Merge pull request #397 from skalenetwork/sgx-certs-script

gannakulikova · web-flow · commit ff91ee2e9b0f · 2022-08-16T15:36:45.000+02:00
add doc and script to check certificates
diff --git a/docs/grep-certificates.md b/docs/grep-certificates.md
@@ -0,0 +1,7 @@
+# How to check when the certificates stored on sgxwallet were created
+- Download file `scripts/grep_certificates.py` from the sgxwallet repository and put it in sgxwallet repository directory on your machine.
+- Go to sgxwallet repository directory.
+- Run `python3 grep_certificates.py PATH_TO_SGXWALLET_DB_FOLDER`. PATH_TO_SGXWALLET_DB_FOLDER - path (either absolute or relative) to the `sgx_data` directory where sgxwallet db is stored. For example, `/root/sgxwallet/run_sgx/sgx_data` or `run_sgx/sgx_data`
+- The script will output the dates when every certificate was created.
+- Go to skale-node and run `cat .skale/node_data/sgx_certs/sgx.crt | grep "Not Before"`.
+- Ensure that the output of the last command exists in the list from step 3 and it is the latest certificate there! 
diff --git a/scripts/grep_certificates.py b/scripts/grep_certificates.py
@@ -0,0 +1,43 @@
+import os
+import re
+import sys
+
+def main():
+    if len(sys.argv) != 2:
+        print("Wrong number of command line arguments: need exactly one")
+        exit(1)
+
+    path = sys.argv[1]
+    if not os.path.exists(path):
+        print("No such file or directory: ", path)
+        exit(2)
+    
+    certs_path = os.path.join(path, "cert_data", "new_certs")
+    if not os.path.exists(certs_path):
+        print("No such file or directory: ", certs_path)
+        exit(3)
+
+    if len(os.listdir(certs_path)) == 0:
+        print("Empty certificates directory. Nothing to review.")
+        return
+    
+    print("Total number of elements in folder:", len(os.listdir(certs_path)))
+    for entity in os.listdir(certs_path):
+        print("Reviewing", entity)
+        entity_path = os.path.join(certs_path, entity)
+        if not os.path.isfile(entity_path):
+            print("Not a regular file. Skipping.")
+            continue
+        _, extension = os.path.splitext(entity_path)
+        if extension != '.pem':
+            print("Not a ssl certificate file. Skipping.")
+            continue
+        with open(entity_path,"r") as file_one:
+            pattern = "Not Before"
+            for line in file_one:
+                if re.search(pattern, line):
+                    print(line)
+                    break
+
+if __name__ == '__main__':
+    main()
