tools/check-cert-expired - ganeti - Git at Google

 #!/usr/bin/python
 #

 # Copyright (C) 2010 Google Inc.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
 # met:
 #
 # 1. Redistributions of source code must retain the above copyright notice,
 # this list of conditions and the following disclaimer.
 #
 # 2. Redistributions in binary form must reproduce the above copyright
 # notice, this list of conditions and the following disclaimer in the
 # documentation and/or other materials provided with the distribution.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 # IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 # EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 """Tool to detect expired X509 certificates.

 """

 # pylint: disable=C0103
 # C0103: Invalid name check-cert-expired

 import os.path
 import sys
 import OpenSSL

 from ganeti import constants
 from ganeti import cli
 from ganeti import utils


 def main():
   """Main routine.

   """
   program = os.path.basename(sys.argv[0])

   if len(sys.argv) != 2:
     cli.ToStderr("Usage: %s <certificate-path>", program)
     sys.exit(constants.EXIT_FAILURE)

   filename = sys.argv[1]

   # Read certificate
   try:
     cert_pem = utils.ReadFile(filename)
   except EnvironmentError, err:
     cli.ToStderr("Unable to read %s: %s", filename, err)
     sys.exit(constants.EXIT_FAILURE)

   # Check validity
   try:
     cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                            cert_pem)

     (errcode, msg) = utils.VerifyX509Certificate(cert, None, None)
     if msg:
       cli.ToStderr("%s: %s", filename, msg)
     if errcode == utils.CERT_ERROR:
       sys.exit(constants.EXIT_SUCCESS)

   except (KeyboardInterrupt, SystemExit):
     raise
   except Exception, err: # pylint: disable=W0703
     cli.ToStderr("Unable to check %s: %s", filename, err)

   sys.exit(constants.EXIT_FAILURE)


 if __name__ == "__main__":
   main()
	#!/usr/bin/python
	#

	# Copyright (C) 2010 Google Inc.
	# All rights reserved.
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions are
	# met:
	#
	# 1. Redistributions of source code must retain the above copyright notice,
	# this list of conditions and the following disclaimer.
	#
	# 2. Redistributions in binary form must reproduce the above copyright
	# notice, this list of conditions and the following disclaimer in the
	# documentation and/or other materials provided with the distribution.
	#
	# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
	# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
	# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
	# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
	# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
	# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

	"""Tool to detect expired X509 certificates.

	"""

	# pylint: disable=C0103
	# C0103: Invalid name check-cert-expired

	import os.path
	import sys
	import OpenSSL

	from ganeti import constants
	from ganeti import cli
	from ganeti import utils


	def main():
	"""Main routine.

	"""
	program = os.path.basename(sys.argv[0])

	if len(sys.argv) != 2:
	cli.ToStderr("Usage: %s <certificate-path>", program)
	sys.exit(constants.EXIT_FAILURE)

	filename = sys.argv[1]

	# Read certificate
	try:
	cert_pem = utils.ReadFile(filename)
	except EnvironmentError, err:
	cli.ToStderr("Unable to read %s: %s", filename, err)
	sys.exit(constants.EXIT_FAILURE)

	# Check validity
	try:
	cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
	cert_pem)

	(errcode, msg) = utils.VerifyX509Certificate(cert, None, None)
	if msg:
	cli.ToStderr("%s: %s", filename, msg)
	if errcode == utils.CERT_ERROR:
	sys.exit(constants.EXIT_SUCCESS)

	except (KeyboardInterrupt, SystemExit):
	raise
	except Exception, err: # pylint: disable=W0703
	cli.ToStderr("Unable to check %s: %s", filename, err)

	sys.exit(constants.EXIT_FAILURE)


	if __name__ == "__main__":
	main()