certspotter/monitor/healthcheck.go

// Copyright (C) 2023 Opsmate, Inc.
//
// This Source Code Form is subject to the terms of the Mozilla
// Public License, v. 2.0. If a copy of the MPL was not distributed
// with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
//
// This software is distributed WITHOUT A WARRANTY OF ANY KIND.
// See the Mozilla Public License for details.

package monitor

import (
	"context"
	"fmt"
	"strings"
	"time"

	"software.sslmate.com/src/certspotter/ct"
	"software.sslmate.com/src/certspotter/loglist"
)

func healthCheckFilename() string {
	return time.Now().UTC().Format(time.RFC3339) + ".txt"
}

func healthCheckLog(ctx context.Context, config *Config, ctlog *loglist.Log) error {
	state, err := config.State.LoadLogState(ctx, ctlog.LogID)
	if err != nil {
		return fmt.Errorf("error loading log state: %w", err)
	} else if state == nil {
		return nil
	}

	if time.Since(state.LastSuccess) < config.HealthCheckInterval {
		return nil
	}

	sths, err := config.State.LoadSTHs(ctx, ctlog.LogID)
	if err != nil {
		return fmt.Errorf("error loading STHs: %w", err)
	}

	if len(sths) == 0 {
		info := &StaleSTHInfo{
			Log:         ctlog,
			LastSuccess: state.LastSuccess,
			LatestSTH:   state.VerifiedSTH,
		}
		if err := config.State.NotifyHealthCheckFailure(ctx, ctlog, info); err != nil {
			return fmt.Errorf("error notifying about stale STH: %w", err)
		}
	} else {
		info := &BacklogInfo{
			Log:       ctlog,
			LatestSTH: sths[len(sths)-1],
			Position:  state.DownloadPosition.Size(),
		}
		if err := config.State.NotifyHealthCheckFailure(ctx, ctlog, info); err != nil {
			return fmt.Errorf("error notifying about backlog: %w", err)
		}
	}

	return nil
}

type HealthCheckFailure interface {
	Summary() string
	Text() string
}

type StaleSTHInfo struct {
	Log         *loglist.Log
	LastSuccess time.Time
	LatestSTH   *ct.SignedTreeHead // may be nil
}

type BacklogInfo struct {
	Log       *loglist.Log
	LatestSTH *ct.SignedTreeHead
	Position  uint64
}

type StaleLogListInfo struct {
	Source        string
	LastSuccess   time.Time
	LastError     string
	LastErrorTime time.Time
}

func (e *BacklogInfo) Backlog() uint64 {
	return e.LatestSTH.TreeSize - e.Position
}

func (e *StaleSTHInfo) Summary() string {
	return fmt.Sprintf("Unable to contact %s since %s", e.Log.URL, e.LastSuccess)
}
func (e *BacklogInfo) Summary() string {
	return fmt.Sprintf("Backlog of size %d from %s", e.Backlog(), e.Log.URL)
}
func (e *StaleLogListInfo) Summary() string {
	return fmt.Sprintf("Unable to retrieve log list since %s", e.LastSuccess)
}

func (e *StaleSTHInfo) Text() string {
	text := new(strings.Builder)
	fmt.Fprintf(text, "certspotter has been unable to contact %s since %s. Consequentially, certspotter may fail to notify you about certificates in this log.\n", e.Log.URL, e.LastSuccess)
	fmt.Fprintf(text, "\n")
	fmt.Fprintf(text, "For details, see certspotter's stderr output.\n")
	fmt.Fprintf(text, "\n")
	if e.LatestSTH != nil {
		fmt.Fprintf(text, "Latest known log size = %d (as of %s)\n", e.LatestSTH.TreeSize, e.LatestSTH.TimestampTime())
	} else {
		fmt.Fprintf(text, "Latest known log size = none\n")
	}
	return text.String()
}
func (e *BacklogInfo) Text() string {
	text := new(strings.Builder)
	fmt.Fprintf(text, "certspotter has been unable to download entries from %s in a timely manner. Consequentially, certspotter may be slow to notify you about certificates in this log.\n", e.Log.URL)
	fmt.Fprintf(text, "\n")
	fmt.Fprintf(text, "For more details, see certspotter's stderr output.\n")
	fmt.Fprintf(text, "\n")
	fmt.Fprintf(text, "Current log size = %d (as of %s)\n", e.LatestSTH.TreeSize, e.LatestSTH.TimestampTime())
	fmt.Fprintf(text, "Current position = %d\n", e.Position)
	fmt.Fprintf(text, "         Backlog = %d\n", e.Backlog())
	return text.String()
}
func (e *StaleLogListInfo) Text() string {
	text := new(strings.Builder)
	fmt.Fprintf(text, "certspotter has been unable to retrieve the log list from %s since %s.\n", e.Source, e.LastSuccess)
	fmt.Fprintf(text, "\n")
	fmt.Fprintf(text, "Last error (at %s): %s\n", e.LastErrorTime, e.LastError)
	fmt.Fprintf(text, "\n")
	fmt.Fprintf(text, "Consequentially, certspotter may not be monitoring all logs, and might fail to detect certificates.\n")
	return text.String()
}

// TODO-3: make the errors more actionable
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`// Copyright (C) 2023 Opsmate, Inc.`
			`//`
			`// This Source Code Form is subject to the terms of the Mozilla`
			`// Public License, v. 2.0. If a copy of the MPL was not distributed`
			`// with this file, You can obtain one at http://mozilla.org/MPL/2.0/.`
			`//`
			`// This software is distributed WITHOUT A WARRANTY OF ANY KIND.`
			`// See the Mozilla Public License for details.`

			`package monitor`

			`import (`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`"context"`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`"fmt"`
			`"strings"`
			`"time"`

			`"software.sslmate.com/src/certspotter/ct"`
			`"software.sslmate.com/src/certspotter/loglist"`
			`)`

Save failed healthchecks, and put path in $TEXT_FILENAME To allow scripts to access them. 2023-02-19 14:45:01 +01:00			`func healthCheckFilename() string {`
			`return time.Now().UTC().Format(time.RFC3339) + ".txt"`
			`}`

Implement monitor health check 2023-02-06 03:08:01 +01:00			`func healthCheckLog(ctx context.Context, config Config, ctlog loglist.Log) error {`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`state, err := config.State.LoadLogState(ctx, ctlog.LogID)`
			`if err != nil {`
			`return fmt.Errorf("error loading log state: %w", err)`
			`} else if state == nil {`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`return nil`
			`}`

Make health check interval configurable 2023-02-06 15:18:37 +01:00			`if time.Since(state.LastSuccess) < config.HealthCheckInterval {`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`return nil`
			`}`

Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`sths, err := config.State.LoadSTHs(ctx, ctlog.LogID)`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`if err != nil {`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`return fmt.Errorf("error loading STHs: %w", err)`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`}`

			`if len(sths) == 0 {`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`info := &StaleSTHInfo{`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`Log: ctlog,`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`LastSuccess: state.LastSuccess,`
			`LatestSTH: state.VerifiedSTH,`
Save failed healthchecks, and put path in $TEXT_FILENAME To allow scripts to access them. 2023-02-19 14:45:01 +01:00			`}`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`if err := config.State.NotifyHealthCheckFailure(ctx, ctlog, info); err != nil {`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`return fmt.Errorf("error notifying about stale STH: %w", err)`
			`}`
			`} else {`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`info := &BacklogInfo{`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`Log: ctlog,`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`LatestSTH: sths[len(sths)-1],`
			`Position: state.DownloadPosition.Size(),`
Save failed healthchecks, and put path in $TEXT_FILENAME To allow scripts to access them. 2023-02-19 14:45:01 +01:00			`}`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`if err := config.State.NotifyHealthCheckFailure(ctx, ctlog, info); err != nil {`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`return fmt.Errorf("error notifying about backlog: %w", err)`
			`}`
			`}`

			`return nil`
			`}`

Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`type HealthCheckFailure interface {`
			`Summary() string`
			`Text() string`
			`}`

			`type StaleSTHInfo struct {`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`Log *loglist.Log`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`LastSuccess time.Time`
			`LatestSTH *ct.SignedTreeHead // may be nil`
			`}`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00
			`type BacklogInfo struct {`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`Log *loglist.Log`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`LatestSTH *ct.SignedTreeHead`
			`Position uint64`
			`}`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00
			`type StaleLogListInfo struct {`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`Source string`
			`LastSuccess time.Time`
			`LastError string`
			`LastErrorTime time.Time`
			`}`

Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`func (e *BacklogInfo) Backlog() uint64 {`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`return e.LatestSTH.TreeSize - e.Position`
			`}`

Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`func (e *StaleSTHInfo) Summary() string {`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`return fmt.Sprintf("Unable to contact %s since %s", e.Log.URL, e.LastSuccess)`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`}`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`func (e *BacklogInfo) Summary() string {`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`return fmt.Sprintf("Backlog of size %d from %s", e.Backlog(), e.Log.URL)`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`}`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`func (e *StaleLogListInfo) Summary() string {`
Use same code to produce $SUMMARY and email subject 2023-02-19 14:48:30 +01:00			`return fmt.Sprintf("Unable to retrieve log list since %s", e.LastSuccess)`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`}`

Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`func (e *StaleSTHInfo) Text() string {`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`text := new(strings.Builder)`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`fmt.Fprintf(text, "certspotter has been unable to contact %s since %s. Consequentially, certspotter may fail to notify you about certificates in this log.\n", e.Log.URL, e.LastSuccess)`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`fmt.Fprintf(text, "\n")`
			`fmt.Fprintf(text, "For details, see certspotter's stderr output.\n")`
			`fmt.Fprintf(text, "\n")`
			`if e.LatestSTH != nil {`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`fmt.Fprintf(text, "Latest known log size = %d (as of %s)\n", e.LatestSTH.TreeSize, e.LatestSTH.TimestampTime())`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`} else {`
			`fmt.Fprintf(text, "Latest known log size = none\n")`
			`}`
			`return text.String()`
			`}`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`func (e *BacklogInfo) Text() string {`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`text := new(strings.Builder)`
Refine interface for healthcheck failures 2024-04-04 13:53:35 +02:00			`fmt.Fprintf(text, "certspotter has been unable to download entries from %s in a timely manner. Consequentially, certspotter may be slow to notify you about certificates in this log.\n", e.Log.URL)`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`fmt.Fprintf(text, "\n")`
			`fmt.Fprintf(text, "For more details, see certspotter's stderr output.\n")`
			`fmt.Fprintf(text, "\n")`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`fmt.Fprintf(text, "Current log size = %d (as of %s)\n", e.LatestSTH.TreeSize, e.LatestSTH.TimestampTime())`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`fmt.Fprintf(text, "Current position = %d\n", e.Position)`
Implement monitor health check 2023-02-06 03:08:01 +01:00			`fmt.Fprintf(text, " Backlog = %d\n", e.Backlog())`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`return text.String()`
			`}`
Abstract state storage and notification logic behind an interface 2024-04-04 02:06:00 +02:00			`func (e *StaleLogListInfo) Text() string {`
Convert to a daemon and make many other improvements Specifically, certspotter no longer terminates unless it receives SIGTERM or SIGINT or there is a serious error. Although using cron made sense in the early days of Certificate Transparency, certspotter now needs to run continuously to reliably keep up with the high growth rate of contemporary CT logs, and to gracefully handle the many transient errors that can arise when monitoring CT. Closes: #63 Closes: #37 Closes: #32 (presumably by eliminating $DNS_NAMES and $IP_ADDRESSES) Closes: #21 (with $WATCH_ITEM) Closes: #25 2023-02-03 20:05:04 +01:00			`text := new(strings.Builder)`
			`fmt.Fprintf(text, "certspotter has been unable to retrieve the log list from %s since %s.\n", e.Source, e.LastSuccess)`
			`fmt.Fprintf(text, "\n")`
			`fmt.Fprintf(text, "Last error (at %s): %s\n", e.LastErrorTime, e.LastError)`
			`fmt.Fprintf(text, "\n")`
			`fmt.Fprintf(text, "Consequentially, certspotter may not be monitoring all logs, and might fail to detect certificates.\n")`
			`return text.String()`
			`}`

			`// TODO-3: make the errors more actionable`