Add support for comparing duration before certificate expiration

core/condition.go

@@ -35,6 +35,11 @@ const (
 	// Values that could replace the placeholder: true, false
 	ConnectedPlaceHolder = "[CONNECTED]"
 
+	// CertificateExpirationPlaceholder is a placeholder for the duration before certificate expiration, in milliseconds.
+	//
+	// Values that could replace the placeholder: 4461677039 (~52 days)
+	CertificateExpirationPlaceholder = "[CERTIFICATE_EXPIRATION]"
+
 	// LengthFunctionPrefix is the prefix for the length function
 	LengthFunctionPrefix = "len("
 
@@ -142,6 +147,8 @@ func sanitizeAndResolve(list []string, result *Result) []string {
 			element = body
 		case ConnectedPlaceHolder:
 			element = strconv.FormatBool(result.Connected)
+		case CertificateExpirationPlaceholder:
+			element = strconv.FormatInt(int64(result.CertificateExpiration.Milliseconds()), 10)
 		default:
 			// if contains the BodyPlaceHolder, then evaluate json path
 			if strings.Contains(element, BodyPlaceHolder) {

core/service.go

@@ -169,6 +169,10 @@ func (service *Service) call(result *Result) {
 			result.Errors = append(result.Errors, err.Error())
 			return
 		}
+		if response.TLS != nil {
+			certificate := response.TLS.PeerCertificates[0]
+			result.CertificateExpiration = certificate.NotAfter.Sub(time.Now())
+		}
 		result.HTTPStatus = response.StatusCode
 		result.Connected = response.StatusCode > 0
 		result.Body, err = ioutil.ReadAll(response.Body)

core/types.go

@@ -45,6 +45,9 @@ type Result struct {
 
 	// Timestamp when the request was sent
 	Timestamp time.Time `json:"timestamp"`
+
+	// CertificateExpiration is the duration before the certificate expires
+	CertificateExpiration time.Duration `json:"certificate-expiration,omitempty"`
 }
 
 // ConditionResult result of a Condition