Statistics
| Branch: | Tag: | Revision:

root / tools / check-cert-expired @ 577d45d4

History | View | Annotate | Download (2 kB)

1 c6ccba7e Michael Hanselmann
#!/usr/bin/python
2 c6ccba7e Michael Hanselmann
#
3 c6ccba7e Michael Hanselmann
4 c6ccba7e Michael Hanselmann
# Copyright (C) 2010 Google Inc.
5 c6ccba7e Michael Hanselmann
#
6 c6ccba7e Michael Hanselmann
# This program is free software; you can redistribute it and/or modify
7 c6ccba7e Michael Hanselmann
# it under the terms of the GNU General Public License as published by
8 c6ccba7e Michael Hanselmann
# the Free Software Foundation; either version 2 of the License, or
9 c6ccba7e Michael Hanselmann
# (at your option) any later version.
10 c6ccba7e Michael Hanselmann
#
11 c6ccba7e Michael Hanselmann
# This program is distributed in the hope that it will be useful, but
12 c6ccba7e Michael Hanselmann
# WITHOUT ANY WARRANTY; without even the implied warranty of
13 c6ccba7e Michael Hanselmann
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 c6ccba7e Michael Hanselmann
# General Public License for more details.
15 c6ccba7e Michael Hanselmann
#
16 c6ccba7e Michael Hanselmann
# You should have received a copy of the GNU General Public License
17 c6ccba7e Michael Hanselmann
# along with this program; if not, write to the Free Software
18 c6ccba7e Michael Hanselmann
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 c6ccba7e Michael Hanselmann
# 02110-1301, USA.
20 c6ccba7e Michael Hanselmann
21 c6ccba7e Michael Hanselmann
"""Tool to detect expired X509 certificates.
22 c6ccba7e Michael Hanselmann
23 c6ccba7e Michael Hanselmann
"""
24 c6ccba7e Michael Hanselmann
25 c6ccba7e Michael Hanselmann
# pylint: disable-msg=C0103
26 c6ccba7e Michael Hanselmann
# C0103: Invalid name check-cert-expired
27 c6ccba7e Michael Hanselmann
28 c6ccba7e Michael Hanselmann
import os.path
29 c6ccba7e Michael Hanselmann
import sys
30 c6ccba7e Michael Hanselmann
import OpenSSL
31 c6ccba7e Michael Hanselmann
32 c6ccba7e Michael Hanselmann
from ganeti import constants
33 c6ccba7e Michael Hanselmann
from ganeti import cli
34 c6ccba7e Michael Hanselmann
from ganeti import utils
35 c6ccba7e Michael Hanselmann
36 c6ccba7e Michael Hanselmann
37 c6ccba7e Michael Hanselmann
def main():
38 c6ccba7e Michael Hanselmann
  """Main routine.
39 c6ccba7e Michael Hanselmann
40 c6ccba7e Michael Hanselmann
  """
41 c6ccba7e Michael Hanselmann
  program = os.path.basename(sys.argv[0])
42 c6ccba7e Michael Hanselmann
43 c6ccba7e Michael Hanselmann
  if len(sys.argv) != 2:
44 c6ccba7e Michael Hanselmann
    cli.ToStderr("Usage: %s <certificate-path>", program)
45 c6ccba7e Michael Hanselmann
    sys.exit(constants.EXIT_FAILURE)
46 c6ccba7e Michael Hanselmann
47 c6ccba7e Michael Hanselmann
  filename = sys.argv[1]
48 c6ccba7e Michael Hanselmann
49 c6ccba7e Michael Hanselmann
  # Read certificate
50 c6ccba7e Michael Hanselmann
  try:
51 c6ccba7e Michael Hanselmann
    cert_pem = utils.ReadFile(filename)
52 c6ccba7e Michael Hanselmann
  except EnvironmentError, err:
53 c6ccba7e Michael Hanselmann
    cli.ToStderr("Unable to read %s: %s", filename, err)
54 c6ccba7e Michael Hanselmann
    sys.exit(constants.EXIT_FAILURE)
55 c6ccba7e Michael Hanselmann
56 c6ccba7e Michael Hanselmann
  # Check validity
57 c6ccba7e Michael Hanselmann
  try:
58 c6ccba7e Michael Hanselmann
    cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
59 c6ccba7e Michael Hanselmann
                                           cert_pem)
60 c6ccba7e Michael Hanselmann
61 c6ccba7e Michael Hanselmann
    (errcode, msg) = utils.VerifyX509Certificate(cert, None, None)
62 c6ccba7e Michael Hanselmann
    if msg:
63 c6ccba7e Michael Hanselmann
      cli.ToStderr("%s: %s", filename, msg)
64 c6ccba7e Michael Hanselmann
    if errcode == utils.CERT_ERROR:
65 c6ccba7e Michael Hanselmann
      sys.exit(constants.EXIT_SUCCESS)
66 c6ccba7e Michael Hanselmann
67 c6ccba7e Michael Hanselmann
  except (KeyboardInterrupt, SystemExit):
68 c6ccba7e Michael Hanselmann
    raise
69 c6ccba7e Michael Hanselmann
  except Exception, err: # pylint: disable-msg=W0703
70 c6ccba7e Michael Hanselmann
    cli.ToStderr("Unable to check %s: %s", filename, err)
71 c6ccba7e Michael Hanselmann
72 c6ccba7e Michael Hanselmann
  sys.exit(constants.EXIT_FAILURE)
73 c6ccba7e Michael Hanselmann
74 c6ccba7e Michael Hanselmann
75 c6ccba7e Michael Hanselmann
if __name__ == "__main__":
76 c6ccba7e Michael Hanselmann
  main()