Skip to main content

Mountain/Binary/Build/TlsCommands/
tls_check_cert_status.rs

1#![allow(non_snake_case)]
2
3//! `tls_check_cert_status` Tauri command - parse a cached
4//! cert's `valid_until` (RFC3339), compare against now, and
5//! flag whether renewal is due (within
6//! `CertificateManager::RENEWAL_THRESHOLD_DAYS`).
7
8use std::sync::{Arc, Mutex};
9
10use tauri::{AppHandle, Manager};
11
12use crate::{
13	Binary::Build::{CertificateManager::CertificateManager, TlsCommands::CertificateStatus::CertificateStatus},
14	dev_log,
15};
16
17#[tauri::command]
18pub async fn tls_check_cert_status(app_handle:AppHandle, hostname:String) -> Result<CertificateStatus, String> {
19	dev_log!("security", "checking certificate status for {}", hostname);
20
21	let state = app_handle
22		.try_state::<Arc<Mutex<CertificateManager>>>()
23		.ok_or("Certificate manager not found")?;
24
25	let cert_manager = state.clone();
26
27	let manager = cert_manager.lock().map_err(|e| format!("Failed to acquire lock: {}", e))?;
28
29	if let Some(cert_info) = manager.get_server_cert_info(&hostname) {
30		let valid_until = chrono::DateTime::parse_from_rfc3339(&cert_info.valid_until)
31			.map_err(|e| format!("Invalid certificate expiry time: {}", e))?
32			.with_timezone(&chrono::Utc);
33
34		let now = chrono::Utc::now();
35
36		let days_until_expiry = (valid_until - now).num_days();
37
38		let needs_renewal = days_until_expiry <= CertificateManager::RENEWAL_THRESHOLD_DAYS;
39
40		Ok(CertificateStatus {
41			exists:true,
42			is_valid:now <= valid_until,
43			days_until_expiry,
44			needs_renewal,
45			valid_until:cert_info.valid_until,
46		})
47	} else {
48		Ok(CertificateStatus {
49			exists:false,
50			is_valid:false,
51			days_until_expiry:0,
52			needs_renewal:true,
53			valid_until:String::new(),
54		})
55	}
56}