centos / centpkg

Clone
Source Code
GIT

Blame src/centpkg/centos_cert.py

develop
  1.   4e21f32dd41891ad12a48c4136b1aada193579c9
  2.   src
  3.   centpkg
  4.   centos_cert.py
Blob History Raw
Brian Stinson 4e21f3 
import os
Brian Stinson 4e21f3 
import sys
Brian Stinson 4e21f3 
import getpass
Brian Stinson 4e21f3 
from fedora.client.fas2 import AccountSystem
Brian Stinson 4e21f3 
from fedora.client.fas2 import CLAError
Brian Stinson 4e21f3 
from fedora.client import AuthError, ServerError
Brian Stinson 4e21f3 
from OpenSSL import crypto
Brian Stinson 4e21f3 
import urlgrabber
Brian Stinson 4e21f3 
import datetime
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
# This file was modified from the fedora_cert section in fedora-packager written
Brian Stinson 4e21f3 
# by Dennis Gilmore (https://fedorahosted.org/fedora-packager/)
Brian Stinson 4e21f3
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
# Define our own error class
Brian Stinson 4e21f3 
class fedora_cert_error(Exception):
Brian Stinson 4e21f3 
    pass
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
def _open_cert():
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
    Read in the certificate so we dont duplicate the code
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
     # Make sure we can even read the thing.
Brian Stinson 4e21f3 
    cert_file = os.path.join(os.path.expanduser('~'), ".koji", "client.crt")
Brian Stinson 4e21f3 
    if not os.access(cert_file, os.R_OK):
Brian Stinson 4e21f3 
        raise fedora_cert_error("""!!!    cannot read your ~/.fedora.cert file   !!!
Brian Stinson 4e21f3 
!!! Ensure the file is readable and try again !!!""")
Brian Stinson 4e21f3 
    raw_cert = open(cert_file).read()
Brian Stinson 4e21f3 
    my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)
Brian Stinson 4e21f3 
    return my_cert
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
def verify_cert():
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
    Check that the user cert is valid.
Brian Stinson 4e21f3 
    things to check/return
Brian Stinson 4e21f3 
    not revoked
Brian Stinson 4e21f3 
    Expiry time warn if less than 21 days
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
    my_cert = _open_cert()
Brian Stinson 4e21f3 
    serial_no = my_cert.get_serial_number()
Brian Stinson 4e21f3 
    valid_until = my_cert.get_notAfter()[:8]
Brian Stinson 4e21f3 
    crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem")
Brian Stinson 4e21f3 
    dateFmt = '%Y%m%d'
Brian Stinson 4e21f3 
    delta = datetime.datetime.now() + datetime.timedelta(days=21)
Brian Stinson 4e21f3 
    warn = datetime.datetime.strftime(delta, dateFmt)
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
    print 'cert expires: %s-%s-%s' % (valid_until[:4], valid_until[4:6], valid_until[6:8])
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
    if valid_until < warn:
Brian Stinson 4e21f3 
        print 'WARNING: Your cert expires soon.'
Brian Stinson 4e21f3
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
def certificate_expired():
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
    Check to see if ~/.fedora.cert is expired
Brian Stinson 4e21f3 
    Returns True or False
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
    my_cert = _open_cert()
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
    if my_cert.has_expired():
Brian Stinson 4e21f3 
        return True
Brian Stinson 4e21f3 
    else:
Brian Stinson 4e21f3 
        return False
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
def read_user_cert():
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
    Figure out the Fedora user name from ~/.fedora.cert
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
    """
Brian Stinson 4e21f3 
    my_cert = _open_cert()
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
    subject = str(my_cert.get_subject())
Brian Stinson 4e21f3 
    subject_line = subject.split("CN=")
Brian Stinson 4e21f3 
    cn_parts = subject_line[1].split("/")
Brian Stinson 4e21f3 
    username = cn_parts[0]
Brian Stinson 4e21f3 
    return username
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
def create_user_cert(username=None):
Brian Stinson 4e21f3 
    if not username:
Brian Stinson 4e21f3 
        username = raw_input('FAS Username: ')
Brian Stinson 4e21f3 
    password = getpass.getpass('FAS Password: ')
Brian Stinson 4e21f3 
    try:
Brian Stinson 4e21f3 
        fas = AccountSystem('https://admin.fedoraproject.org/accounts/', username=username, password=password)
Brian Stinson 4e21f3 
    except AuthError:
Brian Stinson 4e21f3 
        raise fedora_cert_error("Invalid username/password.")
Brian Stinson 4e21f3
Brian Stinson 4e21f3 
    try:
Brian Stinson 4e21f3 
        cert = fas.user_gencert()
Brian Stinson 4e21f3 
        fas.logout()
Brian Stinson 4e21f3 
    except CLAError:
Brian Stinson 4e21f3 
        fas.logout()
Brian Stinson 4e21f3 
        raise fedora_cert_error("""You must sign the CLA before you can generate your certificate.\n
Brian Stinson 4e21f3 
To do this, go to https://admin.fedoraproject.org/accounts/cla/""")
Brian Stinson 4e21f3 
    cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
Brian Stinson 4e21f3 
    try:
Brian Stinson 4e21f3 
        FILE = open(cert_file,"w")
Brian Stinson 4e21f3 
        FILE.write(cert)
Brian Stinson 4e21f3 
        FILE.close()
Brian Stinson 4e21f3 
    except:
Brian Stinson 4e21f3 
        raise fedora_cert_error("""Can not open cert file for writing.
Brian Stinson 4e21f3 
Please paste certificate into ~/.fedora.cert\n\n%s""" % cert)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation