crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[check_cert] vérifie aussi les fichiers certif

Browse source
This commit is contained in:
Daniel STAN 2013-04-04 17:18:01 +02:00
parent 71858b175b
commit 092f355074
1 changed files with 34 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

44
utils/check_cert.py
View file

@ -2,7 +2,8 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
# check_cert.py -- Petit mail de vérification du certificat d'un serveur # check_cert.py -- Petit mail de vérification du certificat d'un serveur
# ce script vérifie principalement la date # ce script vérifie principalement la date d'expiration et envoie un mail
# d'avertissement si celle-ci est proche (paramétrable)
# #
# Copyright (c) 2013 Daniel STAN # Copyright (c) 2013 Daniel STAN
# Authors: Daniel STAN <daniel.stan@crans.org> # Authors: Daniel STAN <daniel.stan@crans.org>
@ -20,7 +21,9 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from M2Crypto import SSL from M2Crypto import SSL
from M2Crypto import X509
import datetime import datetime
import sys import sys
@ -31,8 +34,9 @@ import smtplib
# #
# Config ! # Config !
# #
host = 'webmail.crans.org' host = 'localhost'
port = 443 port = 443
filename = False # if True, port ignored and host is in fact a path
# afficher la sortie plutôt que l'envoyer: # afficher la sortie plutôt que l'envoyer:
verb = False verb = False
# delai d'avertissement # delai d'avertissement
@ -42,46 +46,60 @@ delay = datetime.timedelta(days=15)
mail_src = 'root@crans.org' mail_src = 'root@crans.org'
mail_dest = "roots@crans.org" mail_dest = "roots@crans.org"
mail_host = 'localhost' mail_host = 'localhost'
#
# Argument parsing !
#
# TODO argparse + doc
for arg in sys.argv[1:]: for arg in sys.argv[1:]:
if arg == '-v': if arg == '-v':
verb = True verb = True
continue continue
if arg == '--filename':
filename = True
try: try:
port = int(arg) port = int(arg)
except ValueError: except ValueError:
host = arg host = arg
# TODO: permettre la vérification directement sur un fichier #
# get cert: # Getting cert !
conn = SSL.Connection(SSL.Context()) #
try: if filename:
cert = X509.load_cert(host)
else:
conn = SSL.Connection(SSL.Context())
try:
conn.connect((host, port)) conn.connect((host, port))
except SSL.Checker.WrongHost: except SSL.Checker.WrongHost:
if host != 'localhost': if host != 'localhost':
raise raise
cert = conn.get_peer_cert() cert = conn.get_peer_cert()
conn.close() conn.close()
#
# Real computation (woah !)
#
expire_date = cert.get_not_after().get_datetime() expire_date = cert.get_not_after().get_datetime()
now = datetime.datetime.now(expire_date.tzinfo) now = datetime.datetime.now(expire_date.tzinfo)
if now + delay > expire_date: if now + delay > expire_date or verb:
subject = cert.get_subject().as_text() subject = cert.get_subject().as_text()
short_sub = subject short_sub = subject
try: try:
subject += "(alt: %s)" % cert.get_ext('subjectAltName').get_value() subject += "(alt: %s)" % cert.get_ext('subjectAltName').get_value()
except LookupError: except LookupError:
pass pass
conn = smtplib.SMTP(mail_host)
msg = MIMEText(u"""Attention, le certificat suivant arrive bientôt à expiration :\n%s\n msg = MIMEText(u"""Attention, le certificat suivant arrive bientôt à expiration :\n%s\n
Temps avant expiration: %s""" % (subject,(expire_date - now)), _charset="utf-8") Temps avant expiration: %s""" % (subject,(expire_date - now)), _charset="utf-8")
msg['From'] = mail_src msg['From'] = mail_src
msg['To'] = mail_dest msg['To'] = mail_dest
msg['Subject'] = u"Expiration imminente du certificat %s" % short_sub msg['Subject'] = u"Expiration imminente du certificat %s" % short_sub
if not verb: if not verb:
conn = smtplib.SMTP(mail_host)
conn.sendmail(mail_src, mail_dest, msg.as_string()) conn.sendmail(mail_src, mail_dest, msg.as_string())
else:
print msg.as_string()
conn.quit() conn.quit()
else:
print msg.get_payload(decode=True)