Skip to content

Commit

Permalink
Merge pull request #10 from synfinatic/cert-expired
Browse files Browse the repository at this point in the history 
Generate a useful error when we can't download the cert from S3
  • Loading branch information
@bobveznat
bobveznat committed Nov 21, 2014
2 parents 8dafade + 76c3976 commit 7be0c95
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions scripts/get_cert
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ class CertMetadata(object):

def download_cert_to_tempfile(url):
resp = urllib.urlopen(url)
if resp.code > 299 or resp.code < 200:
print "Bad response code: HTTP/%d" % (resp.code,)
print resp.read()
sys.exit(1)

temp_file = tempfile.NamedTemporaryFile(delete=False)
with temp_file.file:
temp_file.write(resp.read())
Expand All @@ -31,7 +36,12 @@ def download_cert_to_tempfile(url):

def get_cert_metadata(cert_path):
proc = subprocess.Popen(['/usr/bin/ssh-keygen', '-L', '-f', cert_path],
stdout=subprocess.PIPE)
stdout=subprocess.PIPE, stderr=subprocess.PIPE)

if proc.stderr.read().find('is not a public key'):
print "Invalid signed ssh certificate file: %s" % (cert_path,)
sys.exit(1)

metadata = CertMetadata()
for line in proc.stdout.readlines():
if 'Public key:' in line:
Expand All @@ -40,7 +50,8 @@ def get_cert_metadata(cert_path):
metadata.public_key_fingerprint = fingerprint
if 'Valid:' in line:
expire_time = line[line.find(' to ') + 4:].strip()
expire_dt = datetime.datetime.strptime(expire_time, '%Y-%m-%dT%H:%M:%S')
expire_dt = datetime.datetime.strptime(expire_time,
'%Y-%m-%dT%H:%M:%S')
now_dt = datetime.datetime.now()
delta = expire_dt - now_dt
valid_for_seconds = delta.seconds
Expand Down Expand Up @@ -84,7 +95,8 @@ def re_add_identity(private_key_filename, valid_for_seconds):
print 'Unable to delete existing key, this is probably benign'

proc = subprocess.check_output([
'/usr/bin/ssh-add', '-t', '%d' % (valid_for_seconds,), private_key_filename])
'/usr/bin/ssh-add', '-t', '%d' % (valid_for_seconds,),
private_key_filename])


if __name__ == '__main__':
Expand All @@ -102,4 +114,3 @@ if __name__ == '__main__':

move_cert_into_place(cert_filename, private_key_filename)
re_add_identity(private_key_filename, cert_metadata.valid_for_seconds)

0 comments on commit 7be0c95

Please sign in to comment.