def cert_id_exists_in_database(log_id):
"""Check if a ID already exists in the either certificate collection.
Returns True if the id exists, False otherwise
"""
c = Cert.objects(log_id=log_id)
if c.count() > 0:
return True
with context_managers.switch_collection(Cert, "precerts"):
c = Cert.objects(log_id=log_id)
if c.count() > 0:
return True
return False
def group_update_domain(domain,
max_expired_date,
verbose=False,
dry_run=False):
"""Create parallel tasks to download all new certificates with date filter.
Arguments:
domain -- domain name to query
max_expired_date -- a date to filter out expired certificates
Returns the number of certificates imported.
"""
# create a list of signatures to be executed in parallel
signatures = []
for log_id in get_new_log_ids(domain.domain, max_expired_date, verbose):
signatures.append(cert_by_id.s(log_id))
# create a job with all the signatures
job = group(signatures)
# send the group to the queue
results = job.apply_async()
# wait for the jobs to complete, updating our progress bar as we go
with tqdm(total=len(signatures), desc="Certs", unit="certs",
leave=False) as pbar:
while not results.ready():
pbar.update(results.completed_count() - pbar.n)
time.sleep(0.5)
# map the tasks to their corresponding results
tasks_to_results = zip(job.tasks, results.join())
# create x509 certificates from the results
for task, pem in tasks_to_results:
cert, is_precert = Cert.from_pem(pem)
cert.log_id = task.get("args")[0] # get log_id from task
if is_precert:
# if this is a precert, we save to the precert collection
with context_managers.switch_collection(Cert, "precerts"):
if not dry_run:
cert.save()
else:
# this is not a precert, save to the cert collection
if not dry_run:
cert.save()
return len(job.tasks)
def test_from_pem(self):
"""Verify Cert creation from a PEM blob."""
cert, is_poisioned = Cert.from_pem(CISA_PEM)
assert is_poisioned is False
cert.log_id = 123
cert.save()
def test_simple_creation(self):
"""Create a new user, and save it."""
cert = Cert()
cert.log_id = 654321
cert.serial = "123456"
cert.issuer = "CISA Super Secure CA"
cert.not_before = datetime.now(tz.tzutc())
cert.not_after = datetime.now(tz.tzutc())
cert.sct_or_not_before = datetime.now(tz.tzutc())
cert.sct_exists = True
cert.pem = "Not a PEM"
cert.subjects = ["cisa.gov"]
cert.save()
def test_subjects(self):
"""Validate that subjects and trimmed_subjects are calulcated correctly."""
cert = Cert()
cert.subjects = ["cisa.gov", "cyber.dhs.gov"]
assert set(cert.trimmed_subjects) == {"cisa.gov", "dhs.gov"}
def test_empty_creation(self):
"""Create a new cert, and save it."""
cert = Cert()
# lots of fields are required, so this should fail
with pytest.raises(mongoengine.errors.ValidationError):
cert.save()