X-Git-Url: https://v.licheni.net/stack/cam.git/blobdiff_plain/de74ecfb399e9c18e476104744856fde67ea2e81..112c04e3926d62291efd902a1dcb0b2d24feeb59:/cam/cert.py diff --git a/cam/cert.py b/cam/cert.py new file mode 100644 index 0000000..9254fb0 --- /dev/null +++ b/cam/cert.py @@ -0,0 +1,58 @@ +import os +import re +import string +import time +from cam import openssl_wrap + + +def _parse_alt_names(s): + if not s: + return [] + if ',' in s: + parts = s.split(',') + else: + parts = s.split() + return [x.strip() for x in parts if x] + + +class Cert(object): + + def __init__(self, ca, name, config): + self.name = name + self.ca = ca + self.cn = config['cn'] + self.ou = config.get('ou', '') + self.days = config.get('days') + + self.alt_names = _parse_alt_names(config.get('alt_names')) + if self.cn not in self.alt_names: + self.alt_names.insert(0, self.cn) + self.public_key_file = os.path.join(ca.basedir, 'public', 'certs', + '%s.pem' % name) + self.private_key_file = os.path.join(ca.basedir, 'private', + '%s.key' % name) + + def get_fingerprint(self, digest='sha1'): + if os.path.exists(self.public_key_file): + output = openssl_wrap.run('x509', '-in', self.public_key_file, + '-noout', '-fingerprint', '-%s' % digest) + m = re.search(r'=(.*)$', output) + if m: + return m.group(1) + return None + + def get_expiration_date(self): + if os.path.exists(self.public_key_file): + output = openssl_wrap.run('x509', '-in', self.public_key_file, + '-noout', '-dates') + m = re.search(r'notAfter=(.*)', output) + if m: + return time.mktime(time.strptime(m.group(1), + '%b %d %H:%M:%S %Y %Z')) + return None + + def expired(self): + now = time.time() + return self.get_expiration_date() > now + +