Tree - centos/centpkg - CentOS Git server

lrossett / centos / centpkg

Forked from centos/centpkg 3 years ago

Source
Stats

Blame src/centpkg/centos_cert.py

Blob History Raw

James Antill	0f7184
James Antill	0f7184	`from __future__ import print_function`
James Antill	0f7184
Brian Stinson	4e21f3	`import os`
Brian Stinson	4e21f3	`from OpenSSL import crypto`
Brian Stinson	4e21f3	`import urlgrabber`
Brian Stinson	4e21f3	`import datetime`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`# This file was modified from the fedora_cert section in fedora-packager written`
Brian Stinson	4e21f3	`# by Dennis Gilmore (https://fedorahosted.org/fedora-packager/)`
Brian Stinson	4e21f3
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`# Define our own error class`
Brian Stinson	6fc4bb	`class centos_cert_error(Exception):`
Brian Stinson	4e21f3	`pass`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`def _open_cert():`
Brian Stinson	4e21f3	`"""`
Brian Stinson	4e21f3	`Read in the certificate so we dont duplicate the code`
Brian Stinson	4e21f3	`"""`
Brian Stinson	4e21f3	`# Make sure we can even read the thing.`
Brian Stinson	4e21f3	`cert_file = os.path.join(os.path.expanduser('~'), ".koji", "client.crt")`
Brian Stinson	4e21f3	`if not os.access(cert_file, os.R_OK):`
Brian Stinson	6fc4bb	`raise centos_cert_error("""!!! cannot read your centos cert file !!!`
Brian Stinson	4e21f3	`!!! Ensure the file is readable and try again !!!""")`
Brian Stinson	4e21f3	`raw_cert = open(cert_file).read()`
Brian Stinson	4e21f3	`my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)`
Brian Stinson	4e21f3	`return my_cert`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`def verify_cert():`
Brian Stinson	4e21f3	`"""`
Brian Stinson	6fc4bb	`Check that the user cert is valid.`
Brian Stinson	4e21f3	`things to check/return`
Brian Stinson	4e21f3	`not revoked`
Brian Stinson	4e21f3	`Expiry time warn if less than 21 days`
Brian Stinson	4e21f3	`"""`
Brian Stinson	4e21f3	`my_cert = _open_cert()`
Brian Stinson	4e21f3	`serial_no = my_cert.get_serial_number()`
Brian Stinson	4e21f3	`valid_until = my_cert.get_notAfter()[:8]`
Brian Stinson	6fc4bb	`# CRL verification would go here`
Brian Stinson	6fc4bb	`#crl = urlgrabber.urlread("https://<url_to_crl>/ca/crl.pem")`
Brian Stinson	4e21f3	`dateFmt = '%Y%m%d'`
Brian Stinson	4e21f3	`delta = datetime.datetime.now() + datetime.timedelta(days=21)`
Brian Stinson	4e21f3	`warn = datetime.datetime.strftime(delta, dateFmt)`
Brian Stinson	4e21f3
James Antill	0f7184	`print('cert expires: %s-%s-%s' % (valid_until[:4], valid_until[4:6], valid_until[6:8]))`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`if valid_until < warn:`
James Antill	0f7184	`print('WARNING: Your cert expires soon.')`
Brian Stinson	4e21f3
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`def certificate_expired():`
Brian Stinson	4e21f3	`"""`
Brian Stinson	6fc4bb	`Check to see if client cert is expired`
Brian Stinson	4e21f3	`Returns True or False`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`"""`
Brian Stinson	4e21f3	`my_cert = _open_cert()`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`if my_cert.has_expired():`
Brian Stinson	4e21f3	`return True`
Brian Stinson	4e21f3	`else:`
Brian Stinson	4e21f3	`return False`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`def read_user_cert():`
Brian Stinson	4e21f3	`"""`
Brian Stinson	6fc4bb	`Figure out the Fedora user name from client cert`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`"""`
Brian Stinson	4e21f3	`my_cert = _open_cert()`
Brian Stinson	4e21f3
Brian Stinson	4e21f3	`subject = str(my_cert.get_subject())`
Brian Stinson	4e21f3	`subject_line = subject.split("CN=")`
Brian Stinson	4e21f3	`cn_parts = subject_line[1].split("/")`
Brian Stinson	4e21f3	`username = cn_parts[0]`
Brian Stinson	4e21f3	`return username`
Brian Stinson	4e21f3

lrossett / centos / centpkg

Source Code

Blame src/centpkg/centos_cert.py