'-key', self._getpw())
self.gencrl()
+ def verify(self, path):
+ log.info('verifying certificate %s', path)
+ args = ['verify', '-CAfile', self.files.public_key, path]
+ try:
+ openssl_wrap.run(*args, CAROOT=os.path.abspath(self.basedir))
+ except openssl_wrap.CommandError:
+ return False
+ return True
+
def generate(self, cert):
self._update_config()
import logging
import optparse
-import os
import sys
import time
from cam import config
USAGE = '''cam [<OPTIONS>] <COMMAND> [<ARG>...]
-CAM v%(version)s - (c)2012-2014 by <ale@incal.net>
+CAM v%(version)s - (c)2012-2014 by <ale@incal.net>
Minimal X509 Certification Authority management tool.
Known commands:
list
List all known certificates
+ verify FILES...
+ Verify the certificates found in FILES against the CA
+
fp [<TAG>...]
Print SHA1/MD5 fingerprints of certificates
files <TAG>...
Dump all the certificate-related files of this TAG
- check
+ check
Should be run weekly from a cron job to warn you if some
certificates are about to expire (controlled by the 'warning_days'
parameter in the 'global' section of the configuration)
print cert.name, cert.cn, state, expiry_str
+def cmd_verify(global_config, ca, certs, args):
+ if len(args) < 1:
+ print 'Nothing to do.'
+ failed = False
+ for path in args:
+ if not ca.verify(path):
+ print '%s: FAIL' % path
+ failed = True
+ else:
+ print '%s: OK' % path
+ return failed
+
+
def cmd_fingerprint(global_config, ca, certs, args):
if len(args) > 0:
certs = [find_cert(certs, x) for x in args]
'gencrl': cmd_gencrl,
'files': cmd_files,
'list': cmd_list,
+ 'verify': cmd_verify,
'fp': cmd_fingerprint,
'fingerprint': cmd_fingerprint,
'check': cmd_check,
def main_wrapper():
try:
return main()
- except Exception, e:
+ except Exception:
logging.exception('uncaught exception')
return 1