Cleaning up temporary file creation, and revocation checking
This commit is contained in:
parent
45158c64a2
commit
3b109ec578
|
@ -21,12 +21,12 @@ from tempfile import NamedTemporaryFile
|
||||||
@contextmanager
|
@contextmanager
|
||||||
def mktempfile():
|
def mktempfile():
|
||||||
with NamedTemporaryFile(delete=False) as f:
|
with NamedTemporaryFile(delete=False) as f:
|
||||||
fi = f
|
name = f.name
|
||||||
|
|
||||||
try:
|
try:
|
||||||
yield fi
|
yield name
|
||||||
finally:
|
finally:
|
||||||
os.unlink(fi.name)
|
os.unlink(name)
|
||||||
|
|
||||||
|
|
||||||
def ocsp_verify(cert_path, issuer_chain_path):
|
def ocsp_verify(cert_path, issuer_chain_path):
|
||||||
|
@ -113,8 +113,10 @@ def verify_string(cert_string, issuer_string):
|
||||||
:return: True if valid, False otherwise
|
:return: True if valid, False otherwise
|
||||||
"""
|
"""
|
||||||
with mktempfile() as cert_tmp:
|
with mktempfile() as cert_tmp:
|
||||||
cert_tmp.write(cert_string)
|
with open(cert_tmp, 'w') as f:
|
||||||
|
f.write(cert_string)
|
||||||
with mktempfile() as issuer_tmp:
|
with mktempfile() as issuer_tmp:
|
||||||
issuer_tmp.write(issuer_string)
|
with open(issuer_tmp, 'w') as f:
|
||||||
status = verify(cert_tmp.path, issuer_tmp.path)
|
f.write(issuer_string)
|
||||||
|
status = verify(cert_tmp, issuer_tmp)
|
||||||
return status
|
return status
|
||||||
|
|
|
@ -148,12 +148,15 @@ def check_revoked():
|
||||||
as `unknown`.
|
as `unknown`.
|
||||||
"""
|
"""
|
||||||
for cert in cert_service.get_all_certs():
|
for cert in cert_service.get_all_certs():
|
||||||
|
try:
|
||||||
if cert.chain:
|
if cert.chain:
|
||||||
status = verify_string(cert.body, cert.chain)
|
status = verify_string(cert.body, cert.chain)
|
||||||
else:
|
else:
|
||||||
status = verify_string(cert.body, "")
|
status = verify_string(cert.body, "")
|
||||||
|
|
||||||
cert.status = 'valid' if status else "invalid"
|
cert.status = 'valid' if status else 'invalid'
|
||||||
|
except Exception as e:
|
||||||
|
cert.status = 'unknown'
|
||||||
database.update(cert)
|
database.update(cert)
|
||||||
|
|
||||||
|
|
||||||
|
@ -183,7 +186,7 @@ def generate_settings():
|
||||||
return output
|
return output
|
||||||
|
|
||||||
|
|
||||||
@manager.option('-s', '--sources', dest='labels', default='', required=False)
|
@manager.option('-s', '--sources', dest='labels')
|
||||||
def sync_sources(labels):
|
def sync_sources(labels):
|
||||||
"""
|
"""
|
||||||
Attempts to run several methods Certificate discovery. This is
|
Attempts to run several methods Certificate discovery. This is
|
||||||
|
@ -209,13 +212,14 @@ def sync_sources(labels):
|
||||||
try:
|
try:
|
||||||
sync_lock.acquire(timeout=10) # wait up to 10 seconds
|
sync_lock.acquire(timeout=10) # wait up to 10 seconds
|
||||||
|
|
||||||
if labels:
|
|
||||||
sys.stdout.write("[+] Staring to sync sources: {labels}!\n".format(labels=labels))
|
sys.stdout.write("[+] Staring to sync sources: {labels}!\n".format(labels=labels))
|
||||||
labels = labels.split(",")
|
labels = labels.split(",")
|
||||||
else:
|
|
||||||
sys.stdout.write("[+] Starting to sync ALL sources!\n")
|
|
||||||
|
|
||||||
|
if labels[0] == 'all':
|
||||||
|
sync()
|
||||||
|
else:
|
||||||
sync(labels=labels)
|
sync(labels=labels)
|
||||||
|
|
||||||
sys.stdout.write(
|
sys.stdout.write(
|
||||||
"[+] Finished syncing sources. Run Time: {time}\n".format(
|
"[+] Finished syncing sources. Run Time: {time}\n".format(
|
||||||
time=(time.time() - start_time)
|
time=(time.time() - start_time)
|
||||||
|
|
Loading…
Reference in New Issue