From fa3f9f59cd04b6d90a0685896c3f1e001137469c Mon Sep 17 00:00:00 2001
From: mahesh bhatiya <maheshbhatiya304@gmail.com>
Date: Sun, 29 Jun 2025 17:23:38 +0530
Subject: [PATCH] feat(cli): add test-ssl command to check SSL certificate
 validity

Added a new CLI command `test-ssl` to check SSL certificate status of a domain.
It verifies connection, prints issuer, and shows expiry date in a human-readable format.
Useful for DevOps to quickly validate SSL without logging into servers.
---
 cmd/test_ssl.go | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 cmd/test_ssl.go

diff --git a/cmd/test_ssl.go b/cmd/test_ssl.go
new file mode 100644
index 0000000..e6e0388
--- /dev/null
+++ b/cmd/test_ssl.go
@@ -0,0 +1,59 @@
+package cmd
+
+import (
+	"crypto/tls"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+	"stackroost/internal"
+	"stackroost/internal/logger"
+)
+
+var testSSLCmd = &cobra.Command{
+	Use:   "test-ssl",
+	Short: "Check SSL certificate status for a domain",
+	Run: func(cmd *cobra.Command, args []string) {
+		domain, _ := cmd.Flags().GetString("domain")
+		port, _ := cmd.Flags().GetString("port")
+
+		if internal.IsNilOrEmpty(domain) {
+			logger.Error("Please provide a domain using --domain")
+			os.Exit(1)
+		}
+
+		address := fmt.Sprintf("%s:%s", domain, port)
+		logger.Info(fmt.Sprintf("Testing SSL certificate for %s...", domain))
+
+		conn, err := tls.Dial("tcp", address, nil)
+		if err != nil {
+			logger.Error(fmt.Sprintf("Failed to connect to %s: %v", address, err))
+			os.Exit(1)
+		}
+		defer conn.Close()
+
+		certs := conn.ConnectionState().PeerCertificates
+		if len(certs) == 0 {
+			logger.Error("No certificate found")
+			os.Exit(1)
+		}
+
+		cert := certs[0]
+		now := time.Now()
+		if now.Before(cert.NotBefore) || now.After(cert.NotAfter) {
+			logger.Error("SSL certificate is invalid or expired ")
+		} else {
+			logger.Success("SSL is valid ")
+			logger.Info(fmt.Sprintf("Issuer: %s", cert.Issuer.CommonName))
+			logger.Info(fmt.Sprintf("Expires: %s (in %d days)", cert.NotAfter.Format(time.RFC1123), int(cert.NotAfter.Sub(now).Hours()/24)))
+		}
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(testSSLCmd)
+	testSSLCmd.Flags().String("domain", "", "Domain to test (required)")
+	testSSLCmd.Flags().String("port", "443", "Port to test SSL (default: 443)")
+	testSSLCmd.MarkFlagRequired("domain")
+}