def cert_id_exists_in_database(log_id): """Check if a ID already exists in the either certificate collection. Returns True if the id exists, False otherwise """ c = Cert.objects(log_id=log_id) if c.count() > 0: return True with context_managers.switch_collection(Cert, "precerts"): c = Cert.objects(log_id=log_id) if c.count() > 0: return True return False
def group_update_domain(domain, max_expired_date, verbose=False, dry_run=False): """Create parallel tasks to download all new certificates with date filter. Arguments: domain -- domain name to query max_expired_date -- a date to filter out expired certificates Returns the number of certificates imported. """ # create a list of signatures to be executed in parallel signatures = [] for log_id in get_new_log_ids(domain.domain, max_expired_date, verbose): signatures.append(cert_by_id.s(log_id)) # create a job with all the signatures job = group(signatures) # send the group to the queue results = job.apply_async() # wait for the jobs to complete, updating our progress bar as we go with tqdm(total=len(signatures), desc="Certs", unit="certs", leave=False) as pbar: while not results.ready(): pbar.update(results.completed_count() - pbar.n) time.sleep(0.5) # map the tasks to their corresponding results tasks_to_results = zip(job.tasks, results.join()) # create x509 certificates from the results for task, pem in tasks_to_results: cert, is_precert = Cert.from_pem(pem) cert.log_id = task.get("args")[0] # get log_id from task if is_precert: # if this is a precert, we save to the precert collection with context_managers.switch_collection(Cert, "precerts"): if not dry_run: cert.save() else: # this is not a precert, save to the cert collection if not dry_run: cert.save() return len(job.tasks)
def test_from_pem(self): """Verify Cert creation from a PEM blob.""" cert, is_poisioned = Cert.from_pem(CISA_PEM) assert is_poisioned is False cert.log_id = 123 cert.save()
def test_simple_creation(self): """Create a new user, and save it.""" cert = Cert() cert.log_id = 654321 cert.serial = "123456" cert.issuer = "CISA Super Secure CA" cert.not_before = datetime.now(tz.tzutc()) cert.not_after = datetime.now(tz.tzutc()) cert.sct_or_not_before = datetime.now(tz.tzutc()) cert.sct_exists = True cert.pem = "Not a PEM" cert.subjects = ["cisa.gov"] cert.save()
def test_subjects(self): """Validate that subjects and trimmed_subjects are calulcated correctly.""" cert = Cert() cert.subjects = ["cisa.gov", "cyber.dhs.gov"] assert set(cert.trimmed_subjects) == {"cisa.gov", "dhs.gov"}
def test_empty_creation(self): """Create a new cert, and save it.""" cert = Cert() # lots of fields are required, so this should fail with pytest.raises(mongoengine.errors.ValidationError): cert.save()