Example #1
0
 def __check_certificate(self, entry, path):
     # noinspection PyUnusedLocal
     entry = entry
     if not os.path.isfile(path):
         # logging.warning(_('Certificate %(path)s of %(cn)s not found') % {'cn': common_name, 'path': path})
         return False
     try:
         stdout = local('"{openssl}" x509 -enddate -noout -in "{path}"'.format(openssl=settings.OPENSSL_PATH,
                                                                               path=path))
     except CalledProcessError:
         # logging.warning(_('Invalid certificate %(path)s for %(cn)s') % {'cn': common_name, 'path': path})
         return False
     stdout = stdout.decode('utf-8')
     end_date = t61_to_time(stdout.partition('=')[2].strip())
     after_now = datetime.datetime.now(tz=utc) + datetime.timedelta(30)
     if end_date is None or end_date < after_now:
         # logging.warning(_('Certificate %(path)s for %(cn)s is about to expire') %
         # {'cn': common_name, 'path': path})
         return False
     serial = self.__get_certificate_serial(path)
     if serial is None:
         return False
     elif self.__get_index_file()[serial][1] != 'V':
         return False
     return True
Example #2
0
 def __check_certificate(self, entry, path):
     # noinspection PyUnusedLocal
     entry = entry
     if not os.path.isfile(path):
         # logging.warning(_('Certificate %(path)s of %(cn)s not found') % {'cn': common_name, 'path': path})
         return False
     try:
         stdout = local(
             '"{openssl}" x509 -enddate -noout -in "{path}"'.format(
                 openssl=settings.OPENSSL_PATH, path=path))
     except CalledProcessError:
         # logging.warning(_('Invalid certificate %(path)s for %(cn)s') % {'cn': common_name, 'path': path})
         return False
     stdout = stdout.decode('utf-8')
     end_date = t61_to_time(stdout.partition('=')[2].strip())
     after_now = datetime.datetime.now(tz=utc) + datetime.timedelta(30)
     if end_date is None or end_date < after_now:
         # logging.warning(_('Certificate %(path)s for %(cn)s is about to expire') %
         # {'cn': common_name, 'path': path})
         return False
     serial = self.__get_certificate_serial(path)
     if serial is None:
         return False
     elif self.__get_index_file()[serial][1] != 'V':
         return False
     return True
Example #3
0
 def __check_crl(self):
     try:
         content = subprocess.check_output([settings.OPENSSL_PATH, 'crl', '-noout', '-nextupdate', '-in',
                                            self.cacrl_path], stderr=subprocess.PIPE)
     except CalledProcessError:
         return False
     key, sep, value = content.decode('utf-8').partition('=')
     if key != 'nextUpdate' or sep != '=':
         return False
     return t61_to_time(value.strip()) > (datetime.datetime.now(utc) + datetime.timedelta(seconds=86400))
Example #4
0
 def __check_crl(self):
     try:
         content = subprocess.check_output([
             settings.OPENSSL_PATH, 'crl', '-noout', '-nextupdate', '-in',
             self.cacrl_path
         ],
                                           stderr=subprocess.PIPE)
     except CalledProcessError:
         return False
     key, sep, value = content.decode('utf-8').partition('=')
     if key != 'nextUpdate' or sep != '=':
         return False
     return t61_to_time(value.strip()) > (datetime.datetime.now(utc) +
                                          datetime.timedelta(seconds=86400))