From: Ralf Jung <post@ralfj.de>
Date: Sun, 13 Dec 2015 13:52:43 +0000 (+0100)
Subject: make a certcheck module
X-Git-Url: https://git.ralfj.de/lets-encrypt-tiny.git/commitdiff_plain/8bfaf111fde0c3f67a525d0eb727c8e3ddd1c9c3

make a certcheck module
---

diff --git a/certcheck b/certcheck
index e6986bd..065fe0f 100755
--- a/certcheck
+++ b/certcheck
@@ -1,39 +1,18 @@
 #!/usr/bin/python3
 ## Call with "--help" for documentation.
 
-import argparse, subprocess, re, os, datetime
+import argparse, certcheck
 
-def check_dir(dirname, days):
-    for name in os.listdir(dirname):
-        name = os.path.join(dirname, name)
-        if os.path.isdir(name):
-            check_dir(name, days)
-        elif name.endswith('.crt'):
-            check_file(name, days)
+parser = argparse.ArgumentParser(description='Check for soon-to-expire (and already expired) certificates')
+parser.add_argument("-d", "--days", metavar='N',
+                    dest="days", type=int, default=14,
+                    help="Warn about certificates valid for less than N (default 14).")
+parser.add_argument("certs",  metavar='CERTS', nargs='+',
+                    help="These certificate files are checked. Directories are searched recursively for files called '*.crt'.")
+args = parser.parse_args()
 
-def check_file(filename, days):
-    valid_not_after = subprocess.check_output(["openssl", "x509", "-enddate", "-in", filename, "-out", "/dev/null"]).decode('utf-8')
-    match = re.match("notAfter=([a-zA-Z0-9: ]+)", valid_not_after)
-    assert match is not None, "Unexpected output from openssl: valid_not_after"
-    enddate = match.group(1)
-    enddate = datetime.datetime.strptime(enddate, '%b %d %X %Y %Z')
-    delta = enddate - datetime.datetime.now()
-    if delta < datetime.timedelta(days=days):
-        print("{} expires at {}, which is in {} days".format(filename, enddate, delta.days))
-
-if __name__ == "__main__":
-    parser = argparse.ArgumentParser(description='Check for soon-to-expire (and already expired) certificates')
-    parser.add_argument("-d", "--days", metavar='N',
-                        dest="days", type=int, default=14,
-                        help="Warn about certificates valid for less than N (default 14).")
-    parser.add_argument("certs",  metavar='CERTS', nargs='+',
-                        help="These certificate files are checked. Directories are searched recursively for files called '*.crt'.")
-    args = parser.parse_args()
-    
-    for name in args.certs:
-        if os.path.isdir(name):
-            check_dir(name, args.days)
-        else:
-            check_file(name, args.days)
-
-    
+for name in args.certs:
+    if os.path.isdir(name):
+        certcheck.check_dir(name, args.days)
+    else:
+        certcheck.check_file(name, args.days)
diff --git a/certcheck.py b/certcheck.py
new file mode 100644
index 0000000..aa64ae6
--- /dev/null
+++ b/certcheck.py
@@ -0,0 +1,22 @@
+import subprocess, re, os, datetime
+
+def check_dir(dirname, days):
+    for name in os.listdir(dirname):
+        name = os.path.join(dirname, name)
+        if os.path.isdir(name):
+            check_dir(name, days)
+        elif name.endswith('.crt'):
+            check_file(name, days)
+
+def cert_expiry_date(filename):
+    valid_not_after = subprocess.check_output(["openssl", "x509", "-enddate", "-in", filename, "-noout"]).decode('utf-8')
+    match = re.match("notAfter=([a-zA-Z0-9: ]+)", valid_not_after)
+    assert match is not None, "Unexpected output from openssl: " + valid_not_after
+    enddate = match.group(1)
+    return datetime.datetime.strptime(enddate, '%b %d %X %Y %Z')
+
+def check_file(filename, days):
+    enddate = cert_expiry_date(filename)
+    delta = enddate - datetime.datetime.now()
+    if delta < datetime.timedelta(days=days):
+        print("{} expires at {}, which is in {} days".format(filename, enddate, delta.days))