lrossett / centos / centpkg

Forked from centos/centpkg 2 years ago
Clone
James Antill 0f7184
James Antill 0f7184
from __future__ import print_function
James Antill 0f7184
Brian Stinson 4e21f3
import os
Brian Stinson 4e21f3
from OpenSSL import crypto
Brian Stinson 4e21f3
import urlgrabber
Brian Stinson 4e21f3
import datetime
Brian Stinson 4e21f3
Brian Stinson 4e21f3
# This file was modified from the fedora_cert section in fedora-packager written
Brian Stinson 4e21f3
# by Dennis Gilmore (https://fedorahosted.org/fedora-packager/)
Brian Stinson 4e21f3
Brian Stinson 4e21f3
Brian Stinson 4e21f3
# Define our own error class
Brian Stinson 6fc4bb
class centos_cert_error(Exception):
Brian Stinson 4e21f3
    pass
Brian Stinson 4e21f3
Brian Stinson 4e21f3
def _open_cert():
Brian Stinson 4e21f3
    """
Brian Stinson 4e21f3
    Read in the certificate so we dont duplicate the code 
Brian Stinson 4e21f3
    """
Brian Stinson 4e21f3
     # Make sure we can even read the thing.
Brian Stinson 4e21f3
    cert_file = os.path.join(os.path.expanduser('~'), ".koji", "client.crt")
Brian Stinson 4e21f3
    if not os.access(cert_file, os.R_OK):
Brian Stinson 6fc4bb
        raise centos_cert_error("""!!!    cannot read your centos cert file   !!!
Brian Stinson 4e21f3
!!! Ensure the file is readable and try again !!!""")
Brian Stinson 4e21f3
    raw_cert = open(cert_file).read()
Brian Stinson 4e21f3
    my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)
Brian Stinson 4e21f3
    return my_cert
Brian Stinson 4e21f3
Brian Stinson 4e21f3
def verify_cert():
Brian Stinson 4e21f3
    """
Brian Stinson 6fc4bb
    Check that the user cert is valid.
Brian Stinson 4e21f3
    things to check/return
Brian Stinson 4e21f3
    not revoked
Brian Stinson 4e21f3
    Expiry time warn if less than 21 days
Brian Stinson 4e21f3
    """
Brian Stinson 4e21f3
    my_cert = _open_cert()
Brian Stinson 4e21f3
    serial_no = my_cert.get_serial_number()
Brian Stinson 4e21f3
    valid_until = my_cert.get_notAfter()[:8]
Brian Stinson 6fc4bb
    # CRL verification would go here
Brian Stinson 6fc4bb
    #crl = urlgrabber.urlread("https://<url_to_crl>/ca/crl.pem")
Brian Stinson 4e21f3
    dateFmt = '%Y%m%d'
Brian Stinson 4e21f3
    delta = datetime.datetime.now() + datetime.timedelta(days=21)
Brian Stinson 4e21f3
    warn = datetime.datetime.strftime(delta, dateFmt)
Brian Stinson 4e21f3
James Antill 0f7184
    print('cert expires: %s-%s-%s' % (valid_until[:4], valid_until[4:6], valid_until[6:8]))
Brian Stinson 4e21f3
Brian Stinson 4e21f3
    if valid_until < warn:
James Antill 0f7184
        print('WARNING: Your cert expires soon.')
Brian Stinson 4e21f3
Brian Stinson 4e21f3
Brian Stinson 4e21f3
def certificate_expired():
Brian Stinson 4e21f3
    """
Brian Stinson 6fc4bb
    Check to see if client cert is expired
Brian Stinson 4e21f3
    Returns True or False
Brian Stinson 4e21f3
Brian Stinson 4e21f3
    """
Brian Stinson 4e21f3
    my_cert = _open_cert()
Brian Stinson 4e21f3
Brian Stinson 4e21f3
    if my_cert.has_expired():
Brian Stinson 4e21f3
        return True
Brian Stinson 4e21f3
    else:
Brian Stinson 4e21f3
        return False
Brian Stinson 4e21f3
Brian Stinson 4e21f3
def read_user_cert():
Brian Stinson 4e21f3
    """
Brian Stinson 6fc4bb
    Figure out the Fedora user name from client cert
Brian Stinson 4e21f3
Brian Stinson 4e21f3
    """
Brian Stinson 4e21f3
    my_cert = _open_cert()
Brian Stinson 4e21f3
Brian Stinson 4e21f3
    subject = str(my_cert.get_subject())
Brian Stinson 4e21f3
    subject_line = subject.split("CN=")
Brian Stinson 4e21f3
    cn_parts = subject_line[1].split("/")
Brian Stinson 4e21f3
    username = cn_parts[0]
Brian Stinson 4e21f3
    return username
Brian Stinson 4e21f3