "cannot read type"; $record->{type} = unpack 'C', $record->{type}; $sock->read($record->{version}, 2) or croak "cannot read version"; $record->{version} = unpack 'n', $record->{version}; $sock->read($record->{length}, 2) or croak "cannot read length"; $record->{length} = unpack 'n', $record->{length}; $sock->read($record->{data}, $record->{length}) or croak "cannot read data"; return $record; } sub _get_handshake { my($record) = @_; my $handshake = { type => -1, length => -1, data => "", }; return if $record->{read} >= $record->{length}; $handshake->{type} = vec($record->{data}, $record->{read}++, 8); return if $record->{read} + 3 > $record->{length}; $handshake->{length} = (vec($record->{data}, $record->{read}++, 8)<<16) +(vec($record->{data}, $record->{read}++, 8)<< 8) +(vec($record->{data}, $record->{read}++, 8) ); if ($handshake->{length} > 0) { $handshake->{data} = substr($record->{data}, $record->{read}, $handshake->{length}); $record->{read} += $handshake->{length}; return if $record->{read} > $record->{length}; } else { $handshake->{data}= undef; } return $handshake; } sub _sendalert { my($sock, $level, $desc) = @_; my(@buf, $len); # Record Layer # Content Type: Alert push @buf, $SSL3_RT_ALERT; # Version: TLS 1.0 (SSL 3.1) push @buf, 3, 1; # Length: push @buf, 0x00, 0x02; # Alert Message ## Level: Fatal (2) push @buf, $level; ## Description: Handshake Failure (40) push @buf, $desc; my $data = ''; for my $c (@buf) { $data .= pack('C', $c); } return $sock->write_atomically($data); } 1; # Magic true value required at end of module __END__ =head1 NAME Net::SSL::ExpireDate - obtain expiration date of certificate =head1 SYNOPSIS use Net::SSL::ExpireDate; $ed = Net::SSL::ExpireDate->new( https => 'example.com' ); $ed = Net::SSL::ExpireDate->new( https => 'example.com:10443' ); $ed = Net::SSL::ExpireDate->new( ssl => 'example.com:465' ); # smtps $ed = Net::SSL::ExpireDate->new( ssl => 'example.com:995' ); # pop3s $ed = Net::SSL::ExpireDate->new( file => '/etc/ssl/cert.pem' ); if (defined $ed->expire_date) { # do something $expire_date = $ed->expire_date; # return DateTime instance $expired = $ed->is_expired; # examine already expired $expired = $ed->is_expired('2 months'); # will expire after 2 months $expired = $ed->is_expired(DateTime::Duration->new(months=>2)); # ditto } =head1 DESCRIPTION Net::SSL::ExpireDate get certificate from network (SSL) or local file and obtain its expiration date. =head1 METHODS =head2 new $ed = Net::SSL::ExpireDate->new( %option ) This method constructs a new "Net::SSL::ExpireDate" instance and returns it. %option is to specify certificate. KEY VALUE ---------------------------- ssl "hostname[:port]" https (same as above ssl) file "path/to/certificate" timeout "Timeout in seconds" sni "Server Name Indicator" =head2 expire_date $expire_date = $ed->expire_date; Return expiration date by "DateTime" instance. =head2 begin_date $begin_date = $ed->begin_date; Return beginning date by "DateTime" instance. =head2 not_after Synonym for expire_date. =head2 not_before Synonym for begin_date. =head2 is_expired $expired = $ed->is_expired; Obtain already expired or not. You can specify interval to obtain will expire on the future time. Acceptable intervals are human readable string (parsed by "Time::Duration::Parse") and "DateTime::Duration" instance. # will expire after 2 months $expired = $ed->is_expired('2 months'); $expired = $ed->is_expired(DateTime::Duration->new(months=>2)); =head2 type return type of examinee certificate. "ssl" or "file". =head2 target return hostname or path of examinee certificate. =head1 BUGS AND LIMITATIONS No bugs have been reported. Please report any bugs or feature requests to C, or through the web interface at L. =head1 AUTHOR HIROSE Masaaki Ehirose31 _at_ gmail.comE =head1 REPOSITORY L git clone git://github.com/hirose31/net-ssl-expiredate.git patches and collaborators are welcome. =head1 SEE ALSO =head1 COPYRIGHT & LICENSE Copyright HIROSE Masaaki This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =cut release-kwalitee-extra.t100644004002004002 113214703434541 22174 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/t BEGIN { unless ($ENV{RELEASE_TESTING}) { require Test::More; Test::More::plan(skip_all => 'these tests are for release candidate testing'); } } use strict; use warnings; use Test::More; eval { require Test::Kwalitee::Extra; Test::Kwalitee::Extra->import(qw(:experimental !meta_yml_has_repository_resource !prereq_matches_use !build_prereq_matches_use)); }; #eval { require Test::Kwalitee::Extra; Test::Kwalitee::Extra->import(qw(:experimental !prereq_matches_use !build_prereq_matches_use)); }; plan(skip_all => "Test::Kwalitee::Extra not installed: $@; skipping") if $@; #done_testing; check-cert-expire.pl100755004002004002 724714703434541 22340 0ustar00hirose31hirose31000000000000Net-SSL-ExpireDate-1.25/sample#!/usr/bin/env perl use strict; use warnings; use Carp; use Getopt::Long; use Pod::Usage; use Data::Dumper; use Net::SSL::ExpireDate; use Regexp::Common qw(net); use YAML; use URI::Escape; # use Smart::Comments; MAIN: { my %opt; Getopt::Long::Configure("bundling"); GetOptions(\%opt, 'duration|d=s', 'file|f=s', 'link|l', 'help|h|?') or pod2usage(-verbose=>1); pod2usage(-verbose=>1) if exists $opt{'help'}; pod2usage("missing option: --file") unless exists $opt{'file'}; ### %opt open my $file, '<', $opt{'file'} or croak "$opt{'file'}: $!"; chomp (my @testee = <$file>); close $file; ### @testee my $duration = exists $opt{'duration'} ? $opt{'duration'} : undef; ### $duration my $output = { title => 'Certificate Expire Date', entry => [], }; for my $t (@testee) { next if $t =~ /^#/; next if $t =~ /^$/; ### testee: $t my $ed = Net::SSL::ExpireDate->new( build_arg($t) ); if ($ed->is_expired($duration)) { ### expired: $ed->expire_date->iso8601 push @{$output->{entry}}, { title => $t . ($duration ? " (expire within $duration)" : ''), date => $ed->expire_date->iso8601, }; ${ $output->{entry} }[-1]->{link} = mk_link($ed, $duration) if $opt{'link'}; } } print YAML::Dump $output; exit 0; } sub build_arg { my ($v) = @_; if ($v =~ m{^(file)://(.+)}) { return $1 => $2; } elsif ($v =~ m{^(https)://([^/]+)}) { return $1 => $2; } elsif ($v =~ m{^$RE{net}{domain}{-nospace}{-keep}$}) { return 'https' => $1; } elsif (-r $v) { return 'file' => $v; } else { croak "$v: assume file. but cannot read."; } } sub mk_link { my ($ed, $duration) = @_; $ed->type . '://' . $ed->target . ($duration ? '#' . uri_escape($duration) : ''); } __END__ =head1 NAME B - check and list expired certificates =head1 SYNOPSIS B [ B<--help> ] [ B<--duration> DURATION ] B<--file> DATAFILE $ cat < server-list.txt https://rt.cpan.org https://www.google.com EOF $ check-cert-expire.pl --duration '3 months' --file server-list.txt $ check-cert-expire.pl -d '3 months' -f server-list.txt --- entry: - date: 2015-04-14T05:12:17 title: https://rt.cpan.org title: Certificate Expire Date =head1 DESCRIPTION Examine expire date of certificate and output name and expire date if expired. Output format is YAML. Examinee certificate is both OK via network (HTTPS) and local file. =head1 OPTIONS =over 4 =item B<--file> DATAFILE =item B<-f> DATAFILE DATAFILE is name of plain text file contains testee list. Acceptable list format is the following. FORMAT EXAMPLE =============================== https://FQDN https://rt.cpan.org file://PATH file:///etc/ssl/cert.pem FQDN rt.cpan.org PATH /etc/ssl/cert.pem =item B<--duration> DURATION =item B<-d> DURATION Specify the furtur point to check expiration. If omitted, check against just now. DURATION accepts human readable text. See also L. 3 days 4 months 10 years 4 months and 3days =item B<--link> =item B<-l> Add dummy link attribute. =back =head1 SEE ALSO L, L =head1 AUTHOR HIROSE, Masaaki Ehirose31@gmail.comE =cut # for Emacsen # Local Variables: # mode: cperl # cperl-indent-level: 4 # indent-tabs-mode: nil # End: # vi: set ts=4 sw=4 sts=0 :