mirror of
https://github.com/moepman/acertmgr.git
synced 2024-11-14 18:35:27 +01:00
Fixes exception types
This commit is contained in:
parent
23f9af7c3f
commit
d2a47fbd6a
17
acertmgr.py
17
acertmgr.py
@ -21,6 +21,11 @@ ACME_CONFD=ACME_DIR + "domains.d/"
|
|||||||
CHALLENGE_DIR="/var/www/acme/"
|
CHALLENGE_DIR="/var/www/acme/"
|
||||||
LE_CA="https://acme-staging.api.letsencrypt.org"
|
LE_CA="https://acme-staging.api.letsencrypt.org"
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidCertificateError(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
# @brief check whether existing certificate is still valid or expiring soon
|
# @brief check whether existing certificate is still valid or expiring soon
|
||||||
# @param crt_file string containing the path to the certificate file
|
# @param crt_file string containing the path to the certificate file
|
||||||
# @param ttl_days the minimum amount of days for which the certificate must be valid
|
# @param ttl_days the minimum amount of days for which the certificate must be valid
|
||||||
@ -36,17 +41,17 @@ def cert_isValid(crt_file, ttl_days):
|
|||||||
if m:
|
if m:
|
||||||
valid_from = dateutil.parser.parse(m.group(1), ignoretz=True)
|
valid_from = dateutil.parser.parse(m.group(1), ignoretz=True)
|
||||||
else:
|
else:
|
||||||
raise "No notBefore date found, something seems wrong!"
|
raise InvalidCertificateError("No notBefore date found")
|
||||||
|
|
||||||
m = re.search("notAfter=(.+)", vc)
|
m = re.search("notAfter=(.+)", vc)
|
||||||
if m:
|
if m:
|
||||||
valid_to = dateutil.parser.parse(m.group(1), ignoretz=True)
|
valid_to = dateutil.parser.parse(m.group(1), ignoretz=True)
|
||||||
else:
|
else:
|
||||||
raise "No notAfter date found, something seems wrong!"
|
raise InvalidCertificateError("No notAfter date found")
|
||||||
|
|
||||||
now = datetime.datetime.now()
|
now = datetime.datetime.now()
|
||||||
if valid_from > now:
|
if valid_from > now:
|
||||||
raise "A Certificate seems to be from the future, something seems wrong!"
|
raise InvalidCertificateError("Certificate seems to be from the future")
|
||||||
|
|
||||||
expiry_limit = now + dateutil.relativedelta.relativedelta(days=+ttl_days)
|
expiry_limit = now + dateutil.relativedelta.relativedelta(days=+ttl_days)
|
||||||
if valid_to < expiry_limit:
|
if valid_to < expiry_limit:
|
||||||
@ -63,16 +68,16 @@ def cert_get(domain, settings):
|
|||||||
|
|
||||||
key_file = ACME_DIR + "server.key"
|
key_file = ACME_DIR + "server.key"
|
||||||
if not os.path.isfile(key_file):
|
if not os.path.isfile(key_file):
|
||||||
raise "The server key file (%s) is missing!" % key_file
|
raise FileNotFoundError("The server key file (%s) is missing!" % key_file)
|
||||||
|
|
||||||
acc_file = ACME_DIR + "account.key"
|
acc_file = ACME_DIR + "account.key"
|
||||||
if not os.path.isfile(acc_file):
|
if not os.path.isfile(acc_file):
|
||||||
raise "The account key file (%s) is missing!" % acc_file
|
raise FileNotFoundError("The account key file (%s) is missing!" % acc_file)
|
||||||
|
|
||||||
csr_file = "/tmp/%s.csr" % domain
|
csr_file = "/tmp/%s.csr" % domain
|
||||||
crt_file = "/tmp/%s.crt" % domain
|
crt_file = "/tmp/%s.crt" % domain
|
||||||
if os.path.lexists(csr_file) or os.path.lexists(crt_file):
|
if os.path.lexists(csr_file) or os.path.lexists(crt_file):
|
||||||
raise "A temporary file already exists!"
|
raise FileExistsError("A temporary file already exists!")
|
||||||
|
|
||||||
|
|
||||||
cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])
|
cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])
|
||||||
|
Loading…
Reference in New Issue
Block a user