always revoke the certificate, even if it is already expired

[stack/cam.git] / cam / main.py

diff --git a/cam/main.py b/cam/main.py
index 2e80029..a925df3 100755 (executable)
--- a/cam/main.py
+++ b/cam/main.py
@@ -28,7 +28,10 @@ Known commands:
   list
     List all known certificates
 
-  files <TAG>...
+  fp [<TAG>...]
+    Print SHA1/MD5 fingerprints of certificates
+
+  files <TAG>
     Dump all the certificate-related files of this TAG
 
   check 
@@ -84,11 +87,28 @@ def main():
             print c.public_key_file
             print c.private_key_file
         elif cmd == 'list':
+            now = time.time()
             for cert in sorted(certs, key=lambda x: x.name):
-                print cert.name, cert.cn, cert.get_expiration_date()
+                expiry = cert.get_expiration_date()
+                state = 'OK'
+                expiry_str = ''
+                if not expiry:
+                    state = 'MISSING'
+                else:
+                    if expiry < now:
+                        state = 'EXPIRED'
+                    expiry_str = time.strftime('%Y/%m/%d', time.gmtime(expiry))
+                print cert.name, cert.cn, state, expiry_str
+        elif cmd == 'fp' or cmd == 'fingerprint':
+            if len(args) > 0:
+                certs = [find_cert(certs, x) for x in args]
+            for cert in certs:
+                print cert.name, cert.cn
+                print '  SHA1:', cert.get_fingerprint('sha1')
+                print '  MD5:', cert.get_fingerprint('md5')
         elif cmd == 'check':
             now = time.time()
-            warning_time = 8640000 * int(global_config.get('warning_days', 15))
+            warning_time = 86400 * int(global_config.get('warning_days', 15))
             for cert in certs:
                 exp = cert.get_expiration_date()
                 if exp and (exp - now) < warning_time: