gru/certpusher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

paramiko ds

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-10-26 23:11:41 +01:00
parent 7fae370ef0
commit 736fdd2bac
1 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
certpusher.py
View File

@@ -11,7 +11,7 @@ import sys
import os import os
import ssl import ssl
import socket import socket
from datetime import datetime from datetime import datetime, timezone
from pathlib import Path from pathlib import Path
from typing import Dict, Optional, Tuple from typing import Dict, Optional, Tuple
import paramiko import paramiko
@@ -45,7 +45,7 @@ class CertificateManager:
cert = x509.load_pem_x509_certificate(cert_data, default_backend()) cert = x509.load_pem_x509_certificate(cert_data, default_backend())
logger.debug(f"Loaded certificate from {cert_path}") logger.debug(f"Loaded certificate from {cert_path}")
logger.debug(f"Certificate subject: {cert.subject}") logger.debug(f"Certificate subject: {cert.subject}")
logger.debug(f"Certificate expires: {cert.not_valid_after}") logger.debug(f"Certificate expires: {cert.not_valid_after_utc}")
return cert return cert
except Exception as e: except Exception as e:
logger.error(f"Failed to load certificate from {cert_path}: {e}") logger.error(f"Failed to load certificate from {cert_path}: {e}")
@@ -72,7 +72,7 @@ class CertificateManager:
der_cert = ssock.getpeercert(binary_form=True) der_cert = ssock.getpeercert(binary_form=True)
cert = x509.load_der_x509_certificate(der_cert, default_backend()) cert = x509.load_der_x509_certificate(der_cert, default_backend())
logger.debug(f"Retrieved certificate from {url}") logger.debug(f"Retrieved certificate from {url}")
logger.debug(f"Certificate expires: {cert.not_valid_after}") logger.debug(f"Certificate expires: {cert.not_valid_after_utc}")
return cert return cert
except Exception as e: except Exception as e:
logger.warning(f"Failed to retrieve certificate from {url}: {e}") logger.warning(f"Failed to retrieve certificate from {url}: {e}")
@@ -102,8 +102,12 @@ class CertificateManager:
try: try:
subject = cert.subject.rfc4514_string() subject = cert.subject.rfc4514_string()
issuer = cert.issuer.rfc4514_string() issuer = cert.issuer.rfc4514_string()
valid_from = cert.not_valid_before valid_from = cert.not_valid_before_utc
valid_to = cert.not_valid_after valid_to = cert.not_valid_after_utc
# Convert to naive datetime for comparison
now = datetime.now(timezone.utc)
days_left = (valid_to - now).days
return f""" return f"""
Certificate Info: Certificate Info:
@@ -111,7 +115,7 @@ Certificate Info:
Issuer: {issuer} Issuer: {issuer}
Valid From: {valid_from} Valid From: {valid_from}
Valid To: {valid_to} Valid To: {valid_to}
Days Until Expiry: {(valid_to - datetime.now()).days} Days Until Expiry: {days_left}
""" """
except Exception as e: except Exception as e:
return f"Unable to extract certificate info: {e}" return f"Unable to extract certificate info: {e}"
@@ -136,13 +140,12 @@ class SSHManager:
logger.debug(f"Connecting to {self.username}@{self.hostname}:{self.port}") logger.debug(f"Connecting to {self.username}@{self.hostname}:{self.port}")
logger.debug(f"Using SSH key: {self.key_path}") logger.debug(f"Using SSH key: {self.key_path}")
# Try to load different key types # Try to load different key types (DSS removed in paramiko 3.0+)
private_key = None private_key = None
key_types = [ key_types = [
('RSA', paramiko.RSAKey), ('RSA', paramiko.RSAKey),
('Ed25519', paramiko.Ed25519Key), ('Ed25519', paramiko.Ed25519Key),
('ECDSA', paramiko.ECDSAKey), ('ECDSA', paramiko.ECDSAKey),
('DSS', paramiko.DSSKey),
] ]
for key_name, key_class in key_types: for key_name, key_class in key_types: