Commit e3e1893b authored by Vincent Pelletier's avatar Vincent Pelletier

cli.updater: Make --crt optional.

No certificate is needed to be an anonymous client, only up-to-date CA and
CRL are needed to validate service certificate.
parent c15f6a11
......@@ -668,7 +668,6 @@ def updater(argv=None, until=utils.until):
)
parser.add_argument(
'--crt',
required=True,
metavar='CRT_PATH',
help='Path of your certificate for MODE. Will be renewed before '
'expiration.',
......@@ -701,7 +700,7 @@ def updater(argv=None, until=utils.until):
ca_url=ca_url,
ca_crt_pem_list=utils.getCertList(args.cas_ca)
)
if not utils.hasOneCert(args.crt):
if args.crt and not utils.hasOneCert(args.crt):
print 'Bootstraping...'
csr_pem = utils.getCertRequest(args.csr)
# Quick sanity check before bothering server
......@@ -755,35 +754,36 @@ def updater(argv=None, until=utils.until):
next_deadline,
utils.load_crl(open(args.crl).read(), ca_crt_list).next_update,
)
crt_pem, key_pem, key_path = utils.getKeyPair(args.crt, args.key)
crt = utils.load_certificate(crt_pem, ca_crt_list, None)
if crt.not_valid_after - threshold <= now:
print 'Renewing', args.crt
new_key_pem, new_crt_pem = client.renewCertificate(
old_crt=crt,
old_key=utils.load_privatekey(key_pem),
key_len=args.key_len,
if args.crt:
crt_pem, key_pem, key_path = utils.getKeyPair(args.crt, args.key)
crt = utils.load_certificate(crt_pem, ca_crt_list, None)
if crt.not_valid_after - threshold <= now:
print 'Renewing', args.crt
new_key_pem, new_crt_pem = client.renewCertificate(
old_crt=crt,
old_key=utils.load_privatekey(key_pem),
key_len=args.key_len,
)
if key_path is None:
with open(args.crt, 'w') as crt_file:
crt_file.write(new_key_pem)
crt_file.write(new_crt_pem)
else:
with open(
args.crt,
'w',
) as crt_file, open(
key_path,
'w',
) as key_file:
key_file.write(new_key_pem)
crt_file.write(new_crt_pem)
crt = utils.load_certificate(utils.getCert(args.crt), ca_crt_list, None)
updated = True
next_deadline = min(
next_deadline,
crt.not_valid_after - threshold,
)
if key_path is None:
with open(args.crt, 'w') as crt_file:
crt_file.write(new_key_pem)
crt_file.write(new_crt_pem)
else:
with open(
args.crt,
'w',
) as crt_file, open(
key_path,
'w',
) as key_file:
key_file.write(new_key_pem)
crt_file.write(new_crt_pem)
crt = utils.load_certificate(utils.getCert(args.crt), ca_crt_list, None)
updated = True
next_deadline = min(
next_deadline,
crt.not_valid_after - threshold,
)
if updated:
if args.on_renew is not None:
status = os.system(args.on_renew)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment