X-Git-Url: https://v.licheni.net/stack/cam.git/blobdiff_plain/87fb6e3e69f3cb4c0eff11635dda507662a61a7e..d439174a02ec4273560f621f1e003d23c8e05b9d:/cam/main.py diff --git a/cam/main.py b/cam/main.py index 22b9758..4158e42 100755 --- a/cam/main.py +++ b/cam/main.py @@ -2,14 +2,13 @@ import logging import optparse -import os import sys import time from cam import config USAGE = '''cam [] [...] -CAM v%(version)s - (c)2012-2014 by +CAM v%(version)s - (c)2012-2014 by Minimal X509 Certification Authority management tool. Known commands: @@ -28,13 +27,16 @@ Known commands: list List all known certificates + verify FILES... + Verify the certificates found in FILES against the CA + fp [...] Print SHA1/MD5 fingerprints of certificates files ... Dump all the certificate-related files of this TAG - check + check Should be run weekly from a cron job to warn you if some certificates are about to expire (controlled by the 'warning_days' parameter in the 'global' section of the configuration) @@ -95,6 +97,19 @@ def cmd_list(global_config, ca, certs, args): print cert.name, cert.cn, state, expiry_str +def cmd_verify(global_config, ca, certs, args): + if len(args) < 1: + print 'Nothing to do.' + failed = False + for path in args: + if not ca.verify(path): + print '%s: FAIL' % path + failed = True + else: + print '%s: OK' % path + return failed + + def cmd_fingerprint(global_config, ca, certs, args): if len(args) > 0: certs = [find_cert(certs, x) for x in args] @@ -122,6 +137,7 @@ cmd_table = { 'gencrl': cmd_gencrl, 'files': cmd_files, 'list': cmd_list, + 'verify': cmd_verify, 'fp': cmd_fingerprint, 'fingerprint': cmd_fingerprint, 'check': cmd_check, @@ -168,7 +184,7 @@ def main(): def main_wrapper(): try: return main() - except Exception, e: + except Exception: logging.exception('uncaught exception') return 1