From cfd626dc6c067a6465e962f3eeaa182cda994dba Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 2 Oct 2014 12:11:24 -0700 Subject: leap cert update will now warn if commercial certs will expire soon. --- lib/leap_cli/commands/ca.rb | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb index 46e3494..66dfd7c 100644 --- a/lib/leap_cli/commands/ca.rb +++ b/lib/leap_cli/commands/ca.rb @@ -36,6 +36,7 @@ module LeapCli; module Commands nodes = manager.filter!(args) nodes.each_node do |node| + warn_if_commercial_cert_will_soon_expire(node) if !node.x509.use remove_file!([:node_x509_key, node.name]) remove_file!([:node_x509_cert, node.name]) @@ -191,7 +192,7 @@ module LeapCli; module Commands return true else cert = load_certificate_file([:node_x509_cert, node.name]) - if cert.not_after < months_from_yesterday(1) + if cert.not_after < months_from_yesterday(2) log :updating, "cert for node '#{node.name}' because it will expire soon" return true end @@ -222,6 +223,18 @@ module LeapCli; module Commands return false end + def warn_if_commercial_cert_will_soon_expire(node) + dns_names_for_node(node).each do |domain| + if file_exists?([:commercial_cert, domain]) + cert = load_certificate_file([:commercial_cert, domain]) + if cert.not_after < months_from_yesterday(2) + log :warning, "the commercial certificate '#{Path.relative_path([:commercial_cert, domain])}' will expire soon. "+ + "You should renew it with `leap cert csr --domain #{domain}`." + end + end + end + end + def generate_cert_for_node(node) return if node.x509.use == false -- cgit v1.2.3