mirror/librenms-librenms-agent
1
0
Fork 0
mirror of https://github.com/librenms/librenms-agent.git synced 2024-05-09 09:54:52 +00:00
Code Releases Activity

Cleaning up certificate.py code and adding cert_location support for self-signed certificates (#447)

Browse Source
This commit is contained in:
bnerickson
2022-12-10 05:14:41 -08:00
committed by GitHub
parent f0d1b10e57
commit 3d9d1e18a2
1 changed files with 65 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
snmp/certificate.py
View File

@@ -13,8 +13,7 @@ CONFIGFILE = "/etc/snmp/certificate.json"
# } # }
def get_certificate_data(domain, port=443): def get_certificate_data(domain, cert_location, port=443):
context = ssl.create_default_context() context = ssl.create_default_context()
conn = context.wrap_socket( conn = context.wrap_socket(
socket.socket(socket.AF_INET), socket.socket(socket.AF_INET),
@@ -25,13 +24,22 @@ def get_certificate_data(domain, port=443):
error_msg = None error_msg = None
ssl_info = {} ssl_info = {}
# Load certificate for self-signed certificates if provided
if cert_location:
try:
context.load_verify_locations(cert_location)
except (FileNotFoundError, ssl.SSLError, PermissionError) as err:
error_msg = err
return ssl_info, error_msg
try: try:
conn.connect((domain, port)) conn.connect((domain, port))
ssl_info = conn.getpeercert() ssl_info = conn.getpeercert()
except ConnectionRefusedError as e: except ConnectionRefusedError as err:
error_msg = e error_msg = err
# Manage expired certificates # Manage expired certificates
except ssl.SSLCertVerificationError as e: except ssl.SSLCertVerificationError:
# Arbitrary start date # Arbitrary start date
ssl_info["notBefore"] = "Jan 1 00:00:00 2020 GMT" ssl_info["notBefore"] = "Jan 1 00:00:00 2020 GMT"
# End date is now (we don't have the real one but the certificate is expired) # End date is now (we don't have the real one but the certificate is expired)
@@ -41,27 +49,30 @@ def get_certificate_data(domain, port=443):
return ssl_info, error_msg return ssl_info, error_msg
output = {} def main():
output["error"] = 0 output = {}
output["errorString"] = "" output["error"] = 0
output["version"] = 1 output["errorString"] = ""
output["version"] = 1
with open(CONFIGFILE, "r") as json_file: with open(CONFIGFILE, "r") as json_file:
try: try:
configfile = json.load(json_file) configfile = json.load(json_file)
except json.decoder.JSONDecodeError as e: except json.decoder.JSONDecodeError as err:
output["error"] = 1 output["error"] = 1
output["errorString"] = "Configfile Error: '%s'" % e output["errorString"] = "Configfile Error: '%s'" % err
if not output["error"]: if not output["error"]:
output_data_list = [] output_data_list = []
for domain in configfile["domains"]: for domain in configfile["domains"]:
output_data = {} output_data = {}
if "port" not in domain.keys(): if "port" not in domain.keys():
domain["port"] = 443 domain["port"] = 443
if "cert_location" not in domain.keys():
domain["cert_location"] = None
certificate_data, error_msg = get_certificate_data( certificate_data, error_msg = get_certificate_data(
domain["fqdn"], domain["port"] domain["fqdn"], domain["cert_location"], domain["port"]
) )
output_data["cert_name"] = domain["fqdn"] output_data["cert_name"] = domain["fqdn"]
@@ -90,4 +101,8 @@ if not output["error"]:
output["data"] = output_data_list output["data"] = output_data_list
print(json.dumps(output)) print(json.dumps(output))
if __name__ == "__main__":
main()