|
@@ -4,6 +4,8 @@ import math
|
|
|
import sys
|
|
|
import os
|
|
|
import datetime
|
|
|
+import json
|
|
|
+import requests
|
|
|
|
|
|
import aiohttp
|
|
|
import requests
|
|
@@ -180,7 +182,8 @@ class TransparencyWatcher(object):
|
|
|
|
|
|
async def mux_ctl_stream(watcher):
|
|
|
logger = logging.getLogger('certstream.watcher')
|
|
|
- watch_suffix = os.getenv("WATCH_SUFFIX", None)
|
|
|
+ watch_suffix = os.getenv('WATCH_SUFFIX', None)
|
|
|
+ slack_webhook = os.getenv('SLACK_WEBHOOK_URL', None)
|
|
|
|
|
|
if not watch_suffix:
|
|
|
return
|
|
@@ -200,13 +203,57 @@ async def mux_ctl_stream(watcher):
|
|
|
found = False
|
|
|
if cn and cn.endswith(tuple(suffixes)):
|
|
|
found = True
|
|
|
+ alts = []
|
|
|
+ found_alts = []
|
|
|
+ for dnsname in alt.split(','):
|
|
|
+ dnsname = dnsname.strip().replace('DNS:', '')
|
|
|
+ if dnsname.endswith(tuple(suffixes)):
|
|
|
+ found = True
|
|
|
+ found_alts.append(dnsname)
|
|
|
+ else:
|
|
|
+ alts.append(dnsname)
|
|
|
+
|
|
|
+ if not found:
|
|
|
+ continue
|
|
|
+
|
|
|
+ if slack_webhook:
|
|
|
+ alt_msg = ', '.join(found_alts)
|
|
|
+ if found_alts and alts:
|
|
|
+ alt_msg += ' and '
|
|
|
+ if alts:
|
|
|
+ alt_msg += '%s others' % len(alts)
|
|
|
+
|
|
|
+ slack_data = {
|
|
|
+ 'attachments': [
|
|
|
+ {
|
|
|
+ 'fallback': '%s (%s): %s' % (cn, source, alt),
|
|
|
+ 'color': '#36a64f',
|
|
|
+ 'fields': [
|
|
|
+ {
|
|
|
+ 'title': 'Common Name',
|
|
|
+ 'value': cn,
|
|
|
+ 'short': False
|
|
|
+ },
|
|
|
+ {
|
|
|
+ 'title': 'Alt Name',
|
|
|
+ 'value': alt_msg,
|
|
|
+ 'short': False
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ 'footer': source
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ response = requests.post(
|
|
|
+ slack_webhook, data=json.dumps(slack_data),
|
|
|
+ headers={'Content-Type': 'application/json'}
|
|
|
+ )
|
|
|
+ if response.status_code != 200:
|
|
|
+ logger.exception(ValueError(
|
|
|
+ 'Slack returned an error %s, the response is: %s',
|
|
|
+ response.status_code, response.text
|
|
|
+ ))
|
|
|
else:
|
|
|
- for dnsname in alt.split(','):
|
|
|
- if dnsname.strip().endswith(tuple(suffixes)):
|
|
|
- found = True
|
|
|
- break
|
|
|
-
|
|
|
- if found:
|
|
|
logger.info('%s: %s, %s', cert_data['source']['url'], cert_data['leaf_cert']['subject']['CN'], cert_data['leaf_cert']['extensions'].get('subjectAltName', ''))
|
|
|
|
|
|
|