COMP90082_Software_Project_Database_Backend/ca.py at master · patanamon/COMP90082_Software_Project_Database_Backend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import certifi
import os
import sys
import ctypes
import subprocess
import requests
import datetime
import OpenSSL

if __name__ == '__main__':


    def check_cert(filename):
        """Checks local cert expire date"""
        with open(filename, "r") as f:
            cert = f.read()

        cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)

        expires = datetime.datetime.strptime(str(cert.get_notAfter().decode("utf-8")), '%Y%m%d%H%M%SZ')
        days = (expires - datetime.datetime.now()).days
        print("Local cert chain expires on: " + str(expires))
        print("Days to expiration: " + str(days))
        print("WARNING: Please update server cert chain scheme, local cert chain is just a temporary mitigation")


    def update_ca():
        """Updates CA with provided chain.pem"""
        cafile = certifi.where()
        with open('chain.pem', 'rb') as infile:
            customca = infile.read()
        with open(cafile, 'ab') as outfile:
            outfile.write(customca)
        check_cert('chain.pem')

    def is_admin():
        """Check admin in windows"""
        try:
            return ctypes.windll.shell32.IsUserAnAdmin()
        except:
            return False


    print('Adding local cert chain to Certifi store...')
    if os.name == 'nt':  # for win
        if is_admin():
            update_ca()
        else:
            print("Please run this script with Administrator")
    else:  # for unix
        if os.geteuid() == 0:
            update_ca()
        else:
            print("Please run this script with sudo")
            subprocess.call(['sudo', 'python', *sys.argv])
            sys.exit()