Cleaning up temporary file creation, and revocation checking

2015-09-02 09:12:05 -07:00 · 2015-09-02 09:12:05 -07:00 · 3b109ec578
parent 45158c64a2
commit 3b109ec578
2 changed files with 24 additions and 18 deletions
--- a/lemur/certificates/verify.py
+++ b/lemur/certificates/verify.py
@ -21,12 +21,12 @@ from tempfile import NamedTemporaryFile
@contextmanager
 def mktempfile():
    with NamedTemporaryFile(delete=False) as f:
-        fi = f
+        name = f.name

    try:
-        yield fi
+        yield name
    finally:
-        os.unlink(fi.name)
+        os.unlink(name)


 def ocsp_verify(cert_path, issuer_chain_path):
@ -113,8 +113,10 @@ def verify_string(cert_string, issuer_string):
    :return: True if valid, False otherwise
    """
    with mktempfile() as cert_tmp:
-        cert_tmp.write(cert_string)
+        with open(cert_tmp, 'w') as f:
+            f.write(cert_string)
        with mktempfile() as issuer_tmp:
-            issuer_tmp.write(issuer_string)
-            status = verify(cert_tmp.path, issuer_tmp.path)
+            with open(issuer_tmp, 'w') as f:
+                f.write(issuer_string)
+            status = verify(cert_tmp, issuer_tmp)
    return status
--- a/lemur/manage.py
+++ b/lemur/manage.py
@ -148,12 +148,15 @@ def check_revoked():
    as `unknown`.
    """
    for cert in cert_service.get_all_certs():
-        if cert.chain:
-            status = verify_string(cert.body, cert.chain)
-        else:
-            status = verify_string(cert.body, "")
+        try:
+            if cert.chain:
+                status = verify_string(cert.body, cert.chain)
+            else:
+                status = verify_string(cert.body, "")

-        cert.status = 'valid' if status else "invalid"
+            cert.status = 'valid' if status else 'invalid'
+        except Exception as e:
+            cert.status = 'unknown'
        database.update(cert)


@ -183,7 +186,7 @@ def generate_settings():
    return output


-@manager.option('-s', '--sources', dest='labels', default='', required=False)
+@manager.option('-s', '--sources', dest='labels')
 def sync_sources(labels):
    """
    Attempts to run several methods Certificate discovery. This is
@ -209,13 +212,14 @@ def sync_sources(labels):
            try:
                sync_lock.acquire(timeout=10)    # wait up to 10 seconds

-                if labels:
-                    sys.stdout.write("[+] Staring to sync sources: {labels}!\n".format(labels=labels))
-                    labels = labels.split(",")
-                else:
-                    sys.stdout.write("[+] Starting to sync ALL sources!\n")
+                sys.stdout.write("[+] Staring to sync sources: {labels}!\n".format(labels=labels))
+                labels = labels.split(",")
+
+                if labels[0] == 'all':
+                    sync()
+                else:
+                    sync(labels=labels)

-                sync(labels=labels)
                sys.stdout.write(
                    "[+] Finished syncing sources. Run Time: {time}\n".format(
                        time=(time.time() - start_time)