cycle TLS certificate every 60 days

2019-01-16 16:45:56 +05:30 · 2019-01-16 16:45:56 +05:30 · 608c9ea696
parent dc761279c5
commit 608c9ea696
1 changed files with 7 additions and 6 deletions
--- a/oml/utils.py
+++ b/oml/utils.py
@ -142,13 +142,14 @@ def get_user_id(private_key, cert_path):
            fd.write(dump_privatekey(FILETYPE_PEM, key))
            os.chmod(private_key, 0o400)
        user_id = get_service_id(private_key)
-    if not os.path.exists(cert_path):
+    if not os.path.exists(cert_path) or \
+            (datetime.now() - datetime.fromtimestamp(os.path.getmtime(cert_path))).days > 60:
        ca = X509()
        ca.set_version(2)
        ca.set_serial_number(1)
        ca.get_subject().CN = user_id
        ca.gmtime_adj_notBefore(0)
-        ca.gmtime_adj_notAfter(24 * 60 * 60)
+        ca.gmtime_adj_notAfter(90 * 24 * 60 * 60)
        ca.set_issuer(ca.get_subject())
        ca.set_pubkey(key)
        ca.add_extensions([
@ -198,7 +199,7 @@ def update_dict(root, data):
        keys = [part.replace('\0', '.') for part in key.replace('\\.', '\0').split('.')]
        value = data[key]
        p = root
-        while len(keys)>1:
+        while len(keys) > 1:
            key = keys.pop(0)
            if isinstance(p, list):
                p = p[get_position_by_id(p, key)]
@ -206,7 +207,7 @@ def update_dict(root, data):
                if key not in p:
                    p[key] = {}
                p = p[key]
-        if value == None and keys[0] in p:
+        if value is None and keys[0] in p:
            del p[keys[0]]
        else:
            p[keys[0]] = value
@ -444,11 +445,11 @@ def send_debug():
                opener.addheaders = list(zip(headers.keys(), headers.values()))
                r = opener.open(url, result)
                if r.status != 200:
-                    logger.debug('failed to send debug information')
+                    logger.debug('failed to send debug information (server error)')
                else:
                    settings.server['last_debug'] = timestamp
    except:
-        logger.debug('failed to send debug information')
+        logger.error('failed to send debug information (connection error)', exc_info=True)

 def iexists(path):
    parts = path.split(os.sep)