Commit d439174a authored by godog's avatar godog

add 'verify' subcommand

parent 99d387f6
......@@ -156,6 +156,15 @@ class CA(object):
'-key', self._getpw())
self.gencrl()
def verify(self, path):
log.info('verifying certificate %s', path)
args = ['verify', '-CAfile', self.files.public_key, path]
try:
openssl_wrap.run(*args, CAROOT=os.path.abspath(self.basedir))
except openssl_wrap.CommandError:
return False
return True
def generate(self, cert):
self._update_config()
......
......@@ -2,7 +2,6 @@
import logging
import optparse
import os
import sys
import time
from cam import config
......@@ -28,6 +27,9 @@ Known commands:
list
List all known certificates
verify FILES...
Verify the certificates found in FILES against the CA
fp [<TAG>...]
Print SHA1/MD5 fingerprints of certificates
......@@ -95,6 +97,19 @@ def cmd_list(global_config, ca, certs, args):
print cert.name, cert.cn, state, expiry_str
def cmd_verify(global_config, ca, certs, args):
if len(args) < 1:
print 'Nothing to do.'
failed = False
for path in args:
if not ca.verify(path):
print '%s: FAIL' % path
failed = True
else:
print '%s: OK' % path
return failed
def cmd_fingerprint(global_config, ca, certs, args):
if len(args) > 0:
certs = [find_cert(certs, x) for x in args]
......@@ -122,6 +137,7 @@ cmd_table = {
'gencrl': cmd_gencrl,
'files': cmd_files,
'list': cmd_list,
'verify': cmd_verify,
'fp': cmd_fingerprint,
'fingerprint': cmd_fingerprint,
'check': cmd_check,
......@@ -168,7 +184,7 @@ def main():
def main_wrapper():
try:
return main()
except Exception, e:
except Exception:
logging.exception('uncaught exception')
return 1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment