from enum import Enum
from cephadm.ssl_cert_utils import SSLCerts, SSLConfigException
-from mgr_util import verify_tls, verify_cacrt_content, ServerConfigException
+from mgr_util import verify_tls, certificate_days_to_expire, ServerConfigException
from cephadm.ssl_cert_utils import get_certificate_info, get_private_key_info
from cephadm.tlsobject_types import Cert, PrivKey, TLSObjectScope, TLSObjectException, CertKeyPair
from cephadm.tlsobject_store import TLSObjectStore
Returns: CertInfo
"""
try:
- days_to_expiration = verify_tls(cert.cert, key.key) if key else verify_cacrt_content(cert.cert)
+ days_to_expiration = verify_tls(cert.cert, key.key) if key else certificate_days_to_expire(cert.cert)
is_close_to_expiration = days_to_expiration < self.mgr.certificate_renewal_threshold_days
return CertInfo(cert_name, target, cert.user_made, True, is_close_to_expiration, days_to_expiration, "")
except ServerConfigException as e:
return cert, pkey
-def verify_cacrt_content(crt: str) -> int:
+def certificate_days_to_expire(crt: str) -> int:
try:
cc = ceph.cryptotools.remote.CryptoCaller()
- return cc.verify_cacrt_content(crt)
+ return cc.certificate_days_to_expire(crt)
except ValueError as err:
raise ServerConfigException(f'Invalid certificate: {err}')
try:
with open(cert_fname) as f:
- verify_cacrt_content(f.read())
+ certificate_days_to_expire(f.read())
except ValueError as e:
raise ServerConfigException(
'Invalid certificate {}: {}'.format(cert_fname, str(e)))
# type: (str, str) -> int
cc = ceph.cryptotools.remote.CryptoCaller()
try:
- days_to_expiration = cc.verify_cacrt_content(crt)
+ days_to_expiration = cc.certificate_days_to_expire(crt)
cc.verify_tls(crt, key)
except ValueError as err:
raise ServerConfigException(str(err))
-from mgr_util import create_self_signed_cert, verify_tls, ServerConfigException, get_cert_issuer_info, verify_cacrt_content
+from mgr_util import create_self_signed_cert, verify_tls, ServerConfigException, get_cert_issuer_info, certificate_days_to_expire
from OpenSSL import crypto, SSL
import unittest
# expired certificate
self.assertRaisesRegex(ServerConfigException,
'Certificate issued by "Ceph/cephadm" expired',
- verify_cacrt_content, expired_cert)
+ certificate_days_to_expire, expired_cert)
return (org_name, cn)
-def verify_cacrt_content(args: Namespace) -> None:
+def certificate_days_to_expire(args: Namespace) -> None:
crt = sys.stdin.read()
crt_buffer = crt.encode() if isinstance(crt, str) else crt
parser_bar.add_argument('--certificate', required=False, action='store_true')
parser_bar.set_defaults(func=create_self_signed_cert)
- # create the parser for the "verify_cacrt_content" command
- parser_bar = subparsers.add_parser('verify_cacrt_content')
- parser_bar.set_defaults(func=verify_cacrt_content)
+ # create the parser for the "certificate_days_to_expire" command
+ parser_bar = subparsers.add_parser('certificate_days_to_expire')
+ parser_bar.set_defaults(func=certificate_days_to_expire)
# create the parser for the "get_cert_issuer_info" command
parser_bar = subparsers.add_parser('get_cert_issuer_info')
)
self._result_json(result) # for errors only
- def verify_cacrt_content(self, crt: str) -> int:
+ def certificate_days_to_expire(self, crt: str) -> int:
"""Verify a CA Certificate return the number of days until expiration."""
result = self._run(
- ["verify_cacrt_content"],
+ ["certificate_days_to_expire"],
input_data=crt,
capture_output=True,
check=True,
projects / ceph-ci.git / commitdiff