crl.go

Documentation: github.com/letsencrypt/boulder/observer/probers/crl

     1  package probers
     2  
     3  import (
     4  	"crypto/x509"
     5  	"io"
     6  	"net/http"
     7  	"time"
     8  
     9  	"github.com/prometheus/client_golang/prometheus"
    10  )
    11  
    12  // CRLProbe is the exported 'Prober' object for monitors configured to
    13  // monitor CRL availability & characteristics.
    14  type CRLProbe struct {
    15  	url         string
    16  	cNextUpdate *prometheus.GaugeVec
    17  	cThisUpdate *prometheus.GaugeVec
    18  	cCertCount  *prometheus.GaugeVec
    19  }
    20  
    21  // Name returns a string that uniquely identifies the monitor.
    22  func (p CRLProbe) Name() string {
    23  	return p.url
    24  }
    25  
    26  // Kind returns a name that uniquely identifies the `Kind` of `Prober`.
    27  func (p CRLProbe) Kind() string {
    28  	return "CRL"
    29  }
    30  
    31  // Probe requests the configured CRL and publishes metrics about it if found.
    32  func (p CRLProbe) Probe(timeout time.Duration) (bool, time.Duration) {
    33  	start := time.Now()
    34  	resp, err := http.Get(p.url)
    35  	if err != nil {
    36  		return false, time.Since(start)
    37  	}
    38  
    39  	body, err := io.ReadAll(resp.Body)
    40  	if err != nil {
    41  		return false, time.Since(start)
    42  	}
    43  	dur := time.Since(start)
    44  
    45  	crl, err := x509.ParseRevocationList(body)
    46  	if err != nil {
    47  		return false, dur
    48  	}
    49  
    50  	// Report metrics for this CRL
    51  	p.cThisUpdate.WithLabelValues(p.url).Set(float64(crl.ThisUpdate.Unix()))
    52  	p.cNextUpdate.WithLabelValues(p.url).Set(float64(crl.NextUpdate.Unix()))
    53  	p.cCertCount.WithLabelValues(p.url).Set(float64(len(crl.RevokedCertificateEntries)))
    54  
    55  	return true, dur
    56  }
    57
View as plain text