gru/certpusher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mikrotik check cert

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-10-27 09:30:41 +01:00
parent c42250196f
commit 561a3b23f6
1 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
certpusher.py
View File

@@ -744,25 +744,44 @@ class CertPusher:
upload_needed = True upload_needed = True
if check_first: if check_first:
if not ssh.check_remote_certificate(remote_cert_path, source_cert): # Try SSH check first
upload_needed = False ssh_check_passed = not ssh.check_remote_certificate(remote_cert_path, source_cert)
elif check_url:
logger.info(f"SSH check failed. Trying URL: {check_url}") # If SSH says certificates match, double-check with URL if provided
if ssh_check_passed and check_url:
logger.info(f"SSH check passed. Verifying via URL: {check_url}")
remote_cert = self.cert_manager.get_cert_from_url(check_url) remote_cert = self.cert_manager.get_cert_from_url(check_url)
if remote_cert and self.cert_manager.compare_certificates(source_cert, remote_cert):
logger.info("✓ Certificate up to date via URL. Skipping.") if remote_cert:
if self.cert_manager.compare_certificates(source_cert, remote_cert):
logger.info("✓ URL check confirms: Certificates match. Skipping.")
upload_needed = False
else:
logger.warning("⚠ URL check disagrees with SSH check!")
logger.warning("Certificates differ via URL. Upload needed.")
upload_needed = True
else:
logger.warning("Could not retrieve cert via URL. Trusting SSH check.")
upload_needed = False upload_needed = False
elif ssh_check_passed:
# SSH check passed, no URL to verify
upload_needed = False
else:
# SSH check failed, upload needed
upload_needed = True
if not upload_needed: if not upload_needed:
ssh.disconnect() ssh.disconnect()
self.stats['skipped'] += 1 self.stats['skipped'] += 1
return True return True
# Upload certificate
if not ssh.upload_file(source_cert_path, remote_cert_path): if not ssh.upload_file(source_cert_path, remote_cert_path):
ssh.disconnect() ssh.disconnect()
self.stats['failed'] += 1 self.stats['failed'] += 1
return False return False
# Upload key if specified
if self.config.has_option(section, 'remote_key_path'): if self.config.has_option(section, 'remote_key_path'):
remote_key_path = self.config.get(section, 'remote_key_path') remote_key_path = self.config.get(section, 'remote_key_path')
source_key_path = self.get_key_path(section, source_cert_path) source_key_path = self.get_key_path(section, source_cert_path)
@@ -770,12 +789,14 @@ class CertPusher:
if os.path.exists(source_key_path): if os.path.exists(source_key_path):
ssh.upload_file(source_key_path, remote_key_path) ssh.upload_file(source_key_path, remote_key_path)
# Additional files
if self.config.has_option(section, 'additional_files'): if self.config.has_option(section, 'additional_files'):
for file_pair in self.config.get(section, 'additional_files').split(','): for file_pair in self.config.get(section, 'additional_files').split(','):
if ':' in file_pair: if ':' in file_pair:
local, remote = file_pair.strip().split(':', 1) local, remote = file_pair.strip().split(':', 1)
ssh.upload_file(local, remote) ssh.upload_file(local, remote)
# Post-upload command
if post_upload_command: if post_upload_command:
logger.info("Executing post-upload command") logger.info("Executing post-upload command")
ssh.execute_command(post_upload_command) ssh.execute_command(post_upload_command)
@@ -789,6 +810,7 @@ class CertPusher:
logger.error(f"Failed: {e}") logger.error(f"Failed: {e}")
self.stats['failed'] += 1 self.stats['failed'] += 1
return False return False
def run(self): def run(self):
"""Main execution""" """Main execution"""