From: Christoph Egger Date: Tue, 30 Aug 2016 11:05:20 +0000 (+0200) Subject: Code cleanup X-Git-Url: https://git.siccegge.de//index.cgi?a=commitdiff_plain;h=51d6a5e599dcccbe4c6ee381c54d25c432a36e7f;p=dane-monitoring-plugins.git Code cleanup --- diff --git a/check_dane/cert.py b/check_dane/cert.py index a66a134..9ba4175 100644 --- a/check_dane/cert.py +++ b/check_dane/cert.py @@ -26,7 +26,7 @@ def verify_certificate(cert, args): logging.error("expires in %8s,%16s", deltastr[0], deltastr[1]) return 2 elif delta.days < args.warndays: - logging.warn("expires in %8s,%16s", deltastr[0], deltastr[1]) + logging.warning("expires in %8s,%16s", deltastr[0], deltastr[1]) return 1 return 0 diff --git a/check_dane/tlsa.py b/check_dane/tlsa.py index 3cd1d94..2e22057 100644 --- a/check_dane/tlsa.py +++ b/check_dane/tlsa.py @@ -7,13 +7,12 @@ import logging from .cert import get_spki -from unbound import RR_TYPE_A, RR_TYPE_AAAA -from unbound import idn2dname, ub_strerror +from unbound import ub_strerror try: from unbound import RR_TYPE_TLSA except ImportError: - RR_TYPE_TLSA=52 + RR_TYPE_TLSA = 52 def verify_tlsa_record(resolver, record, certificate): s, r = resolver.resolve(record, rrtype=RR_TYPE_TLSA) @@ -45,15 +44,18 @@ def verify_tlsa_record(resolver, record, certificate): if matching == 0: if verifieddata == data: - logging.info("Found matching record: `TLSA %d %d %d %s`", usage, selector, matching, hexencoder(data)[0]) + logging.info("Found matching record: `TLSA %d %d %d %s`", + usage, selector, matching, hexencoder(data)[0]) return 0 elif matching == 1: if hashlib.sha256(verifieddata).digest() == data: - logging.info("Found matching record: `TLSA %d %d %d %s`", usage, selector, matching, hexencoder(data)[0].decode()) + logging.info("Found matching record: `TLSA %d %d %d %s`", + usage, selector, matching, hexencoder(data)[0].decode()) return 0 elif matching == 2: if hashlib.sha512(verifieddata).digest() == data: - logging.info("Found matching record: `TLSA %d %d %d %s`", usage, selector, matching, hexencoder(data)[0].decode()) + logging.info("Found matching record: `TLSA %d %d %d %s`", + usage, selector, matching, hexencoder(data)[0].decode()) return 0 else: # currently only 0, 1 and 2 are assigned diff --git a/check_dane_smtp b/check_dane_smtp index 3358c71..d9c2732 100755 --- a/check_dane_smtp +++ b/check_dane_smtp @@ -9,8 +9,9 @@ import argparse import logging from socket import socket, AF_INET6, AF_INET, create_connection -from ssl import SSLContext, PROTOCOL_TLSv1_2, CERT_REQUIRED, cert_time_to_seconds, SSLError, CertificateError, create_default_context -from unbound import ub_ctx, ub_strerror +from ssl import SSLError, CertificateError, SSLContext +from ssl import PROTOCOL_TLSv1_2, CERT_REQUIRED +from unbound import ub_ctx from check_dane.tlsa import verify_tlsa_record from check_dane.cert import verify_certificate, add_certificate_options @@ -121,7 +122,8 @@ def main(): return 2 retval = verify_certificate(connection.getpeercert(), args) - nretval = verify_tlsa_record(resolver, "_%d._tcp.%s" % (port, host), connection.getpeercert(binary_form=True)) + nretval = verify_tlsa_record(resolver, "_%d._tcp.%s" % (port, host), + connection.getpeercert(binary_form=True)) retval = max(retval, nretval) close_connection(connection) diff --git a/check_dane_ssh b/check_dane_ssh index fe56dea..90a7a02 100755 --- a/check_dane_ssh +++ b/check_dane_ssh @@ -16,7 +16,7 @@ import paramiko try: from unbound import RR_TYPE_SSHFP except ImportError: - RR_TYPE_SSHFP=44 + RR_TYPE_SSHFP = 44 class HostKeyMatchSSHFP(BaseException): @@ -58,22 +58,30 @@ class HostKeyLookup(paramiko.client.MissingHostKeyPolicy): elif hashtype == 2: actualhash = hashlib.sha256(actualhostkey).digest() else: - logging.warn("Only hashtypes 1 and 2 supported") + logging.warning("Only hashtypes 1 and 2 supported") if keytype == 1 and actualkeytype == 'ssh-rsa': if data == actualhash: + logging.info("Found matching record: `SSHFP %d %d %s`", + keytype, hashtype, hexencoder(data)[0].decode()) raise HostKeyMatchSSHFP elif keytype == 2 and actualkeytype == 'ssh-dss': if data == actualhash: + logging.info("Found matching record: `SSHFP %d %d %s`", + keytype, hashtype, hexencoder(data)[0].decode()) raise HostKeyMatchSSHFP elif keytype == 3 and actualkeytype == 'ssh-ecdsa': if data == actualhash: + logging.info("Found matching record: `SSHFP %d %d %s`", + keytype, hashtype, hexencoder(data)[0].decode()) raise HostKeyMatchSSHFP elif keytype == 4 and actualkeytype == 'ssh-ed25519': if data == actualhash: + logging.info("Found matching record: `SSHFP %d %d %s`", + keytype, hashtype, hexencoder(data)[0].decode()) raise HostKeyMatchSSHFP logging.error("No matching SSHFP record found")