diff options
author | Dennis Gilmore <dennis@ausil.us> | 2010-01-28 21:06:19 -0600 |
---|---|---|
committer | Dennis Gilmore <dennis@ausil.us> | 2010-01-28 21:06:19 -0600 |
commit | 93887e4c66386555a006fac5412700797d4479df (patch) | |
tree | 4257b047bdb00e6cae9cf3dbc4ea69bb8eaeb290 /src | |
parent | adee75a9c980ad6dd9f2172581adf6ddec65114a (diff) | |
download | fedora-packager-93887e4c66386555a006fac5412700797d4479df.tar.gz fedora-packager-93887e4c66386555a006fac5412700797d4479df.tar.xz fedora-packager-93887e4c66386555a006fac5412700797d4479df.zip |
make fedora_cert a library so we can import it in multiple places
Diffstat (limited to 'src')
-rw-r--r-- | src/fedora_cert/__init__.py | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/src/fedora_cert/__init__.py b/src/fedora_cert/__init__.py new file mode 100644 index 0000000..bd426fc --- /dev/null +++ b/src/fedora_cert/__init__.py @@ -0,0 +1,104 @@ +# fedora-cert - a Python library for Managing fedora SSL Certificates +# +# Copyright (C) 2009-2010 Red Hat Inc. +# Author(s): Dennis Gilmore <dennis@ausil.us> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See http://www.gnu.org/copyleft/gpl.html for +# the full text of the license. + +import os +import sys +import getpass +from fedora.client.fas2 import AccountSystem +from fedora.client.fas2 import CLAError +from fedora.client import AuthError, ServerError +from OpenSSL import crypto +import urlgrabber + + +def _open_cert(): + """ + Read in the certificate so we dont duplicate the code + """ + # Make sure we can even read the thing. + cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert") + if not os.access(cert_file, os.R_OK): + print "!!! cannot read your ~/.fedora.cert file !!!" + print "!!! Ensure the file is readable and try again !!!" + sys.exit(1) + raw_cert = open(cert_file).read() + my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert) + return my_cert + +def verify_cert(): + """ + Check that the user cert is valid. + things to check/return + not revoked + Expiry time warn if less than 21 days + """ + my_cert = _open_cert() + serial_no = my_cert.get_serial_number() + valid_until = my_cert.get_notAfter() + crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem") + + +def certificate_expired(): + """ + Check to see if ~/.fedora.cert is expired + Returns True or False + + """ + my_cert = _open_cert() + + if my_cert.has_expired(): + return True + else: + return False + +def read_user_cert(): + """ + Figure out the Fedora user name from ~/.fedora.cert + + """ + my_cert = _open_cert() + + subject = str(my_cert.get_subject()) + subject_line = subject.split("CN=") + cn_parts = subject_line[1].split("/") + username = cn_parts[0] + return username + +def create_user_cert(username=None): + if not username: + username = raw_input('FAS Username: ') + password = getpass.getpass('FAS Password: ') + try: + fas = AccountSystem('https://admin.fedoraproject.org/accounts/', username=username, password=password) + except AuthError: + print "Invalid username/password." + sys.exit(1) + + try: + cert = fas.user_gencert() + fas.logout() + except CLAError: + print "You must sign the CLA before you can generate your certificate.\n" \ + "To do this, go to https://admin.fedoraproject.org/accounts/cla/" + fas.logout() + sys.exit(1) + cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert") + try: + FILE = open(cert_file,"w") + FILE.write(cert) + FILE.close() + except: + print """Can not open cert file for writing. +Please paste certificate into ~/.fedora.cert""" + + print cert + sys.exit(1) + |