moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-13 07:55:26 +01:00
Code Releases Activity

Refactor cert_isValid, minor improvements

Browse Source
This commit is contained in:
Markus 2016-01-10 16:40:22 +01:00
parent 363c69c9b8
commit 54787d1513
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
acertmgr.py
View File

@ -20,11 +20,10 @@ ACME_CONFD=ACME_DIR + "domains.d/"
# @brief check whether existing certificate is still valid or expiring soon
# @param domain string containing the domain name
# @param settings the domain's configuration options
# @return True if certificate is still valid for a while, False otherwise
def cert_isValid(domain, settings):
crt_file = ACME_DIR + domain + ".crt"
# @param crt_file string containing the path to the certificate file
# @param ttl_days the minimum amount of days for which the certificate must be valid
# @return True if certificate is still valid for at least ttl_days, False otherwise
def cert_isValid(crt_file, ttl_days):
if not os.path.isfile(crt_file):
return False
else:
@ -47,7 +46,7 @@ def cert_isValid(domain, settings):
if valid_from > now:
raise "A Certificate seems to be from the future, something seems wrong!"
expiry_limit = now + dateutil.relativedelta.relativedelta(days=+15)
expiry_limit = now + dateutil.relativedelta.relativedelta(days=+ttl_days)
if valid_to < expiry_limit:
return False
@ -59,15 +58,17 @@ def cert_isValid(domain, settings):
# @param settings the domain's configuration options
def cert_get(domain, settings):
key_file = ACME_DIR + "server.key"
csr_file = "/tmp/%s.csr" % domain
print("Getting certificate for %s." % domain)
crt_file = "/tmp/%s.crt" % domain
print("Getting certificate for %s." % domain)
cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])
# TODO run acme_tiny
# TODO check if resulting certificate is valid
# TODO delete temporary files
os.remove(csr_file)
# TODO copy cert w/ correct permissions
# TODO restart/reload service(s)
@ -107,5 +108,7 @@ if __name__ == "__main__":
# check certificate validity and obtain/renew certificates if needed
for domain, domaincfg in config['domains'].iteritems():
cfg = complete_config(domaincfg, config['defaults'])
if not cert_isValid(domain, cfg):
crt_file = ACME_DIR + "%s.crt" % domain
ttl_days = int(config.get('ttl_days', 15))
if not cert_isValid(crt_file, ttl_days):
cert_get(domain, cfg)