From 59e0798b9751c8c004f6e8cccaaf940068d42ee7 Mon Sep 17 00:00:00 2001 From: zhhyu Date: Wed, 11 Jan 2023 16:44:38 -0800 Subject: [PATCH 1/2] Add a SSL tool --- SslScripts/VerifySSLCertFromServer.ps1 | 78 ++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 SslScripts/VerifySSLCertFromServer.ps1 diff --git a/SslScripts/VerifySSLCertFromServer.ps1 b/SslScripts/VerifySSLCertFromServer.ps1 new file mode 100644 index 00000000..90b68c0c --- /dev/null +++ b/SslScripts/VerifySSLCertFromServer.ps1 @@ -0,0 +1,78 @@ +<# + .SYNOPSIS + This script is used to verify the SSL certificate from the server +#> + +$TestMaxRounds = 1000 +$SleepDurationInSeconds = 6 + +$resultPath = ".\result.csv" + +# Place a list of URLs to test under the same domain +$URLs = @("https://api.nuget.org/v3-registration5-gz-semver2/newtonsoft.json/index.json", + "https://api.nuget.org/v3-flatcontainer/newtonsoft.json/index.json", + "https://api.nuget.org/v3/index.json") +$Domain = "api.nuget.org" +$CertSubjectName = "CN=*.nuget.org" + +$TestRound = 1 +$SuccessedTimes = 0 +$FailedTimes = 0 +while ($TestRound -le $TestMaxRounds) +{ + Write-Host "Round: ", $TestRound + + $URL = $URLs | Get-Random + $request = [Net.WebRequest]::Create($URL) + + $servicePoint = $request.ServicePoint + # Set "MaxIdleTime" as 0 to ensure that the certificate is refreshed from the server again each round + $servicePoint.MaxIdleTime = 0 + Write-Host "ServicePointHash: ", $servicePoint.GetHashCode() + + try { + $request.GetResponse().Dispose() + } catch + { + + } + + $certificate = $request.ServicePoint.Certificate + if ($null -ne $certificate) + { + $subjectName = $certificate.Subject.Split(",")[0] + + if ($subjectName -eq $CertSubjectName) + { + $SuccessedTimes = $SuccessedTimes + 1 + } + else + { + $FailedTimes = $FailedTimes + 1 + + $dnsRecord = (Resolve-DnsName $Domain | where-Object { $_.QueryType -eq "A" })[0] + + $date = (Get-Date).ToUniversalTime() + Write-Host $TestRound, $date, $subjectName, $dnsRecord.Name, $dnsRecord.IP4Address, $URL -ForegroundColor red + + $log = @( + [pscustomobject]@{ + TestRound = $TestRound + Date_UTC = $date + ReturnedCertSubjectName = $subjectName + DNSRecord = $dnsRecord.Name + IP4Address = $dnsRecord.IP4Address + TestURL = $URL + } + ) + + $log | Export-Csv -Path $resultPath -Append -NoTypeInformation + } + } + + $TestRound = $TestRound + 1 + Start-Sleep -Seconds $SleepDurationInSeconds +} + +Write-Host "Succeeded: ", $SuccessedTimes +Write-Host "Failed: ", $FailedTimes \ No newline at end of file From e1f5fa0993104d71217ad1e110a44f36fe5ddcbd Mon Sep 17 00:00:00 2001 From: zhhyu Date: Thu, 19 Jan 2023 14:39:40 -0800 Subject: [PATCH 2/2] Update --- SslScripts/VerifySSLCertFromServer.ps1 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/SslScripts/VerifySSLCertFromServer.ps1 b/SslScripts/VerifySSLCertFromServer.ps1 index 90b68c0c..ed8b3153 100644 --- a/SslScripts/VerifySSLCertFromServer.ps1 +++ b/SslScripts/VerifySSLCertFromServer.ps1 @@ -8,12 +8,11 @@ $SleepDurationInSeconds = 6 $resultPath = ".\result.csv" -# Place a list of URLs to test under the same domain -$URLs = @("https://api.nuget.org/v3-registration5-gz-semver2/newtonsoft.json/index.json", - "https://api.nuget.org/v3-flatcontainer/newtonsoft.json/index.json", - "https://api.nuget.org/v3/index.json") $Domain = "api.nuget.org" $CertSubjectName = "CN=*.nuget.org" +$URLs = @("https://$Domain/v3-registration5-gz-semver2/newtonsoft.json/index.json", + "https://$Domain/v3-flatcontainer/newtonsoft.json/index.json", + "https://$Domain/v3/index.json") $TestRound = 1 $SuccessedTimes = 0