root / tools / check-cert-expired @ c6ccba7e
History | View | Annotate | Download (2 kB)
| 1 |
#!/usr/bin/python |
|---|---|
| 2 |
# |
| 3 |
|
| 4 |
# Copyright (C) 2010 Google Inc. |
| 5 |
# |
| 6 |
# This program is free software; you can redistribute it and/or modify |
| 7 |
# it under the terms of the GNU General Public License as published by |
| 8 |
# the Free Software Foundation; either version 2 of the License, or |
| 9 |
# (at your option) any later version. |
| 10 |
# |
| 11 |
# This program is distributed in the hope that it will be useful, but |
| 12 |
# WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 |
# General Public License for more details. |
| 15 |
# |
| 16 |
# You should have received a copy of the GNU General Public License |
| 17 |
# along with this program; if not, write to the Free Software |
| 18 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| 19 |
# 02110-1301, USA. |
| 20 |
|
| 21 |
"""Tool to detect expired X509 certificates. |
| 22 |
|
| 23 |
""" |
| 24 |
|
| 25 |
# pylint: disable-msg=C0103 |
| 26 |
# C0103: Invalid name check-cert-expired |
| 27 |
|
| 28 |
import os.path |
| 29 |
import sys |
| 30 |
import OpenSSL |
| 31 |
|
| 32 |
from ganeti import constants |
| 33 |
from ganeti import cli |
| 34 |
from ganeti import utils |
| 35 |
|
| 36 |
|
| 37 |
def main(): |
| 38 |
"""Main routine. |
| 39 |
|
| 40 |
""" |
| 41 |
program = os.path.basename(sys.argv[0]) |
| 42 |
|
| 43 |
if len(sys.argv) != 2: |
| 44 |
cli.ToStderr("Usage: %s <certificate-path>", program)
|
| 45 |
sys.exit(constants.EXIT_FAILURE) |
| 46 |
|
| 47 |
filename = sys.argv[1] |
| 48 |
|
| 49 |
# Read certificate |
| 50 |
try: |
| 51 |
cert_pem = utils.ReadFile(filename) |
| 52 |
except EnvironmentError, err: |
| 53 |
cli.ToStderr("Unable to read %s: %s", filename, err)
|
| 54 |
sys.exit(constants.EXIT_FAILURE) |
| 55 |
|
| 56 |
# Check validity |
| 57 |
try: |
| 58 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
| 59 |
cert_pem) |
| 60 |
|
| 61 |
(errcode, msg) = utils.VerifyX509Certificate(cert, None, None) |
| 62 |
if msg: |
| 63 |
cli.ToStderr("%s: %s", filename, msg)
|
| 64 |
if errcode == utils.CERT_ERROR: |
| 65 |
sys.exit(constants.EXIT_SUCCESS) |
| 66 |
|
| 67 |
except (KeyboardInterrupt, SystemExit): |
| 68 |
raise |
| 69 |
except Exception, err: # pylint: disable-msg=W0703 |
| 70 |
cli.ToStderr("Unable to check %s: %s", filename, err)
|
| 71 |
|
| 72 |
sys.exit(constants.EXIT_FAILURE) |
| 73 |
|
| 74 |
|
| 75 |
if __name__ == "__main__": |
| 76 |
main() |