test_crl.py

Script pour tester - Fabrice Barconnière, 19/01/2016 16:26

       #!/usr/bin/env python
       # -*- coding: UTF-8 -*-
       import datetime
       from zephir.monitor.agentmanager import util
       response = """List of X.509 CRLs:
         issuer:   "C=FR, O=Education Nationale, OU=0002 110043015, CN=AC EN Scolarite et Formation"
         serial:    08:40
         revoked:   2 certificates
         updates:   this Jan 12 07:00:02 2016
                    next Jan 19 07:00:02 2016, ok (expires in 6 days)
         authkey:   cc:2e:37:0f:06:b2:b9:b5:e9:2d:ff:be:52:37:c6:1d:b4:b7:07:17
         issuer:   "C=FR, O=Education Nationale, OU=0002 110043015, CN=AC Education Nationale"
         serial:    02
         revoked:   0 certificates
         updates:   this Jul 26 02:00:00 2015
                    next Jul 26 02:00:00 2016, ok
         authkey:   d9:bf:42:dd:18:9b:3c:66:25:fa:bb:2e:0a:10:88:89:36:2c:b9:cb
         issuer:   "C=FR, O=Ministere Education Nationale Enseignement Superieur Recherche, CN=AC Racine Ministere ENESR"
         serial:    02
         revoked:   0 certificates
         updates:   this Jul 26 02:00:00 2015
                    next Jul 26 02:00:00 2016, ok
         authkey:   3c:5b:f3:9c:16:d2:6e:16:06:c5:2f:cc:ee:92:0b:6c:b1:d2:38:25
       """
       # récupération de la date
       expire = {}
       for line in response.split('\n'):
           line = line.strip()
           if line.startswith('issuer'):
               issuer_key = line.split("issuer:")[1].strip()
           if line.startswith('next'):
               exp_crl = line.split()[1:5]
               expire[issuer_key] = " ".join(exp_crl).split(',')[0]
       if expire == {}:
           #self.status = status.Warn("date d'invalidation non trouvée")
           print [{'ca_crl': "",
                    'expire': "ipsec listcrls ne renvoie pas de date d'invalidation de la crl" }]
       # calcul de la date avant laquelle on est en warning (expiration - 20 minutes)
       res = []
       warn_delta = datetime.timedelta(seconds=60*20)
       date = datetime.datetime.now()
       status_err = False
       status_warn = False
       for issuer_key, exp_date in expire.items():
           print exp_date
           expdate = util.parse_date(exp_date)
           warndate = expdate - warn_delta
           if date > expdate:
               status_err = True
               msg = "Au moins une CRL a expiré"
           elif date > warndate and not status_err:
               status_warn = True
               msg = "Au moins une CRL expire dans les 20 minutes"
           res.append({'ca_crl': issuer_key,
                       'expire': expdate.strftime('%d %b %Y %H:%M:%S')})
       if status_err:
           #self.status = status.Error(msg)
           res.append('ERREUR')
       elif status_warn:
           #self.status = status.Warn(msg)
           res.append('WARNING')
       print res

Projet

Général

Profil

Distribution EOLE » Modules » Zéphir » zephir-client

test_crl.py