Skip to main content

Mountain/Binary/Build/TlsCommands/
tls_check_cert_status.rs

1#![allow(non_snake_case)]
2
3//! `tls_check_cert_status` Tauri command - parse a cached
4//! cert's `valid_until` (RFC3339), compare against now, and
5//! flag whether renewal is due (within
6//! `CertificateManager::RENEWAL_THRESHOLD_DAYS`).
7
8use std::sync::{Arc, Mutex};
9
10use tauri::{AppHandle, Manager};
11
12use crate::{
13	Binary::Build::{CertificateManager::CertificateManager, TlsCommands::CertificateStatus::CertificateStatus},
14	dev_log,
15};
16
17#[tauri::command]
18pub async fn tls_check_cert_status(app_handle:AppHandle, hostname:String) -> Result<CertificateStatus, String> {
19	dev_log!("security", "checking certificate status for {}", hostname);
20
21	let state = app_handle
22		.try_state::<Arc<Mutex<CertificateManager>>>()
23		.ok_or("Certificate manager not found")?;
24	let cert_manager = state.clone();
25
26	let manager = cert_manager.lock().map_err(|e| format!("Failed to acquire lock: {}", e))?;
27
28	if let Some(cert_info) = manager.get_server_cert_info(&hostname) {
29		let valid_until = chrono::DateTime::parse_from_rfc3339(&cert_info.valid_until)
30			.map_err(|e| format!("Invalid certificate expiry time: {}", e))?
31			.with_timezone(&chrono::Utc);
32
33		let now = chrono::Utc::now();
34		let days_until_expiry = (valid_until - now).num_days();
35		let needs_renewal = days_until_expiry <= CertificateManager::RENEWAL_THRESHOLD_DAYS;
36
37		Ok(CertificateStatus {
38			exists:true,
39			is_valid:now <= valid_until,
40			days_until_expiry,
41			needs_renewal,
42			valid_until:cert_info.valid_until,
43		})
44	} else {
45		Ok(CertificateStatus {
46			exists:false,
47			is_valid:false,
48			days_until_expiry:0,
49			needs_renewal:true,
50			valid_until:String::new(),
51		})
52	}
53}