v.licheni.net
/
stack
/
cam.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
99d387f
)
add 'verify' subcommand
author
godog
<godog@autistici.org>
Tue, 7 Oct 2014 22:25:39 +0000
(23:25 +0100)
committer
godog
<godog@autistici.org>
Tue, 7 Oct 2014 22:25:39 +0000
(23:25 +0100)
cam/ca.py
patch
|
blob
|
history
cam/main.py
patch
|
blob
|
history
diff --git
a/cam/ca.py
b/cam/ca.py
index
043cc7e
..
f906819
100644
(file)
--- a/
cam/ca.py
+++ b/
cam/ca.py
@@
-156,6
+156,15
@@
class CA(object):
'-key', self._getpw())
self.gencrl()
'-key', self._getpw())
self.gencrl()
+ def verify(self, path):
+ log.info('verifying certificate %s', path)
+ args = ['verify', '-CAfile', self.files.public_key, path]
+ try:
+ openssl_wrap.run(*args, CAROOT=os.path.abspath(self.basedir))
+ except openssl_wrap.CommandError:
+ return False
+ return True
+
def generate(self, cert):
self._update_config()
def generate(self, cert):
self._update_config()
diff --git
a/cam/main.py
b/cam/main.py
index
22b9758
..
4158e42
100755
(executable)
--- a/
cam/main.py
+++ b/
cam/main.py
@@
-2,14
+2,13
@@
import logging
import optparse
import logging
import optparse
-import os
import sys
import time
from cam import config
USAGE = '''cam [<OPTIONS>] <COMMAND> [<ARG>...]
import sys
import time
from cam import config
USAGE = '''cam [<OPTIONS>] <COMMAND> [<ARG>...]
-CAM v%(version)s - (c)2012-2014 by <ale@incal.net>
+CAM v%(version)s - (c)2012-2014 by <ale@incal.net>
Minimal X509 Certification Authority management tool.
Known commands:
Minimal X509 Certification Authority management tool.
Known commands:
@@
-28,13
+27,16
@@
Known commands:
list
List all known certificates
list
List all known certificates
+ verify FILES...
+ Verify the certificates found in FILES against the CA
+
fp [<TAG>...]
Print SHA1/MD5 fingerprints of certificates
files <TAG>...
Dump all the certificate-related files of this TAG
fp [<TAG>...]
Print SHA1/MD5 fingerprints of certificates
files <TAG>...
Dump all the certificate-related files of this TAG
- check
+ check
Should be run weekly from a cron job to warn you if some
certificates are about to expire (controlled by the 'warning_days'
parameter in the 'global' section of the configuration)
Should be run weekly from a cron job to warn you if some
certificates are about to expire (controlled by the 'warning_days'
parameter in the 'global' section of the configuration)
@@
-95,6
+97,19
@@
def cmd_list(global_config, ca, certs, args):
print cert.name, cert.cn, state, expiry_str
print cert.name, cert.cn, state, expiry_str
+def cmd_verify(global_config, ca, certs, args):
+ if len(args) < 1:
+ print 'Nothing to do.'
+ failed = False
+ for path in args:
+ if not ca.verify(path):
+ print '%s: FAIL' % path
+ failed = True
+ else:
+ print '%s: OK' % path
+ return failed
+
+
def cmd_fingerprint(global_config, ca, certs, args):
if len(args) > 0:
certs = [find_cert(certs, x) for x in args]
def cmd_fingerprint(global_config, ca, certs, args):
if len(args) > 0:
certs = [find_cert(certs, x) for x in args]
@@
-122,6
+137,7
@@
cmd_table = {
'gencrl': cmd_gencrl,
'files': cmd_files,
'list': cmd_list,
'gencrl': cmd_gencrl,
'files': cmd_files,
'list': cmd_list,
+ 'verify': cmd_verify,
'fp': cmd_fingerprint,
'fingerprint': cmd_fingerprint,
'check': cmd_check,
'fp': cmd_fingerprint,
'fingerprint': cmd_fingerprint,
'check': cmd_check,
@@
-168,7
+184,7
@@
def main():
def main_wrapper():
try:
return main()
def main_wrapper():
try:
return main()
- except Exception
, e
:
+ except Exception:
logging.exception('uncaught exception')
return 1
logging.exception('uncaught exception')
return 1