Health check for SSL/TLS services (#177)

* protocol: starttls: add timeout support Signed-off-by: Charles Decoux <charles@phowork.fr> * protocol: add ssl support Signed-off-by: Charles Decoux <charles@phowork.fr>
2021-09-30 22:15:17 +02:00
parent 289d834587
commit 30cb7b6ec8
4 changed files with 110 additions and 4 deletions
--- a/client/client.go
+++ b/client/client.go
@ -38,7 +38,11 @@ func CanPerformStartTLS(address string, config *Config) (connected bool, certifi
 	if len(hostAndPort) != 2 {
 		return false, nil, errors.New("invalid address for starttls, format must be host:port")
 	}
-	smtpClient, err := smtp.Dial(address)
+	conn, err := net.DialTimeout("tcp", address, config.Timeout)
+	if err != nil {
+	    return
+	}
+	smtpClient, err := smtp.NewClient(conn, hostAndPort[0])
 	if err != nil {
 		return
 	}
@ -57,6 +61,28 @@ func CanPerformStartTLS(address string, config *Config) (connected bool, certifi
 	return true, certificate, nil
 }

+// CanPerformTLS checks whether a connection can be established to an address using the TLS protocol
+func CanPerformTLS(address string, config *Config) (connected bool, certificate *x509.Certificate, err error) {
+	conn, err := tls.DialWithDialer(&net.Dialer{Timeout: config.Timeout}, "tcp", address, nil)
+	if err != nil {
+	    return
+	}
+	defer conn.Close()
+
+	verifiedChains := conn.ConnectionState().VerifiedChains
+	if len(verifiedChains) == 0 {
+	    return
+	}
+
+	chain := verifiedChains[0] // VerifiedChains[0] == PeerCertificates[0]
+	if len(chain) == 0 {
+	    return
+	}
+
+	certificate = chain[0]
+	return true, certificate, nil
+}
+
 // Ping checks if an address can be pinged and returns the round-trip time if the address can be pinged
 //
 // Note that this function takes at least 100ms, even if the address is 127.0.0.1
--- a/client/client_test.go
+++ b/client/client_test.go
@ -91,6 +91,56 @@ func TestCanPerformStartTLS(t *testing.T) {
 	}
 }

+func TestCanPerformTLS(t *testing.T) {
+       type args struct {
+               address  string
+               insecure bool
+       }
+       tests := []struct {
+               name          string
+               args          args
+               wantConnected bool
+               wantErr       bool
+       }{
+               {
+                       name: "invalid address",
+                       args: args{
+                               address: "test",
+                       },
+                       wantConnected: false,
+                       wantErr:       true,
+               },
+               {
+                       name: "error dial",
+                       args: args{
+                               address: "test:1234",
+                       },
+                       wantConnected: false,
+                       wantErr:       true,
+               },
+               {
+                       name: "valid tls",
+                       args: args{
+                               address: "smtp.gmail.com:465",
+                       },
+                       wantConnected: true,
+                       wantErr:       false,
+               },
+       }
+       for _, tt := range tests {
+               t.Run(tt.name, func(t *testing.T) {
+                       connected, _, err := CanPerformTLS(tt.args.address, &Config{Insecure: tt.args.insecure, Timeout: 5 * time.Second})
+                       if (err != nil) != tt.wantErr {
+                               t.Errorf("CanPerformTLS() err=%v, wantErr=%v", err, tt.wantErr)
+                               return
+                       }
+                       if connected != tt.wantConnected {
+                               t.Errorf("CanPerformTLS() connected=%v, wantConnected=%v", connected, tt.wantConnected)
+                       }
+               })
+       }
+}
+
 func TestCanCreateTCPConnection(t *testing.T) {
 	if CanCreateTCPConnection("127.0.0.1", &Config{Timeout: 5 * time.Second}) {
 		t.Error("should've failed, because there's no port in the address")