From 2e58e8b7d92c7b2f376a6bbcf50ebdb3412a63b6 Mon Sep 17 00:00:00 2001
From: Dennis Gilmore <dennis@ausil.us>
Date: Mon, 13 Jul 2009 08:44:27 -0500
Subject: add rpmbuild-md5 so that srpms can easily be made for oldstyle hases
 to do scratch builds on old distros from newer ones

---
 src/fedora-cert.py | 77 ++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 55 insertions(+), 22 deletions(-)

(limited to 'src/fedora-cert.py')

diff --git a/src/fedora-cert.py b/src/fedora-cert.py
index 8d8223f..dc4b6d3 100755
--- a/src/fedora-cert.py
+++ b/src/fedora-cert.py
@@ -3,41 +3,72 @@ import optparse
 import os
 import sys
 import getpass
-from fedora.accounts.fas2 import AccountSystem
-from fedora.accounts.fas2 import CLAError
-from fedora.tg.client import AuthError, ServerError
+from fedora.client.fas2 import AccountSystem
+from fedora.client.fas2 import CLAError
+from fedora.client import AuthError, ServerError
 from OpenSSL import crypto
+import urlgrabber
 
-def read_cert_user():
-    """
-    Figure out the Fedora user name from ~/.fedora.cert
 
+def _open_cert():
+    """
+    Read in the certificate so we dont duplicate the code 
     """
-    # Make sure we can even read the thing.
+     # Make sure we can even read the thing.
     cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
     if not os.access(cert_file, os.R_OK):
         print "!!!    cannot read your ~/.fedora.cert file   !!!"
         print "!!! Ensure the file is readable and try again !!!"
         sys.exit(1)
-    FILE = open(cert_file)
-    my_buf = FILE.read()
-    FILE.close()
-    my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, my_buf)
+    raw_cert = open(cert_file).read()
+    my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)
+    return my_cert
+
+def verify_cert():
+    """
+    Check that the user cert is valid. 
+    things to check/return
+    not revoked
+    Expiry time warn if less than 21 days
+    """
+    my_cert = _open_cert()
+    serial_no = my_cert.get_serial_number()
+    valid_until = my_cert.get_notAfter()
+    crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem")
+
+
+def certificate_expired():
+    """
+    Check to see if ~/.fedora.cert is expired
+    Returns True or False
+
+    """
+    my_cert = _open_cert()
+
+    if my_cert.has_expired():
+        return True
+    else:
+        return False
+
+def read_user_cert():
+    """
+    Figure out the Fedora user name from ~/.fedora.cert
+
+    """
+    my_cert = _open_cert()
 
     subject = str(my_cert.get_subject())
     subject_line = subject.split("CN=")
     cn_parts = subject_line[1].split("/")
     username = cn_parts[0]
-
-    if my_cert.has_expired():
+    if certificate_expired():
         print "Certificate expired; Lets get a new one."
         create_user_cert(username)
 
     return username
 
-
 def create_user_cert(username):
-    if not username is None:
+    if not username:
         username = raw_input('FAS Username: ')
     password = getpass.getpass('FAS Password: ')
     try:
@@ -56,7 +87,9 @@ def create_user_cert(username):
         sys.exit(1)
     cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
     if not os.access(cert_file, os.W_OK):
-        print "Can not open cert file for writing"
+        print """Can not open cert file for writing.
+Please paste certificate into ~/.fedora.cert"""
+       
         print cert
         sys.exit(1)
     else:
@@ -77,7 +110,7 @@ def main(opts):
     else:
         username = opts.username
     #has cert expired? do we force a new cert? get a new one
-    if opts.new_cert:
+    if opts.newcert:
         print "Getting a new User Certificate"
         create_user_cert(username)
         sys.exit(0)
@@ -85,19 +118,19 @@ def main(opts):
         print "Certificate has expired, getting a new one"
         create_user_cert(username)
         sys.exit(0)
-    if opts.verify-cert:
+    if opts.verifycert:
         print "Verifying Certificate"
 
      
 if __name__ == '__main__':
     opt_p = optparse.OptionParser(usage="%prog [OPTIONS] ")
     opt_p.add_option('-u', '--username', action='store_true', dest='username',
-                     help="FAS Username.")
+                     default=False, help="FAS Username.")
     opt_p.add_option('-n', '--new-cert', action='store_true', dest='newcert',
-                     help="Generate a new Fedora Certificate.")
+                     default=False, help="Generate a new Fedora Certificate.")
     opt_p.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
-                     help="Verify Certificate.")
+                     default=False, help="Verify Certificate.")
 
-    opts = opt_p.parse_args()
+    (opts, args) = opt_p.parse_args()
 
     main(opts)
-- 
cgit