summaryrefslogtreecommitdiffstats
path: root/src/fedora-cert.py
diff options
context:
space:
mode:
authorDennis Gilmore <dennis@ausil.us>2009-03-02 23:34:10 -0600
committerDennis Gilmore <dennis@ausil.us>2009-03-02 23:34:10 -0600
commitb6626a66cd48dce1dd7961426015df16e5503555 (patch)
tree55ff810de4b8551feb6ac7aff40911e75bc2cc4d /src/fedora-cert.py
parent28d0d2469d36695601dc62e20d8eb5eef68c27c3 (diff)
downloadfedora-packager-b6626a66cd48dce1dd7961426015df16e5503555.tar.gz
fedora-packager-b6626a66cd48dce1dd7961426015df16e5503555.tar.xz
fedora-packager-b6626a66cd48dce1dd7961426015df16e5503555.zip
add fedora-cert.py for managing user certs
Diffstat (limited to 'src/fedora-cert.py')
-rw-r--r--src/fedora-cert.py103
1 files changed, 103 insertions, 0 deletions
diff --git a/src/fedora-cert.py b/src/fedora-cert.py
new file mode 100644
index 0000000..8d8223f
--- /dev/null
+++ b/src/fedora-cert.py
@@ -0,0 +1,103 @@
+#!/usr/bin/python
+import optparse
+import os
+import sys
+import getpass
+from fedora.accounts.fas2 import AccountSystem
+from fedora.accounts.fas2 import CLAError
+from fedora.tg.client import AuthError, ServerError
+from OpenSSL import crypto
+
+def read_cert_user():
+ """
+ Figure out the Fedora user name from ~/.fedora.cert
+
+ """
+ # Make sure we can even read the thing.
+ cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
+ if not os.access(cert_file, os.R_OK):
+ print "!!! cannot read your ~/.fedora.cert file !!!"
+ print "!!! Ensure the file is readable and try again !!!"
+ sys.exit(1)
+ FILE = open(cert_file)
+ my_buf = FILE.read()
+ FILE.close()
+ my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, my_buf)
+
+ subject = str(my_cert.get_subject())
+ subject_line = subject.split("CN=")
+ cn_parts = subject_line[1].split("/")
+ username = cn_parts[0]
+
+ if my_cert.has_expired():
+ print "Certificate expired; Lets get a new one."
+ create_user_cert(username)
+
+ return username
+
+
+def create_user_cert(username):
+ if not username is None:
+ username = raw_input('FAS Username: ')
+ password = getpass.getpass('FAS Password: ')
+ try:
+ fas = AccountSystem('https://admin.fedoraproject.org/', username, password)
+ except AuthError:
+ print "Invalid username/password."
+ sys.exit(1)
+
+ try:
+ cert = fas.user_gencert()
+ fas.logout()
+ except CLAError:
+ print "You must sign the CLA before you can generate your certificate.\n" \
+ "To do this, go to https://admin.fedoraproject.org/accounts/cla/"
+ fas.logout()
+ sys.exit(1)
+ cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
+ if not os.access(cert_file, os.W_OK):
+ print "Can not open cert file for writing"
+ print cert
+ sys.exit(1)
+ else:
+ FILE = open(cert_file,"w")
+ FILE.write(cert)
+ FILE.close()
+
+def main(opts):
+ # lets read in the existing cert if it exists.
+ # gets us existing acc info
+ if not opts.username:
+ try:
+ username = read_user_cert()
+ except :
+ print "Can't determine fas name, lets get a new cert"
+ create_user_cert(None)
+ sys.exit(0)
+ else:
+ username = opts.username
+ #has cert expired? do we force a new cert? get a new one
+ if opts.new_cert:
+ print "Getting a new User Certificate"
+ create_user_cert(username)
+ sys.exit(0)
+ if certificate_expired():
+ print "Certificate has expired, getting a new one"
+ create_user_cert(username)
+ sys.exit(0)
+ if opts.verify-cert:
+ print "Verifying Certificate"
+
+
+if __name__ == '__main__':
+ opt_p = optparse.OptionParser(usage="%prog [OPTIONS] ")
+ opt_p.add_option('-u', '--username', action='store_true', dest='username',
+ help="FAS Username.")
+ opt_p.add_option('-n', '--new-cert', action='store_true', dest='newcert',
+ help="Generate a new Fedora Certificate.")
+ opt_p.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
+ help="Verify Certificate.")
+
+ opts = opt_p.parse_args()
+
+ main(opts)