introduce probe --cert-details flag (#12)

* introduce `probe --cert-details` flag

- this will hide away SANs and validity dates by default

* update linter

Author: thz

.github/workflows/release.yaml

@@ -26,7 +26,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.60
+          version: v1.62
           only-new-issues: true
   testing:
     runs-on: ubuntu-latest

.github/workflows/verify.yaml

@@ -33,7 +33,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.60
+          version: v1.62
           only-new-issues: true
 
   cross-build-darwin:

cmd/probe.go

@@ -26,9 +26,10 @@ import (
 )
 
 type probeOptions struct {
-	verbose    bool
-	ppv1, ppv2 bool
-	sni        string
+	verbose         bool
+	showCertDetails bool
+	ppv1, ppv2      bool
+	sni             string
 }
 
 var probeOpts probeOptions
@@ -72,6 +73,9 @@ used instead of the literal endpoint host name.`,
 			if probeOpts.sni != "" {
 				proberOptions.ServerNameIndication = probeOpts.sni
 			}
+			if probeOpts.showCertDetails {
+				proberOptions.PrintCertDetails = true
+			}
 			prober, err := probe.NewProber(proberOptions)
 
 			if err != nil {
@@ -98,6 +102,7 @@ used instead of the literal endpoint host name.`,
 	}
 
 	cmd.Flags().BoolVar(&probeOpts.verbose, "verbose", false, "be verbose, output logs")
+	cmd.Flags().BoolVar(&probeOpts.showCertDetails, "cert-details", false, "show certificate details (SANs, validity)")
 	cmd.Flags().BoolVar(&probeOpts.ppv1, "proxy-protocol-v1", false, "send proxy protocol v1 headers")
 	cmd.Flags().BoolVar(&probeOpts.ppv2, "proxy-protocol-v2", false, "send proxy protocol v2 headers")
 	cmd.Flags().StringVar(&probeOpts.sni, "sni", "", "set SNI for TLS handshake (defaults to endpoint host)")

pkg/probe/probe.go

@@ -43,6 +43,7 @@ type ProbeOptions struct {
 	Endpoint             string
 	ProxyProtocolMode    ProxyProtocolMode
 	ServerNameIndication string
+	PrintCertDetails     bool
 }
 
 type Signal struct {
@@ -61,7 +62,13 @@ type Signal struct {
 
 var errTLSFailure = fmt.Errorf("TLS failure")
 
+func (s Signal) DetailedString() string {
+	return s.stringer(true)
+}
 func (s Signal) String() string {
+	return s.stringer(false)
+}
+func (s Signal) stringer(printCertDetails bool) string {
 	parts := []string{s.Path}
 	if s.Error != nil {
 		parts = append(parts, "ERROR=\""+s.Error.Error()+"\"")
@@ -81,14 +88,14 @@ func (s Signal) String() string {
 	if s.PeerSubject != "" {
 		parts = append(parts, "peer-subject="+s.PeerSubject)
 	}
-	if len(s.SANs) > 0 {
+	if len(s.SANs) > 0 && printCertDetails {
 		parts = append(parts, "SANs="+strings.Join(s.SANs, ","))
 	}
 
-	if !s.ValidityNotBefore.IsZero() {
+	if !s.ValidityNotBefore.IsZero() && printCertDetails {
 		parts = append(parts, "validity-not-before="+s.ValidityNotBefore.Format(time.RFC3339))
 	}
-	if !s.ValidityNotAfter.IsZero() {
+	if !s.ValidityNotAfter.IsZero() && printCertDetails {
 		parts = append(parts, "validity-not-after="+s.ValidityNotAfter.Format(time.RFC3339))
 	}
 
@@ -108,13 +115,15 @@ type prober struct {
 	proxyProtocolMode ProxyProtocolMode
 	sni               string
 	signals           chan Signal
+	printCertDetails  bool
 }
 
 func NewProber(o ProbeOptions) (*prober, error) {
 	p := &prober{
 		endpoint:          o.Endpoint,
 		proxyProtocolMode: o.ProxyProtocolMode,
 		sni:               o.ServerNameIndication,
+		printCertDetails:  o.PrintCertDetails,
 	}
 	var err error
 	p.fqdn, p.port, err = net.SplitHostPort(p.endpoint)
@@ -130,6 +139,7 @@ func NewProber(o ProbeOptions) (*prober, error) {
 }
 
 func (p *prober) Probe(ctx context.Context) error {
+	// TODO: implement Probe function which exposes the signal channel
 	log := util.CtxLogOrPanic(ctx)
 	defer log.Sync()
 	p.signals = make(chan Signal)
@@ -141,9 +151,9 @@ func (p *prober) Probe(ctx context.Context) error {
 		for signal := range signals {
 			if signal.Error != nil {
 				fmt.Printf("%s FAILED: %v\n", signal.Path, signal.Error)
-			} else {
-				fmt.Printf("%s\n", signal)
+				continue
 			}
+			fmt.Printf("%s\n", signal.stringer(p.printCertDetails))
 		}
 	}(ctx, p.signals)