add printResponseCertificates option

Author: xenOs76

README.md

@@ -7,8 +7,11 @@
 </p>
 
 **HTTPS Wrench** is a Golang CLI program to make HTTPS requests based on a YAML configuration file.   
-**HTTPS Wrench** was born from the desire of a disposable Bash script to become a reliable tool for mechanics of the World Wide Web.  
-`https-wrench` will, one day, take the place of `curl` in the hearts and the eyes of whoever is about to migrate a DNS record from a webserver to a load balancer, reverse proxy, Ingress Gateway, Cloudfront distibution.   
+**HTTPS Wrench** was born from the desire of a disposable Bash script to become a reliable tool 
+for mechanics of the World Wide Web.  
+`https-wrench` will, one day, take the place of `curl` in the hearts and the eyes of whoever is about 
+to migrate a DNS record from a webserver to a load balancer, reverse proxy, Ingress Gateway, 
+Cloudfront distribution.   
 
 ## How to use
 
@@ -49,18 +52,25 @@ https-wrench --show-sample-config > sample-wrench.yaml
 debug: false
 verbose: true
 requests:
-  - name: httpBunCom
+  - name: httpBunComGet
+
     transportOverrideUrl: https://cat.httpbun.com:443
-    userAgent: wrench-httpbun-ua
+    clientTimeout: 3
+
+    requestDebug: false
+    responseDebug: false
+
+    printResponseBody: true
+    printResponseHeaders: true
+
+    userAgent: wrench-custom-ua
 
     requestHeaders:
       - key: x-custom-header
         value: custom-header-value
       - key: x-api-key
         value: api-value
 
-    printResponseBody: true
-    printResponseHeaders: true
     responseHeadersFilter:
       - X-Powered-By
       - Via
@@ -70,11 +80,18 @@ requests:
       - name: httpbun.com
         uriList:
           - /headers
-          - /ip
           - /status/302
           - /status/404
           - /status/503
+
+  - name: httpBunComCerts
+
+    printResponseCertificates: true
+
+    hosts:
+      - name: httpbun.com
 ```
+
 </details>
 
 

examples/https-wrench-badssl-certs.yaml

@@ -0,0 +1,31 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/xenOs76/https-wrench/refs/heads/main/https-wrench.schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+---
+debug: false
+verbose: true
+requests:
+  - name: badsslComErrors
+    responseDebug: true
+    # printResponseBody: true
+    hosts:
+      - name: untrusted-root.badssl.com
+      - name: expired.badssl.com
+      - name: wrong.host.badssl.com
+      - name: incomplete-chain.badssl.com
+
+  - name: badsslComValid
+    responseDebug: true
+    # printResponseBody: true
+    hosts:
+      - name: sha256.badssl.com
+
+      # expired
+      - name: sha384.badssl.com
+
+      # expired
+      - name: sha512.badssl.com
+
+      - name: ecc256.badssl.com
+      - name: ecc384.badssl.com
+      - name: rsa2048.badssl.com
+      - name: rsa4096.badssl.com

examples/https-wrench-httpbin.yaml examples/https-wrench-httpbingo.yamlexamples/https-wrench-httpbin.yaml renamed to examples/https-wrench-httpbingo.yaml

@@ -4,21 +4,23 @@
 debug: false
 verbose: true
 requests:
-  - name: httpBinOrg
-    # transportOverrideUrl: https://httpbin.org:443
+  - name: httpBinGoOrg
+    # transportOverrideUrl: https://httpbingo.org:443
 
-    userAgent: httpbin-requests-ua
+    # responseDebug: true
+    userAgent: httpbingo-requests-ua
 
     requestHeaders:
       - key: x-api-key
         value: aaa-bbb-ccc
       - key: x-custom-header
         value: custom-header-value
 
+    printResponseCertificates: true
     printResponseBody: true
 
     hosts:
-      - name: httpbin.org
+      - name: httpbingo.org
         uriList:
           - /headers
           - /ip

https-wrench.schema.json

@@ -55,6 +55,9 @@
                 "printResponseHeaders": {
                     "type": "boolean"
                 },
+                "printResponseCertificates": {
+                    "type": "boolean"
+                },
                 "responseHeadersFilter": {
                     "type": "array",
                     "items": {

src/cmd/config.go

@@ -25,31 +25,33 @@ type RequestHeader struct {
 }
 
 type RequestConfig struct {
-	Name                  string          `mapstructure:"name"`
-	ClientTimeout         time.Duration   `mapstructure:"clientTimeout"`
-	UserAgent             string          `mapstructure:"userAgent"`
-	TransportOverrideUrl  string          `mapstructure:"transportOverrideUrl"`
-	RequestDebug          bool            `mapstructure:"requestDebug"`
-	RequestHeaders        []RequestHeader `mapstructure:"requestHeaders"`
-	RequestMethod         string          `mapstructure:"requestMethod"`
-	RequestBody           string          `mapstructure:"requestBody"`
-	ResponseDebug         bool            `mapstructure:"responseDebug"`
-	ResponseHeadersFilter []string        `mapstructure:"responseHeadersFilter"`
-	PrintResponseBody     bool            `mapstructure:"printResponseBody"`
-	PrintResponseHeaders  bool            `mapstructure:"printResponseHeaders"`
-	Hosts                 []Host          `mapstructure:"hosts"`
+	Name                      string          `mapstructure:"name"`
+	ClientTimeout             time.Duration   `mapstructure:"clientTimeout"`
+	UserAgent                 string          `mapstructure:"userAgent"`
+	TransportOverrideUrl      string          `mapstructure:"transportOverrideUrl"`
+	RequestDebug              bool            `mapstructure:"requestDebug"`
+	RequestHeaders            []RequestHeader `mapstructure:"requestHeaders"`
+	RequestMethod             string          `mapstructure:"requestMethod"`
+	RequestBody               string          `mapstructure:"requestBody"`
+	ResponseDebug             bool            `mapstructure:"responseDebug"`
+	ResponseHeadersFilter     []string        `mapstructure:"responseHeadersFilter"`
+	PrintResponseBody         bool            `mapstructure:"printResponseBody"`
+	PrintResponseHeaders      bool            `mapstructure:"printResponseHeaders"`
+	PrintResponseCertificates bool            `mapstructure:"printResponseCertificates"`
+	Hosts                     []Host          `mapstructure:"hosts"`
 }
 
 type ResponseData struct {
-	RequestName           string
-	TransportAddress      string
-	Url                   string
-	PrintResponseBody     bool
-	PrintResponseHeaders  bool
-	ResponseHeadersFilter []string
-	ResponseBody          string
-	Response              *http.Response
-	Error                 error
+	RequestName               string
+	TransportAddress          string
+	Url                       string
+	PrintResponseBody         bool
+	PrintResponseHeaders      bool
+	PrintResponseCertificates bool
+	ResponseHeadersFilter     []string
+	ResponseBody              string
+	Response                  *http.Response
+	Error                     error
 }
 
 type Config struct {
@@ -98,3 +100,85 @@ func (rd *ResponseData) ImportResponseBody() {
 	}
 	rd.ResponseBody = string(body)
 }
+
+func (rd ResponseData) PrintResponseData() {
+	fmt.Println(lgSprintf(styleItemKey,
+		"- Url: %s",
+		styleUrl.Render(rd.Url)),
+	)
+
+	fmt.Print(lgSprintf(styleItemKeyP3, "StatusCode: "))
+
+	if rd.Error != nil {
+		fmt.Println(lgSprintf(styleStatusError, "000"))
+		fmt.Println(lgSprintf(
+			styleItemKeyP3,
+			"Error: %s",
+			styleError.Render(rd.Error.Error())),
+		)
+		fmt.Println()
+	} else {
+		fmt.Println(lgSprintf(styleStatus, "%v", statusCodeParse(rd.Response.StatusCode)))
+
+		if rd.PrintResponseCertificates {
+			RenderTlsData(rd.Response)
+		}
+
+		if rd.PrintResponseHeaders {
+			headersStr := parseResponseHeaders(rd.Response.Header, rd.ResponseHeadersFilter)
+
+			fmt.Println(lgSprintf(styleItemKeyP3, "Headers: "))
+			fmt.Println(
+				lgSprintf(
+					styleHeaders,
+					"%s",
+					headersStr,
+				),
+			)
+		}
+
+		if rd.PrintResponseBody {
+			fmt.Println(lgSprintf(styleItemKeyP3, "Body:"))
+			fmt.Println(rd.ResponseBody)
+		}
+		fmt.Println()
+	}
+}
+
+func RenderTlsData(r *http.Response) {
+
+	tls := r.TLS
+
+	fmt.Println(lgSprintf(styleItemKeyP3, "TLS:"))
+
+	if tls == nil {
+		fmt.Println(lgSprintf(styleCertKeyP4, "%s", styleError.Render("No TLS connection state available")))
+		return
+	}
+
+	fmt.Println(lgSprintf(styleCertKeyP4, "Version: %s", styleCertValue.Render(tlsVersionName(tls.Version))))
+
+	fmt.Println(lgSprintf(styleCertKeyP4, "CipherSuite: %v", styleCertValue.Render(cipherSuiteName(tls.CipherSuite))))
+
+	for i, cert := range tls.PeerCertificates {
+
+		fmt.Println(lgSprintf(styleCertKeyP4.Bold(true), "Certificate %v:", i))
+		fmt.Println(lgSprintf(styleCertKeyP5, "Subject: %s", styleCertValue.Render(cert.Subject.String())))
+
+		if len(cert.DNSNames) > 0 {
+			dnsnames := "[ "
+			for _, name := range cert.DNSNames {
+				dnsnames += name + " "
+			}
+			dnsnames += "]"
+
+			fmt.Println(lgSprintf(styleCertKeyP5, "DNS Names: %v", styleCertValue.Render(dnsnames)))
+		}
+
+		fmt.Println(lgSprintf(styleCertKeyP5, "Issuer: %s", styleCertValue.Render(cert.Issuer.String())))
+		fmt.Println(lgSprintf(styleCertKeyP5, "Valid From: %s", styleCertValue.Render(cert.NotBefore.Format(time.RFC1123))))
+		fmt.Println(lgSprintf(styleCertKeyP5, "Valid To: %s", styleCertValue.Render(cert.NotAfter.Format(time.RFC1123))))
+
+	}
+
+}

src/cmd/embedded/config-example.yaml

@@ -36,42 +36,9 @@ requests:
           - /status/404
           - /status/503
 
-  - name: httpBinGoPost
+  - name: httpBunComCerts
 
-    userAgent: wrench-request-post
-
-    printResponseBody: true
-    printResponseHeaders: true
-
-    requestHeaders:
-      - key: Content-Type
-        value: text/plain
-
-    requestMethod: POST
-    requestBody: request body via post
-
-    responseHeadersFilter:
-      - Content-Type
+    printResponseCertificates: true
 
     hosts:
-      - name: httpbingo.org
-        uriList:
-          - /post
-
-  - name: httpBinGoHead
-
-    # requestDebug: true
-    # responseDebug: true
-
-    printResponseHeaders: true
-
-    requestHeaders:
-      - key: Content-Type
-        value: text/plain
-
-    requestMethod: HEAD
-
-    hosts:
-      - name: httpbingo.org
-        uriList:
-          - /head
+      - name: httpbun.com

src/cmd/handlers.go

@@ -0,0 +1,47 @@
+package cmd
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"time"
+)
+
+func tlsVersionName(v uint16) string {
+	switch v {
+	case tls.VersionSSL30:
+		return "SSL 3.0"
+	case tls.VersionTLS10:
+		return "TLS 1.0"
+	case tls.VersionTLS11:
+		return "TLS 1.1"
+	case tls.VersionTLS12:
+		return "TLS 1.2"
+	case tls.VersionTLS13:
+		return "TLS 1.3"
+	default:
+		return fmt.Sprintf("Unknown (0x%x)", v)
+	}
+}
+
+func cipherSuiteName(id uint16) string {
+	cs := tls.CipherSuiteName(id)
+	if cs == "" {
+		return fmt.Sprintf("Unknown (0x%x)", id)
+	}
+	return cs
+}
+func printCertInfo(cert *x509.Certificate, depth int) {
+	prefix := ""
+	for i := 0; i < depth; i++ {
+		prefix += "  "
+	}
+	fmt.Printf("%sSubject: %s\n", prefix, cert.Subject)
+	fmt.Printf("%sIssuer: %s\n", prefix, cert.Issuer)
+	fmt.Printf("%sValid From: %s\n", prefix, cert.NotBefore.Format(time.RFC1123))
+	fmt.Printf("%sValid To:   %s\n", prefix, cert.NotAfter.Format(time.RFC1123))
+	fmt.Printf("%sDNS Names:  %v\n", prefix, cert.DNSNames)
+	// fmt.Printf("%sEmail:      %v\n", prefix, cert.EmailAddresses)
+	// fmt.Printf("%sIP Addrs:   %v\n", prefix, cert.IPAddresses)
+	fmt.Println()
+}