Commit d439174a authored by godog's avatar godog

add 'verify' subcommand

parent 99d387f6
......@@ -156,6 +156,15 @@ class CA(object):
'-key', self._getpw())
self.gencrl()
def verify(self, path):
log.info('verifying certificate %s', path)
args = ['verify', '-CAfile', self.files.public_key, path]
try:
openssl_wrap.run(*args, CAROOT=os.path.abspath(self.basedir))
except openssl_wrap.CommandError:
return False
return True
def generate(self, cert):
self._update_config()
......
......@@ -2,14 +2,13 @@
import logging
import optparse
import os
import sys
import time
from cam import config
USAGE = '''cam [<OPTIONS>] <COMMAND> [<ARG>...]
CAM v%(version)s - (c)2012-2014 by <ale@incal.net>
CAM v%(version)s - (c)2012-2014 by <ale@incal.net>
Minimal X509 Certification Authority management tool.
Known commands:
......@@ -28,13 +27,16 @@ Known commands:
list
List all known certificates
verify FILES...
Verify the certificates found in FILES against the CA
fp [<TAG>...]
Print SHA1/MD5 fingerprints of certificates
files <TAG>...
Dump all the certificate-related files of this TAG
check
check
Should be run weekly from a cron job to warn you if some
certificates are about to expire (controlled by the 'warning_days'
parameter in the 'global' section of the configuration)
......@@ -95,6 +97,19 @@ def cmd_list(global_config, ca, certs, args):
print cert.name, cert.cn, state, expiry_str
def cmd_verify(global_config, ca, certs, args):
if len(args) < 1:
print 'Nothing to do.'
failed = False
for path in args:
if not ca.verify(path):
print '%s: FAIL' % path
failed = True
else:
print '%s: OK' % path
return failed
def cmd_fingerprint(global_config, ca, certs, args):
if len(args) > 0:
certs = [find_cert(certs, x) for x in args]
......@@ -122,6 +137,7 @@ cmd_table = {
'gencrl': cmd_gencrl,
'files': cmd_files,
'list': cmd_list,
'verify': cmd_verify,
'fp': cmd_fingerprint,
'fingerprint': cmd_fingerprint,
'check': cmd_check,
......@@ -168,7 +184,7 @@ def main():
def main_wrapper():
try:
return main()
except Exception, e:
except Exception:
logging.exception('uncaught exception')
return 1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment