Browse Source

Merge "Update validity checks and docs of PKI functions"

Zuul 1 week ago
parent
commit
85a2a898a1
2 changed files with 11 additions and 13 deletions
  1. 9
    7
      doc/source/cli/cli.rst
  2. 2
    6
      pegleg/engine/catalog/pki_utility.py

+ 9
- 7
doc/source/cli/cli.rst View File

@@ -477,10 +477,10 @@ Dashes in the document names will be converted to underscores for consistency.
477 477
 
478 478
 Name of site.
479 479
 
480
-**days** (Optional).
480
+**-d / --days** (Optional).
481 481
 
482 482
 Duration (in days) certificates should be valid.  Default=365,
483
-minimum=0, no maximum.
483
+minimum=0, no maximum.  Values less than 0 will raise an exception.
484 484
 
485 485
 NOTE: A generated certificate where days = 0 should only be used for testing.
486 486
 A certificate generated in such a way will be valid for 0 seconds.
@@ -510,14 +510,16 @@ Check PKI Certs
510 510
 ---------------
511 511
 
512 512
 Determine if any PKI certificates from a site are expired, or will be expired
513
-within N days (default N=60, no maximum, minimum 0). Print those cert names
514
-and expiration dates to ``stdout``.
513
+within ``days`` days.  If any are found, print the cert names and expiration
514
+dates to ``stdout``.
515 515
 
516 516
 **-d / --days** (Optional).
517 517
 
518
-Number of days past today's date to check certificate expirations.
519
-Default days=60.  Minimum days=0, days less than 0 will raise an exception.
520
-No maximum days.
518
+Duration (in days) to check certificate validity from today.  Default=60,
519
+minimum=0, no maximum.  Values less than 0 will raise an exception.
520
+
521
+NOTE: Checking PKI certs where days = 0 will check for certs that are expired
522
+at the time the command is run.
521 523
 
522 524
 **site_name** (Required).
523 525
 

+ 2
- 6
pegleg/engine/catalog/pki_utility.py View File

@@ -64,9 +64,7 @@ class PKIUtility(object):
64 64
 
65 65
     @property
66 66
     def ca_config(self):
67
-        if self.duration is not None and self.duration >= 0:
68
-            pass
69
-        else:
67
+        if self.duration is None or self.duration < 0:
70 68
             raise exceptions.PKICertificateInvalidDuration()
71 69
 
72 70
         if not self._ca_config_string:
@@ -209,9 +207,7 @@ class PKIUtility(object):
209 207
 
210 208
         """
211 209
 
212
-        if self.duration is not None and self.duration >= 0:
213
-            pass
214
-        else:
210
+        if self.duration is None or self.duration < 0:
215 211
             raise exceptions.PKICertificateInvalidDuration()
216 212
 
217 213
         info = self.cert_info(cert)

Loading…
Cancel
Save