summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xsrc/fedora-cert.py1
-rw-r--r--src/fedora_cert/__init__.py13
2 files changed, 12 insertions, 2 deletions
diff --git a/src/fedora-cert.py b/src/fedora-cert.py
index e27b6c0..ee2c89c 100755
--- a/src/fedora-cert.py
+++ b/src/fedora-cert.py
@@ -38,6 +38,7 @@ def main(opts):
sys.exit(0)
if opts.verifycert:
print "Verifying Certificate"
+ fedora_cert.verify_cert()
print "Not implemented yet"
if __name__ == '__main__':
diff --git a/src/fedora_cert/__init__.py b/src/fedora_cert/__init__.py
index 0912fb0..b35ca4c 100644
--- a/src/fedora_cert/__init__.py
+++ b/src/fedora_cert/__init__.py
@@ -17,6 +17,7 @@ from fedora.client.fas2 import CLAError
from fedora.client import AuthError, ServerError
from OpenSSL import crypto
import urlgrabber
+import datetime
# Define our own error class
class fedora_cert_error(Exception):
@@ -30,7 +31,7 @@ def _open_cert():
cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
if not os.access(cert_file, os.R_OK):
raise fedora_cert_error("""!!! cannot read your ~/.fedora.cert file !!!
-!!! Ensure the file is readable and try again !!!"""
+!!! Ensure the file is readable and try again !!!""")
raw_cert = open(cert_file).read()
my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)
return my_cert
@@ -44,8 +45,16 @@ def verify_cert():
"""
my_cert = _open_cert()
serial_no = my_cert.get_serial_number()
- valid_until = my_cert.get_notAfter()
+ valid_until = my_cert.get_notAfter()[:8]
crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem")
+ dateFmt = '%Y%m%d'
+ delta = datetime.datetime.now() + datetime.timedelta(days=21)
+ warn = datetime.datetime.strftime(delta, dateFmt)
+
+ print 'cert expires: %s-%s-%s' % (valid_until[:4], valid_until[4:6], valid_until[6:8])
+
+ if valid_until < warn:
+ print 'WARNING: Your cert expires soon.'
def certificate_expired():