|
Brian Stinson |
4e21f3 |
import os
|
|
Brian Stinson |
4e21f3 |
import sys
|
|
Brian Stinson |
4e21f3 |
import getpass
|
|
Brian Stinson |
4e21f3 |
from fedora.client.fas2 import AccountSystem
|
|
Brian Stinson |
4e21f3 |
from fedora.client.fas2 import CLAError
|
|
Brian Stinson |
4e21f3 |
from fedora.client import AuthError, ServerError
|
|
Brian Stinson |
4e21f3 |
from OpenSSL import crypto
|
|
Brian Stinson |
4e21f3 |
import urlgrabber
|
|
Brian Stinson |
4e21f3 |
import datetime
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
# This file was modified from the fedora_cert section in fedora-packager written
|
|
Brian Stinson |
4e21f3 |
# by Dennis Gilmore (https://fedorahosted.org/fedora-packager/)
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
# Define our own error class
|
|
Brian Stinson |
4e21f3 |
class fedora_cert_error(Exception):
|
|
Brian Stinson |
4e21f3 |
pass
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
def _open_cert():
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
Read in the certificate so we dont duplicate the code
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
# Make sure we can even read the thing.
|
|
Brian Stinson |
4e21f3 |
cert_file = os.path.join(os.path.expanduser('~'), ".koji", "client.crt")
|
|
Brian Stinson |
4e21f3 |
if not os.access(cert_file, os.R_OK):
|
|
Brian Stinson |
4e21f3 |
raise fedora_cert_error("""!!! cannot read your ~/.fedora.cert file !!!
|
|
Brian Stinson |
4e21f3 |
!!! Ensure the file is readable and try again !!!""")
|
|
Brian Stinson |
4e21f3 |
raw_cert = open(cert_file).read()
|
|
Brian Stinson |
4e21f3 |
my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)
|
|
Brian Stinson |
4e21f3 |
return my_cert
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
def verify_cert():
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
Check that the user cert is valid.
|
|
Brian Stinson |
4e21f3 |
things to check/return
|
|
Brian Stinson |
4e21f3 |
not revoked
|
|
Brian Stinson |
4e21f3 |
Expiry time warn if less than 21 days
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
my_cert = _open_cert()
|
|
Brian Stinson |
4e21f3 |
serial_no = my_cert.get_serial_number()
|
|
Brian Stinson |
4e21f3 |
valid_until = my_cert.get_notAfter()[:8]
|
|
Brian Stinson |
4e21f3 |
crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem")
|
|
Brian Stinson |
4e21f3 |
dateFmt = '%Y%m%d'
|
|
Brian Stinson |
4e21f3 |
delta = datetime.datetime.now() + datetime.timedelta(days=21)
|
|
Brian Stinson |
4e21f3 |
warn = datetime.datetime.strftime(delta, dateFmt)
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
print 'cert expires: %s-%s-%s' % (valid_until[:4], valid_until[4:6], valid_until[6:8])
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
if valid_until < warn:
|
|
Brian Stinson |
4e21f3 |
print 'WARNING: Your cert expires soon.'
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
def certificate_expired():
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
Check to see if ~/.fedora.cert is expired
|
|
Brian Stinson |
4e21f3 |
Returns True or False
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
my_cert = _open_cert()
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
if my_cert.has_expired():
|
|
Brian Stinson |
4e21f3 |
return True
|
|
Brian Stinson |
4e21f3 |
else:
|
|
Brian Stinson |
4e21f3 |
return False
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
def read_user_cert():
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
Figure out the Fedora user name from ~/.fedora.cert
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
"""
|
|
Brian Stinson |
4e21f3 |
my_cert = _open_cert()
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
subject = str(my_cert.get_subject())
|
|
Brian Stinson |
4e21f3 |
subject_line = subject.split("CN=")
|
|
Brian Stinson |
4e21f3 |
cn_parts = subject_line[1].split("/")
|
|
Brian Stinson |
4e21f3 |
username = cn_parts[0]
|
|
Brian Stinson |
4e21f3 |
return username
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
def create_user_cert(username=None):
|
|
Brian Stinson |
4e21f3 |
if not username:
|
|
Brian Stinson |
4e21f3 |
username = raw_input('FAS Username: ')
|
|
Brian Stinson |
4e21f3 |
password = getpass.getpass('FAS Password: ')
|
|
Brian Stinson |
4e21f3 |
try:
|
|
Brian Stinson |
4e21f3 |
fas = AccountSystem('https://admin.fedoraproject.org/accounts/', username=username, password=password)
|
|
Brian Stinson |
4e21f3 |
except AuthError:
|
|
Brian Stinson |
4e21f3 |
raise fedora_cert_error("Invalid username/password.")
|
|
Brian Stinson |
4e21f3 |
|
|
Brian Stinson |
4e21f3 |
try:
|
|
Brian Stinson |
4e21f3 |
cert = fas.user_gencert()
|
|
Brian Stinson |
4e21f3 |
fas.logout()
|
|
Brian Stinson |
4e21f3 |
except CLAError:
|
|
Brian Stinson |
4e21f3 |
fas.logout()
|
|
Brian Stinson |
4e21f3 |
raise fedora_cert_error("""You must sign the CLA before you can generate your certificate.\n
|
|
Brian Stinson |
4e21f3 |
To do this, go to https://admin.fedoraproject.org/accounts/cla/""")
|
|
Brian Stinson |
4e21f3 |
cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
|
|
Brian Stinson |
4e21f3 |
try:
|
|
Brian Stinson |
4e21f3 |
FILE = open(cert_file,"w")
|
|
Brian Stinson |
4e21f3 |
FILE.write(cert)
|
|
Brian Stinson |
4e21f3 |
FILE.close()
|
|
Brian Stinson |
4e21f3 |
except:
|
|
Brian Stinson |
4e21f3 |
raise fedora_cert_error("""Can not open cert file for writing.
|
|
Brian Stinson |
4e21f3 |
Please paste certificate into ~/.fedora.cert\n\n%s""" % cert)
|