def _bootstrap_check(self): """Check whether bootstrap is need Check whether cert is present and still valid If so, a future _bootstrap_check will be scheduled. Otherwise _bootstrap_now will be called immediately """ # flag to ensure the loop is still running, successfully or not self.SetSDWatchdogAlive() try: cert = cert_utils.load_cert(self._gateway_cert_file) except (IOError, ValueError): logging.info('Cannot load a proper cert, start bootstrapping') return self._bootstrap_now() now = datetime.datetime.utcnow() if now + self.PREEXPIRY_BOOTSTRAP_INTERVAL > cert.not_valid_after: logging.info( 'Certificate is expiring soon at %s, start bootstrapping', cert.not_valid_after) return self._bootstrap_now() if now < cert.not_valid_before: logging.error('Certificate is not valid until %s', cert.not_valid_before) return self._bootstrap_now() # no need to restart control_proxy self._bootstrap_success_cb(False) self._schedule_periodic_bootstrap_check()
def test_cert(self): with TemporaryDirectory(prefix='/tmp/test_cert_utils') as temp_dir: cert = _create_dummy_cert() cert_file = os.path.join(temp_dir, 'test.cert') cu.write_cert(cert.public_bytes(serialization.Encoding.DER), cert_file) cert_load = cu.load_cert(cert_file) self.assertEqual(cert, cert_load)
def test_check_cert(certfile): """Determine whether cert is expired, soon expiring, or not yet valid.""" cert = load_cert(certfile) now = datetime.datetime.utcnow() if now > cert.not_valid_after: raise Exception("Certificate has expired!") elif now + datetime.timedelta(hours=20) > cert.not_valid_after: print('> Certificate expiring soon: %s' % cert.not_valid_after) elif now < cert.not_valid_before: raise Exception('Certificate is not yet valid!')