cycle TLS certificate every 60 days
This commit is contained in:
parent
dc761279c5
commit
608c9ea696
1 changed files with 7 additions and 6 deletions
13
oml/utils.py
13
oml/utils.py
|
|
@ -142,13 +142,14 @@ def get_user_id(private_key, cert_path):
|
||||||
fd.write(dump_privatekey(FILETYPE_PEM, key))
|
fd.write(dump_privatekey(FILETYPE_PEM, key))
|
||||||
os.chmod(private_key, 0o400)
|
os.chmod(private_key, 0o400)
|
||||||
user_id = get_service_id(private_key)
|
user_id = get_service_id(private_key)
|
||||||
if not os.path.exists(cert_path):
|
if not os.path.exists(cert_path) or \
|
||||||
|
(datetime.now() - datetime.fromtimestamp(os.path.getmtime(cert_path))).days > 60:
|
||||||
ca = X509()
|
ca = X509()
|
||||||
ca.set_version(2)
|
ca.set_version(2)
|
||||||
ca.set_serial_number(1)
|
ca.set_serial_number(1)
|
||||||
ca.get_subject().CN = user_id
|
ca.get_subject().CN = user_id
|
||||||
ca.gmtime_adj_notBefore(0)
|
ca.gmtime_adj_notBefore(0)
|
||||||
ca.gmtime_adj_notAfter(24 * 60 * 60)
|
ca.gmtime_adj_notAfter(90 * 24 * 60 * 60)
|
||||||
ca.set_issuer(ca.get_subject())
|
ca.set_issuer(ca.get_subject())
|
||||||
ca.set_pubkey(key)
|
ca.set_pubkey(key)
|
||||||
ca.add_extensions([
|
ca.add_extensions([
|
||||||
|
|
@ -198,7 +199,7 @@ def update_dict(root, data):
|
||||||
keys = [part.replace('\0', '.') for part in key.replace('\\.', '\0').split('.')]
|
keys = [part.replace('\0', '.') for part in key.replace('\\.', '\0').split('.')]
|
||||||
value = data[key]
|
value = data[key]
|
||||||
p = root
|
p = root
|
||||||
while len(keys)>1:
|
while len(keys) > 1:
|
||||||
key = keys.pop(0)
|
key = keys.pop(0)
|
||||||
if isinstance(p, list):
|
if isinstance(p, list):
|
||||||
p = p[get_position_by_id(p, key)]
|
p = p[get_position_by_id(p, key)]
|
||||||
|
|
@ -206,7 +207,7 @@ def update_dict(root, data):
|
||||||
if key not in p:
|
if key not in p:
|
||||||
p[key] = {}
|
p[key] = {}
|
||||||
p = p[key]
|
p = p[key]
|
||||||
if value == None and keys[0] in p:
|
if value is None and keys[0] in p:
|
||||||
del p[keys[0]]
|
del p[keys[0]]
|
||||||
else:
|
else:
|
||||||
p[keys[0]] = value
|
p[keys[0]] = value
|
||||||
|
|
@ -444,11 +445,11 @@ def send_debug():
|
||||||
opener.addheaders = list(zip(headers.keys(), headers.values()))
|
opener.addheaders = list(zip(headers.keys(), headers.values()))
|
||||||
r = opener.open(url, result)
|
r = opener.open(url, result)
|
||||||
if r.status != 200:
|
if r.status != 200:
|
||||||
logger.debug('failed to send debug information')
|
logger.debug('failed to send debug information (server error)')
|
||||||
else:
|
else:
|
||||||
settings.server['last_debug'] = timestamp
|
settings.server['last_debug'] = timestamp
|
||||||
except:
|
except:
|
||||||
logger.debug('failed to send debug information')
|
logger.error('failed to send debug information (connection error)', exc_info=True)
|
||||||
|
|
||||||
def iexists(path):
|
def iexists(path):
|
||||||
parts = path.split(os.sep)
|
parts = path.split(os.sep)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue