moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-14 06:55:29 +01:00
Code Releases Activity

Fixes exception types

Browse Source
This commit is contained in:
David Klaftenegger 2016-01-11 21:31:11 +01:00 committed by Markus Hauschild
parent 23f9af7c3f
commit d2a47fbd6a
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
acertmgr.py
View File

@ -21,6 +21,11 @@ ACME_CONFD=ACME_DIR + "domains.d/"
CHALLENGE_DIR="/var/www/acme/" CHALLENGE_DIR="/var/www/acme/"
LE_CA="https://acme-staging.api.letsencrypt.org" LE_CA="https://acme-staging.api.letsencrypt.org"
class InvalidCertificateError(Exception):
pass
# @brief check whether existing certificate is still valid or expiring soon # @brief check whether existing certificate is still valid or expiring soon
# @param crt_file string containing the path to the certificate file # @param crt_file string containing the path to the certificate file
# @param ttl_days the minimum amount of days for which the certificate must be valid # @param ttl_days the minimum amount of days for which the certificate must be valid
@ -36,17 +41,17 @@ def cert_isValid(crt_file, ttl_days):
if m: if m:
valid_from = dateutil.parser.parse(m.group(1), ignoretz=True) valid_from = dateutil.parser.parse(m.group(1), ignoretz=True)
else: else:
raise "No notBefore date found, something seems wrong!" raise InvalidCertificateError("No notBefore date found")
m = re.search("notAfter=(.+)", vc) m = re.search("notAfter=(.+)", vc)
if m: if m:
valid_to = dateutil.parser.parse(m.group(1), ignoretz=True) valid_to = dateutil.parser.parse(m.group(1), ignoretz=True)
else: else:
raise "No notAfter date found, something seems wrong!" raise InvalidCertificateError("No notAfter date found")
now = datetime.datetime.now() now = datetime.datetime.now()
if valid_from > now: if valid_from > now:
raise "A Certificate seems to be from the future, something seems wrong!" raise InvalidCertificateError("Certificate seems to be from the future")
expiry_limit = now + dateutil.relativedelta.relativedelta(days=+ttl_days) expiry_limit = now + dateutil.relativedelta.relativedelta(days=+ttl_days)
if valid_to < expiry_limit: if valid_to < expiry_limit:
@ -63,16 +68,16 @@ def cert_get(domain, settings):
key_file = ACME_DIR + "server.key" key_file = ACME_DIR + "server.key"
if not os.path.isfile(key_file): if not os.path.isfile(key_file):
raise "The server key file (%s) is missing!" % key_file raise FileNotFoundError("The server key file (%s) is missing!" % key_file)
acc_file = ACME_DIR + "account.key" acc_file = ACME_DIR + "account.key"
if not os.path.isfile(acc_file): if not os.path.isfile(acc_file):
raise "The account key file (%s) is missing!" % acc_file raise FileNotFoundError("The account key file (%s) is missing!" % acc_file)
csr_file = "/tmp/%s.csr" % domain csr_file = "/tmp/%s.csr" % domain
crt_file = "/tmp/%s.crt" % domain crt_file = "/tmp/%s.crt" % domain
if os.path.lexists(csr_file) or os.path.lexists(crt_file): if os.path.lexists(csr_file) or os.path.lexists(crt_file):
raise "A temporary file already exists!" raise FileExistsError("A temporary file already exists!")
cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain]) cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])