Import centos_cert.py from fedora_cert section in fedora-packager

2025-02-23 16:22:55 +00:00 · 2014-09-01 12:17:50 -05:00 · 2014-09-01 12:17:50 -05:00 · 4e21f32dd4
commit 4e21f32dd4
parent 10bb17959c
1 changed files with 102 additions and 0 deletions
--- a/src/centpkg/centos_cert.py
+++ b/src/centpkg/centos_cert.py
@ -0,0 +1,102 @@
+import os
+import sys
+import getpass
+from fedora.client.fas2 import AccountSystem
+from fedora.client.fas2 import CLAError
+from fedora.client import AuthError, ServerError
+from OpenSSL import crypto
+import urlgrabber
+import datetime
+
+# This file was modified from the fedora_cert section in fedora-packager written
+# by Dennis Gilmore (https://fedorahosted.org/fedora-packager/)
+
+
+# Define our own error class
+class fedora_cert_error(Exception):
+    pass
+
+def _open_cert():
+    """
+    Read in the certificate so we dont duplicate the code 
+    """
+     # Make sure we can even read the thing.
+    cert_file = os.path.join(os.path.expanduser('~'), ".koji", "client.crt")
+    if not os.access(cert_file, os.R_OK):
+        raise fedora_cert_error("""!!!    cannot read your ~/.fedora.cert file   !!!
+!!! Ensure the file is readable and try again !!!""")
+    raw_cert = open(cert_file).read()
+    my_cert = crypto.load_certificate(crypto.FILETYPE_PEM, raw_cert)
+    return my_cert
+
+def verify_cert():
+    """
+    Check that the user cert is valid. 
+    things to check/return
+    not revoked
+    Expiry time warn if less than 21 days
+    """
+    my_cert = _open_cert()
+    serial_no = my_cert.get_serial_number()
+    valid_until = my_cert.get_notAfter()[:8]
+    crl = urlgrabber.urlread("https://admin.fedoraproject.org/ca/crl.pem")
+    dateFmt = '%Y%m%d'
+    delta = datetime.datetime.now() + datetime.timedelta(days=21)
+    warn = datetime.datetime.strftime(delta, dateFmt)
+
+    print 'cert expires: %s-%s-%s' % (valid_until[:4], valid_until[4:6], valid_until[6:8])
+
+    if valid_until < warn:
+        print 'WARNING: Your cert expires soon.'
+
+
+def certificate_expired():
+    """
+    Check to see if ~/.fedora.cert is expired
+    Returns True or False
+
+    """
+    my_cert = _open_cert()
+
+    if my_cert.has_expired():
+        return True
+    else:
+        return False
+
+def read_user_cert():
+    """
+    Figure out the Fedora user name from ~/.fedora.cert
+
+    """
+    my_cert = _open_cert()
+
+    subject = str(my_cert.get_subject())
+    subject_line = subject.split("CN=")
+    cn_parts = subject_line[1].split("/")
+    username = cn_parts[0]
+    return username
+
+def create_user_cert(username=None):
+    if not username:
+        username = raw_input('FAS Username: ')
+    password = getpass.getpass('FAS Password: ')
+    try:
+        fas = AccountSystem('https://admin.fedoraproject.org/accounts/', username=username, password=password)
+    except AuthError:
+        raise fedora_cert_error("Invalid username/password.")
+
+    try:
+        cert = fas.user_gencert()
+        fas.logout()
+    except CLAError:
+        fas.logout()
+        raise fedora_cert_error("""You must sign the CLA before you can generate your certificate.\n
+To do this, go to https://admin.fedoraproject.org/accounts/cla/""")
+    cert_file = os.path.join(os.path.expanduser('~'), ".fedora.cert")
+    try:
+        FILE = open(cert_file,"w")
+        FILE.write(cert)
+        FILE.close()
+    except:
+        raise fedora_cert_error("""Can not open cert file for writing.
+Please paste certificate into ~/.fedora.cert\n\n%s""" % cert)