示例#1
0
    def test_format_as1_date_from_certs(self):
        test_cases = [
            {'path': 'valid/cert.pem',
             'year': 2027,
             'month': 2,
             'day': 25,
            },
            {'path': 'invalid/expired_cert.pem',
             'year': 2017,
             'month': 2,
             'day': 4,
            },
            {'path': 'invalid/glbc_le_stage_cert.pem',
             'year': 2017,
             'month': 8,
             'day': 22,
            },
        ]

        for tc in test_cases:
            path = os.path.join(helpers.DATA_DIR, 'https', tc['path'])
            with open(path, 'r') as f:
                cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())

            s = cert.get_notAfter()
            date = letsencrypt.convert_asn1_date(s)
            self.assertEquals(date.year, tc['year'])
            self.assertEquals(date.month, tc['month'])
            self.assertEquals(date.day, tc['day'])
示例#2
0
    def acme_cert_renewal_checks(self, store):
        cert = load_certificate(FILETYPE_PEM,
                                GLSettings.memory_copy.private.https_cert)
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())

        t = timedelta(days=self.acme_try_renewal)
        renewal_window = datetime.now() + t

        if not expiration_date < renewal_window:
            # We will not apply for the renewal of the certificate
            return

        try:
            db_acme_cert_issuance(store)
        except Exception as e:
            self.acme_failures = +1
            log.err('ACME certificate renewal failed with: %s' % e)
            raise
        try:
            yield GLSettings.appstate.process_supervisor.shutdown()
            yield GLSettings.appstate.process_supervisor.maybe_launch_https_workers(
            )
        except Exception as e:
            self.acme_failures = +1
            log.err('Restart of HTTPS workers failed with: %s' % e)
            raise
示例#3
0
    def cert_expiration_checks(self, store):
        priv_fact = models.config.PrivateFactory(store)

        if not priv_fact.get_val(u'https_enabled'):
            return

        cert = load_certificate(FILETYPE_PEM, priv_fact.get_val(u'https_cert'))
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())

        # Acme renewal checks
        if priv_fact.get_val(u'acme') and datetime.now(
        ) > expiration_date - timedelta(days=self.acme_try_renewal):
            try:
                db_acme_cert_issuance(store)
            except Exception as excep:
                self.acme_failures = +1
                log.err('ACME certificate renewal failed with: %s', excep)
                raise

            self.should_restart_https = True
            self.acme_failures = 0

        # Regular certificates expiration checks
        elif datetime.now() > expiration_date - timedelta(
                days=self.notify_expr_within):
            log.info('The HTTPS Certificate is expiring on %s',
                     expiration_date)
            if not State.tenant_cache[
                    1].notif.disable_admin_notification_emails:
                self.certificate_mail_creation(store, expiration_date)
示例#4
0
    def cert_expiration_checks(self, session, tid):
        priv_fact = models.config.ConfigFactory(session, tid, 'node')

        if not priv_fact.get_val(u'https_enabled'):
            return

        cert = load_certificate(FILETYPE_PEM, priv_fact.get_val(u'https_cert'))
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())
        expiration_date_iso = datetime_to_ISO8601(expiration_date)

        # Acme renewal checks
        if priv_fact.get_val(u'acme') and datetime.now() > expiration_date - timedelta(days=self.acme_try_renewal):
            try:
                db_acme_cert_issuance(session, tid)
            except Exception as exc:
                log.err('Automatic HTTPS renewal failed: %s', exc, tid=tid)

                # Send an email to the admin cause this requires user intervention
                if not self.state.tenant_cache[tid].notification.disable_admin_notification_emails:
                    self.certificate_mail_creation(session, 'https_certificate_renewal_failure', tid, expiration_date_iso)
            else:
                self.should_restart_https = True

        # Regular certificates expiration checks
        elif datetime.now() > expiration_date - timedelta(days=self.notify_expr_within):
            log.info('The HTTPS Certificate is expiring on %s', expiration_date, tid=tid)
            if not self.state.tenant_cache[tid].notification.disable_admin_notification_emails:
                self.certificate_mail_creation(session, 'https_certificate_expiration', tid, expiration_date_iso)
示例#5
0
    def test_format_as1_date_from_certs(self):
        test_cases = [
            {'path': 'valid/cert.pem',
             'year': 2027,
             'month': 2,
             'day': 25,
            },
            {'path': 'invalid/expired_cert.pem',
             'year': 2017,
             'month': 2,
             'day': 4,
            },
            {'path': 'invalid/glbc_le_stage_cert.pem',
             'year': 2017,
             'month': 8,
             'day': 22,
            },
        ]

        for tc in test_cases:
            path = os.path.join(helpers.DATA_DIR, 'https', tc['path'])
            with open(path, 'r') as f:
                cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())

            s = cert.get_notAfter()
            date = letsencrypt.convert_asn1_date(s)
            self.assertEquals(date.year, tc['year'])
            self.assertEquals(date.month, tc['month'])
            self.assertEquals(date.day, tc['day'])
示例#6
0
    def test_format_asn1_date(self):
        s = b'20170827153000Z'

        d = letsencrypt.convert_asn1_date(s)

        self.assertEqual(d.year, 2017)
        self.assertEqual(d.month, 8)
        self.assertEqual(d.day, 27)
示例#7
0
    def test_format_asn1_date(self):
        s = b'20170827153000Z'

        d = letsencrypt.convert_asn1_date(s)

        self.assertEqual(d.year, 2017)
        self.assertEqual(d.month, 8)
        self.assertEqual(d.day, 27)
示例#8
0
    def db_serialize(session, tid):
        c = ConfigFactory(session, tid).get_val('https_chain')
        if len(c) == 0:
            return {'name': 'chain', 'set': False}

        x509 = crypto.load_certificate(crypto.FILETYPE_PEM, c)
        expr_date = letsencrypt.convert_asn1_date(x509.get_notAfter())

        return {
            'name': 'chain',
            'issuer': tls.parse_issuer_name(x509),
            'expiration_date': expr_date,
            'set': True,
        }
示例#9
0
    def cert_expiration_checks(self, store):
        if not GLSettings.memory_copy.private.https_enabled:
            return

        cert = load_certificate(FILETYPE_PEM, GLSettings.memory_copy.private.https_cert)
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())

        t = timedelta(days=self.notify_expr_within)
        expiration_window = datetime.now() + t
        if not expiration_date < expiration_window:
            log.debug('The HTTPS certificate is not going to expire within target window.')
            return

        if GLSettings.memory_copy.notif.disable_admin_notification_emails:
            log.info('Certificate expiring on %s, admin notif email suppressed' % expiration_date)
        else:
            self.certificate_mail_creation(store, expiration_date)
示例#10
0
    def db_serialize(session, tid):
        c = ConfigFactory(session, tid).get_val('https_cert')
        if not c:
            return {
                'name': 'cert',
                'set': False
            }

        log.err(c)
        c = """{}""".format(c)
        x509 = crypto.load_certificate(crypto.FILETYPE_PEM, c)
        expr_date = letsencrypt.convert_asn1_date(x509.get_notAfter())

        return {
            'name': 'cert',
            'issuer': tls.parse_issuer_name(x509),
            'expiration_date': expr_date,
            'set': True,
        }
示例#11
0
    def cert_expiration_checks(self, session, tid):
        now = datetime.now()

        priv_fact = models.config.ConfigFactory(session, tid)

        if not priv_fact.get_val('https_enabled'):
            return

        cert = load_certificate(FILETYPE_PEM, priv_fact.get_val('https_cert'))
        expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())

        # Acme renewal checks
        if priv_fact.get_val('acme') and now > expiration_date - timedelta(
                days=self.acme_try_renewal):
            try:
                db_acme_cert_request(session, tid)
            except Exception as exc:
                log.err('Automatic HTTPS renewal failed: %s', exc, tid=tid)

                # Send an email to the admin cause this requires user intervention
                if now > expiration_date - timedelta(days=self.notify_expr_within) and \
                   not self.state.tenant_cache[tid].notification.disable_admin_notification_emails:
                    self.certificate_mail_creation(
                        session, 'https_certificate_renewal_failure', tid,
                        expiration_date)

            tls_config = load_tls_dict(session, tid)

            self.state.snimap.unload(tid)
            self.state.snimap.load(tid, tls_config)

        # Regular certificates expiration checks
        elif now > expiration_date - timedelta(days=self.notify_expr_within):
            log.info('The HTTPS Certificate is expiring on %s',
                     expiration_date,
                     tid=tid)
            if not self.state.tenant_cache[
                    tid].notification.disable_admin_notification_emails:
                self.certificate_mail_creation(session,
                                               'https_certificate_expiration',
                                               tid, expiration_date)