def check(self):
cm = certmonger._certmonger()
all_requests = cm.obj_if.get_requests()
for req in all_requests:
request = certmonger._cm_dbus_object(cm.bus, cm, req,
certmonger.DBUS_CM_REQUEST_IF,
certmonger.DBUS_CM_IF, True)
id = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF, 'nickname')
notafter = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'not-valid-after')
nafter = datetime.fromtimestamp(notafter, timezone.utc)
now = datetime.now(timezone.utc)
if now > nafter:
yield Result(self,
constants.ERROR,
key=id,
expiration_date=generalized_time(nafter),
msg='Request id %s expired on %s' %
(id, generalized_time(nafter)))
else:
delta = nafter - now
diff = int(delta.total_seconds() / DAY)
if diff < self.config.cert_expiration_days:
yield Result(self,
constants.WARNING,
key=id,
expiration_date=generalized_time(nafter),
days=diff,
msg='Request id %s expires in %s days' %
(id, diff))
else:
yield Result(self, constants.SUCCESS, key=id)
def check(self):
cm = certmonger._certmonger()
all_requests = cm.obj_if.get_requests()
for req in all_requests:
request = certmonger._cm_dbus_object(cm.bus, cm, req,
certmonger.DBUS_CM_REQUEST_IF,
certmonger.DBUS_CM_IF, True)
id = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF, 'nickname')
notafter = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'not-valid-after')
if notafter == 0:
yield Result(self,
constants.ERROR,
key=id,
msg='certmonger request id {key} does not have '
'a not-valid-after date, assuming it '
'has not been issued yet.')
continue
nafter = datetime.fromtimestamp(notafter, timezone.utc)
now = datetime.now(timezone.utc)
if now > nafter:
yield Result(self,
constants.ERROR,
key=id,
expiration_date=generalized_time(nafter),
msg='Request id {key} expired on '
'{expiration_date}')
else:
delta = nafter - now
diff = int(delta.total_seconds() / DAY)
if diff < int(self.config.cert_expiration_days):
yield Result(self,
constants.WARNING,
key=id,
expiration_date=generalized_time(nafter),
days=diff,
msg='Request id {key} expires in {days} '
'days. certmonger should renew this '
'automatically. Watch the status with '
'getcert list -i {key}.')
else:
yield Result(self, constants.SUCCESS, key=id)
def check(self):
cm = certmonger._certmonger()
all_requests = cm.obj_if.get_requests()
for req in all_requests:
request = certmonger._cm_dbus_object(cm.bus, cm, req,
certmonger.DBUS_CM_REQUEST_IF,
certmonger.DBUS_CM_IF, True)
id = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF, 'nickname')
store = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'cert-storage')
if store == 'FILE':
certfile = str(
request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'cert-file'))
try:
cert = x509.load_certificate_from_file(certfile)
except Exception as e:
yield Result(self,
constants.ERROR,
key=id,
certfile=certfile,
error=str(e),
msg='Request id {key}: Unable to open cert '
'file \'{certfile}\': {error}')
continue
elif store == 'NSSDB':
nickname = str(
request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'key_nickname'))
dbdir = str(
request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'cert_database'))
try:
db = certdb.NSSDatabase(dbdir)
except Exception as e:
yield Result(self,
constants.ERROR,
key=id,
dbdir=dbdir,
error=str(e),
msg='Request id {key}: Unable to open NSS '
'database \'{dbdir}\': {error}')
continue
try:
cert = db.get_cert(nickname)
except Exception as e:
yield Result(self,
constants.ERROR,
key=id,
dbdir=dbdir,
nickname=nickname,
error=str(e),
msg='Request id {key}: Unable to retrieve '
'cert \'{nickname}\' from \'{dbdir}\': '
'{error}')
continue
else:
yield Result(self,
constants.ERROR,
key=id,
store=store,
msg='Request id {key}: Unknown certmonger '
'storage type: {store}')
continue
now = datetime.utcnow()
notafter = cert.not_valid_after
if now > notafter:
yield Result(self,
constants.ERROR,
key=id,
expiration_date=generalized_time(notafter),
msg='Request id {key} expired on '
'{expiration_date}')
continue
delta = notafter - now
diff = int(delta.total_seconds() / DAY)
if diff < int(self.config.cert_expiration_days):
yield Result(self,
constants.WARNING,
key=id,
expiration_date=generalized_time(notafter),
days=diff,
msg='Request id {key} expires in {days} '
'days. certmonger should renew this '
'automatically. Watch the status with'
'getcert list -i {key}.')
else:
yield Result(self, constants.SUCCESS, key=id)
def check(self):
cm = certmonger._certmonger()
all_requests = cm.obj_if.get_requests()
for req in all_requests:
request = certmonger._cm_dbus_object(cm.bus, cm, req,
certmonger.DBUS_CM_REQUEST_IF,
certmonger.DBUS_CM_IF, True)
id = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF, 'nickname')
store = request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'cert-storage')
if store == 'FILE':
certfile = str(
request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'cert-file'))
try:
cert = x509.load_certificate_from_file(certfile)
except Exception as e:
yield Result(self,
constants.ERROR,
key=id,
certfile=certfile,
error=str(e),
msg='Unable to open cert file \'%s\': %s' %
(certfile, e))
continue
elif store == 'NSSDB':
nickname = str(
request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'key_nickname'))
dbdir = str(
request.prop_if.Get(certmonger.DBUS_CM_REQUEST_IF,
'cert_database'))
try:
db = certdb.NSSDatabase(dbdir)
except Exception as e:
yield Result(self,
constants.ERROR,
key=id,
dbdir=dbdir,
error=str(e),
msg='Unable to open NSS database \'%s\': %s' %
(dbdir, e))
continue
try:
cert = db.get_cert(nickname)
except Exception as e:
yield Result(self,
constants.ERROR,
key=id,
dbdir=dbdir,
nickname=nickname,
error=str(e),
msg='Unable to retrieve cert \'%s\' from '
'\'%s\': %s' % (nickname, dbdir, e))
continue
else:
yield Result(self,
constants.ERROR,
key=id,
store=store,
msg='Unknown certmonger storage type: %s' % store)
continue
now = datetime.utcnow()
notafter = cert.not_valid_after
if now > notafter:
yield Result(self,
constants.ERROR,
key=id,
expiration_date=generalized_time(notafter),
msg='Request id %s expired on %s' %
(id, generalized_time(notafter)))
continue
delta = notafter - now
diff = int(delta.total_seconds() / DAY)
if diff < self.config.cert_expiration_days:
yield Result(self,
constants.WARNING,
key=id,
expiration_date=generalized_time(notafter),
days=diff,
msg='Request id %s expires in %s days' %
(id, diff))
else:
yield Result(self, constants.SUCCESS, key=id)