def _bootstrap_check(self):
"""Check whether bootstrap is need
Check whether cert is present and still valid
If so, a future _bootstrap_check will be scheduled.
Otherwise _bootstrap_now will be called immediately
"""
# flag to ensure the loop is still running, successfully or not
self.SetSDWatchdogAlive()
try:
cert = cert_utils.load_cert(self._gateway_cert_file)
except (IOError, ValueError):
logging.info('Cannot load a proper cert, start bootstrapping')
return self._bootstrap_now()
now = datetime.datetime.utcnow()
if now + self.PREEXPIRY_BOOTSTRAP_INTERVAL > cert.not_valid_after:
logging.info(
'Certificate is expiring soon at %s, start bootstrapping',
cert.not_valid_after)
return self._bootstrap_now()
if now < cert.not_valid_before:
logging.error('Certificate is not valid until %s',
cert.not_valid_before)
return self._bootstrap_now()
# no need to restart control_proxy
self._bootstrap_success_cb(False)
self._schedule_periodic_bootstrap_check()
def test_cert(self):
with TemporaryDirectory(prefix='/tmp/test_cert_utils') as temp_dir:
cert = _create_dummy_cert()
cert_file = os.path.join(temp_dir, 'test.cert')
cu.write_cert(cert.public_bytes(serialization.Encoding.DER),
cert_file)
cert_load = cu.load_cert(cert_file)
self.assertEqual(cert, cert_load)
def test_check_cert(certfile):
"""Determine whether cert is expired, soon expiring, or not yet valid."""
cert = load_cert(certfile)
now = datetime.datetime.utcnow()
if now > cert.not_valid_after:
raise Exception("Certificate has expired!")
elif now + datetime.timedelta(hours=20) > cert.not_valid_after:
print('> Certificate expiring soon: %s' % cert.not_valid_after)
elif now < cert.not_valid_before:
raise Exception('Certificate is not yet valid!')
