X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/b2a72eca5851cfbd4146dd7e65867cd939b8f623..c2f28e4bb4e6bc8a642d0fdc0b09b012042e9724:/keys/tripe-keys.in diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in index 2be5e2dd..ad8671e1 100644 --- a/keys/tripe-keys.in +++ b/keys/tripe-keys.in @@ -33,6 +33,7 @@ import sys as SYS import re as RX import getopt as O import shutil as SH +import time as T import filecmp as FC from cStringIO import StringIO from errno import * @@ -240,6 +241,7 @@ def conf_defaults(): ('kx-param', lambda: {'dh': '-LS -b3072 -B256', 'ec': '-Cnist-p256'}[conf['kx']]), ('kx-expire', 'now + 1 year'), + ('kx-warn-days', '28'), ('cipher', 'rijndael-cbc'), ('hash', 'sha256'), ('master-keygen-flags', '-l'), @@ -493,6 +495,26 @@ def cmd_clean(args): r == 'keyring' or r == 'keyring.pub' or r.startswith('peer-')): zap(i) +###-------------------------------------------------------------------------- +### Commands: check + +def cmd_check(args): + now = T.time() + thresh = int(conf['kx-warn-days']) * 86400 + for krf in ['master', 'keyring.pub']: + if not OS.path.exists(krf): continue + kr = C.KeyFile(krf) + for k in kr.itervalues(): + if k.exptime == C.KEXP_FOREVER: continue + elif k.exptime == C.KEXP_EXPIRE: left = -1 + else: left = k.exptime - now + if left < 0: + print "key `%s' HAS EXPIRED" % k.tag + elif left < thresh: + if left >= 86400: n, u, uu = left // 86400, 'day', 'days' + else: n, u, uu = left // 3600, 'hour', 'hours' + print "key `%s' EXPIRES in %d %s" % (k.tag, n, n == 1 and u or uu) + ###-------------------------------------------------------------------------- ### Commands: mtu @@ -530,6 +552,7 @@ commands = {'help': (cmd_help, 0, 1, ''), 'update': (cmd_update, 0, 0, ''), 'clean': (cmd_clean, 0, 0, ''), 'mtu': (cmd_mtu, 0, 1, '[PATH-MTU]'), + 'check': (cmd_check, 0, 0, ''), 'generate': (cmd_generate, 1, 1, 'TAG'), 'rebuild': (cmd_rebuild, 0, 0, '')}