Skip to content

Commit 5713462

Browse files
cemuluscemulus
committed
feat: add option to exclude expired certificates
1 parent 684f39d commit 5713462

File tree

3 files changed

+16
-3
lines changed

3 files changed

+16
-3
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ Usage: crt [options...] <domain name>
99
1010
Options:
1111
-o <path> Output file path. Write to file instead of stdout.
12+
-e Exclude expired certificates.
1213
-l <int> Limit the number of results. (default: 1000)
1314
-json Turn results to JSON.
1415
-csv Turn results to CSV.

cmd/cmd.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212

1313
var (
1414
filename = flag.String("o", "", "")
15+
expired = flag.Bool("e", false, "")
1516
limit = flag.Int("l", 1000, "")
1617
jsonOut = flag.Bool("json", false, "")
1718
csvOut = flag.Bool("csv", false, "")
@@ -21,6 +22,7 @@ var usage = `Usage: crt [options...] <domain name>
2122
2223
Options:
2324
-o <path> Output file path. Write to file instead of stdout.
25+
-e Exclude expired certificates.
2426
-l <int> Limit the number of results. (default: 1000)
2527
-json Turn results to JSON.
2628
-csv Turn results to CSV.
@@ -55,7 +57,7 @@ func Execute() {
5557

5658
var res result.CertResult
5759

58-
res, err = repo.GetCertLogs(domain, *limit)
60+
res, err = repo.GetCertLogs(domain, *expired, *limit)
5961
if err != nil {
6062
log.Fatal(err)
6163
}

repository/database.go

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ const (
3131
FROM certificate_and_identities cai
3232
WHERE plainto_tsquery('certwatch', '%s') @@ identities(cai.CERTIFICATE)
3333
AND cai.NAME_VALUE ILIKE ('%%' || '%s' || '%%')
34+
%s --filter
3435
LIMIT 10000
3536
) sub
3637
GROUP BY sub.CERTIFICATE
@@ -54,6 +55,9 @@ FROM ci
5455
WHERE ci.ISSUER_CA_ID = ca.ID
5556
ORDER BY le.ENTRY_TIMESTAMP DESC NULLS LAST
5657
LIMIT %d`
58+
59+
excludeExpired = `AND coalesce(x509_notAfter(cai.CERTIFICATE), 'infinity'::timestamp) >= date_trunc('year', now() AT TIME ZONE 'UTC')
60+
AND x509_notAfter(cai.CERTIFICATE) >= now() AT TIME ZONE 'UTC'`
5761
)
5862

5963
type Repository struct {
@@ -69,8 +73,14 @@ func New() (*Repository, error) {
6973
return &Repository{db}, nil
7074
}
7175

72-
func (r *Repository) GetCertLogs(domain string, limit int) (result.CertResult, error) {
73-
stmt := fmt.Sprintf(statement, domain, domain, limit)
76+
func (r *Repository) GetCertLogs(domain string, expired bool, limit int) (result.CertResult, error) {
77+
filter := ""
78+
79+
if expired {
80+
filter = excludeExpired
81+
}
82+
83+
stmt := fmt.Sprintf(statement, domain, domain, filter, limit)
7484

7585
rows, err := r.db.Query(stmt)
7686
if err != nil {

0 commit comments

Comments
 (0)