def __check_certificate(self, entry, path): # noinspection PyUnusedLocal entry = entry if not os.path.isfile(path): # logging.warning(_('Certificate %(path)s of %(cn)s not found') % {'cn': common_name, 'path': path}) return False try: stdout = local('"{openssl}" x509 -enddate -noout -in "{path}"'.format(openssl=settings.OPENSSL_PATH, path=path)) except CalledProcessError: # logging.warning(_('Invalid certificate %(path)s for %(cn)s') % {'cn': common_name, 'path': path}) return False stdout = stdout.decode('utf-8') end_date = t61_to_time(stdout.partition('=')[2].strip()) after_now = datetime.datetime.now(tz=utc) + datetime.timedelta(30) if end_date is None or end_date < after_now: # logging.warning(_('Certificate %(path)s for %(cn)s is about to expire') % # {'cn': common_name, 'path': path}) return False serial = self.__get_certificate_serial(path) if serial is None: return False elif self.__get_index_file()[serial][1] != 'V': return False return True
def __check_certificate(self, entry, path): # noinspection PyUnusedLocal entry = entry if not os.path.isfile(path): # logging.warning(_('Certificate %(path)s of %(cn)s not found') % {'cn': common_name, 'path': path}) return False try: stdout = local( '"{openssl}" x509 -enddate -noout -in "{path}"'.format( openssl=settings.OPENSSL_PATH, path=path)) except CalledProcessError: # logging.warning(_('Invalid certificate %(path)s for %(cn)s') % {'cn': common_name, 'path': path}) return False stdout = stdout.decode('utf-8') end_date = t61_to_time(stdout.partition('=')[2].strip()) after_now = datetime.datetime.now(tz=utc) + datetime.timedelta(30) if end_date is None or end_date < after_now: # logging.warning(_('Certificate %(path)s for %(cn)s is about to expire') % # {'cn': common_name, 'path': path}) return False serial = self.__get_certificate_serial(path) if serial is None: return False elif self.__get_index_file()[serial][1] != 'V': return False return True
def __check_crl(self): try: content = subprocess.check_output([settings.OPENSSL_PATH, 'crl', '-noout', '-nextupdate', '-in', self.cacrl_path], stderr=subprocess.PIPE) except CalledProcessError: return False key, sep, value = content.decode('utf-8').partition('=') if key != 'nextUpdate' or sep != '=': return False return t61_to_time(value.strip()) > (datetime.datetime.now(utc) + datetime.timedelta(seconds=86400))
def __check_crl(self): try: content = subprocess.check_output([ settings.OPENSSL_PATH, 'crl', '-noout', '-nextupdate', '-in', self.cacrl_path ], stderr=subprocess.PIPE) except CalledProcessError: return False key, sep, value = content.decode('utf-8').partition('=') if key != 'nextUpdate' or sep != '=': return False return t61_to_time(value.strip()) > (datetime.datetime.now(utc) + datetime.timedelta(seconds=86400))