diff options
Diffstat (limited to 'src/fedora-cert.py')
| -rwxr-xr-x | src/fedora-cert.py | 77 |
1 files changed, 55 insertions, 22 deletions
diff --git a/src/fedora-cert.py b/src/fedora-cert.py index 8d8223f..dc4b6d3 100755 --- a/src/fedora-cert.py +++ b/src/fedora-cert.py @@ -3,41 +3,72 @@ import optparse import os import sys import getpass -from fedora.accounts.fas2 import AccountSystem -from fedora.accounts.fas2 import CLAError -from fedora.tg.client import AuthError, ServerError +from fedora.client.fas2 import AccountSystem +from fedora.client.fas2 import CLAError +from fedora.client import AuthError, ServerError from OpenSSL import crypto +import urlgrabber -def read_cert_user(): - """ - Figure out the Fedora user name from ~/.fedora.cert +def _open_cert(): + """ + Read in the certificate so we dont duplicate the code """ - # Make sure we can even read the thing. + # Make sure we can even read the thing. cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert") if not os.access(cert_file, os.R_OK): print "!!! cannot read your ~/.fedora.cert file !!!" print "!!! Ensure the file is readable and try again !!!" sys.exit(1) - FILE = open(cert_file) - my_buf = FILE.read() - FILE.close() - my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, my_buf) + raw_cert = open(cert_file).read() + my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert) + return my_cert + +def verify_cert(): + """ + Check that the user cert is valid. + things to check/return + not revoked + Expiry time warn if less than 21 days + """ + my_cert = _open_cert() + serial_no = my_cert.get_serial_number() + valid_until = my_cert.get_notAfter() + crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem") + + +def certificate_expired(): + """ + Check to see if ~/.fedora.cert is expired + Returns True or False + + """ + my_cert = _open_cert() + + if my_cert.has_expired(): + return True + else: + return False + +def read_user_cert(): + """ + Figure out the Fedora user name from ~/.fedora.cert + + """ + my_cert = _open_cert() subject = str(my_cert.get_subject()) subject_line = subject.split("CN=") cn_parts = subject_line[1].split("/") username = cn_parts[0] - - if my_cert.has_expired(): + if certificate_expired(): print "Certificate expired; Lets get a new one." create_user_cert(username) return username - def create_user_cert(username): - if not username is None: + if not username: username = raw_input('FAS Username: ') password = getpass.getpass('FAS Password: ') try: @@ -56,7 +87,9 @@ def create_user_cert(username): sys.exit(1) cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert") if not os.access(cert_file, os.W_OK): - print "Can not open cert file for writing" + print """Can not open cert file for writing. +Please paste certificate into ~/.fedora.cert""" + print cert sys.exit(1) else: @@ -77,7 +110,7 @@ def main(opts): else: username = opts.username #has cert expired? do we force a new cert? get a new one - if opts.new_cert: + if opts.newcert: print "Getting a new User Certificate" create_user_cert(username) sys.exit(0) @@ -85,19 +118,19 @@ def main(opts): print "Certificate has expired, getting a new one" create_user_cert(username) sys.exit(0) - if opts.verify-cert: + if opts.verifycert: print "Verifying Certificate" if __name__ == '__main__': opt_p = optparse.OptionParser(usage="%prog [OPTIONS] ") opt_p.add_option('-u', '--username', action='store_true', dest='username', - help="FAS Username.") + default=False, help="FAS Username.") opt_p.add_option('-n', '--new-cert', action='store_true', dest='newcert', - help="Generate a new Fedora Certificate.") + default=False, help="Generate a new Fedora Certificate.") opt_p.add_option('-v', '--verify-cert', action='store_true', dest='verifycert', - help="Verify Certificate.") + default=False, help="Verify Certificate.") - opts = opt_p.parse_args() + (opts, args) = opt_p.parse_args() main(opts) |