api/modules/sslCheck.js at e96a73e580461377cdee4a4276f0b4d1f4d82199 · FreeOps-Tools/api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
const https = require('https');
const tls = require('tls');

function checkSSLCertificate(hostname, port = 443, callback) {
  let certRetrieved = false;

  // Use tls.connect for more reliable certificate retrieval
  const socket = tls.connect({
    host: hostname,
    port: port,
    rejectUnauthorized: false, // We want to check even if cert is invalid
    servername: hostname, // Important for SNI
  }, () => {
    try {
      const cert = socket.getPeerCertificate(true);

      if (cert && cert.valid_to) {
        certRetrieved = true;
        const expirationDate = new Date(cert.valid_to);
        const now = new Date();
        const daysUntilExpiry = Math.ceil((expirationDate - now) / (1000 * 60 * 60 * 24));

        callback(null, {
          expirationDate: expirationDate.toISOString(),
          daysUntilExpiry: daysUntilExpiry,
          isValid: expirationDate > now,
          issuer: cert.issuer ? (cert.issuer.CN || JSON.stringify(cert.issuer)) : null,
          subject: cert.subject ? (cert.subject.CN || hostname) : hostname,
        });
      } else {
        callback(null, null);
      }
    } catch (err) {
      callback(null, null);
    } finally {
      if (!socket.destroyed) {
        socket.end();
      }
    }
  });

  socket.on('error', (error) => {
    if (!certRetrieved) {
      // If we can't get the certificate, return null (might be HTTP or connection issue)
      callback(null, null);
    }
  });

  socket.on('timeout', () => {
    if (!certRetrieved) {
      socket.destroy();
      callback(null, null);
    }
  });

  socket.setTimeout(5000);
}

module.exports = checkSSLCertificate;