|
|
fe92a6 |
#!/usr/bin/python
|
|
|
fe92a6 |
# -*- coding: utf-8 -*-
|
|
|
fe92a6 |
|
|
|
fe92a6 |
import os
|
|
|
108032 |
import pwd
|
|
|
fe92a6 |
import sys
|
|
|
fe92a6 |
import optparse
|
|
|
fe92a6 |
import urlparse
|
|
|
fe92a6 |
import requests
|
|
|
fe92a6 |
|
|
|
fe92a6 |
from getpass import getpass
|
|
|
fe92a6 |
|
|
|
fe92a6 |
from centos import CentOSUserCert
|
|
|
fe92a6 |
from centos import defaults
|
|
|
fe92a6 |
|
|
|
6d79d7 |
|
|
|
fe92a6 |
def download_cert(username, password, topurl=None, servercacert=None, uploadcacert=None):
|
|
|
fe92a6 |
if not topurl:
|
|
|
fe92a6 |
topurl = defaults.FAS_TOPURL
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if not servercacert:
|
|
|
fe92a6 |
servercacert = defaults.SERVER_CA_CERT_FILE
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if not uploadcacert:
|
|
|
fe92a6 |
uploadcacert = defaults.UPLOAD_CA_CERT_FILE
|
|
|
fe92a6 |
|
|
|
fe92a6 |
splittopurl = urlparse.urlsplit(topurl)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
usercertpath = os.path.join(splittopurl.path, 'user/dogencert')
|
|
|
6d79d7 |
params = {'user_name': username, 'password': password, 'login': 'Login'}
|
|
|
fe92a6 |
|
|
|
fe92a6 |
userspliturl = urlparse.SplitResult(splittopurl.scheme,
|
|
|
fe92a6 |
splittopurl.netloc,
|
|
|
fe92a6 |
usercertpath,
|
|
|
fe92a6 |
None,
|
|
|
fe92a6 |
None)
|
|
|
fe92a6 |
|
|
|
108032 |
servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem')
|
|
|
fe92a6 |
servercaspliturl = urlparse.SplitResult(splittopurl.scheme,
|
|
|
fe92a6 |
splittopurl.netloc,
|
|
|
fe92a6 |
servercapath,
|
|
|
fe92a6 |
None,
|
|
|
fe92a6 |
None)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
userurl = urlparse.urlunsplit(userspliturl)
|
|
|
fe92a6 |
servercaurl = urlparse.urlunsplit(servercaspliturl)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile:
|
|
|
137162 |
r = requests.post(userurl, params=params)
|
|
|
137162 |
try:
|
|
|
137162 |
r.raise_for_status()
|
|
|
137162 |
except requests.exceptions.HTTPError as e:
|
|
|
7948a5 |
print("""Could not generate certificate!
|
|
|
7948a5 |
Response Code: {0}
|
|
|
7948a5 |
Message: {1}""".format(e.response.status_code, e.response.reason)).strip()
|
|
|
137162 |
sys.exit(1)
|
|
|
108032 |
|
|
|
137162 |
response = r.text
|
|
|
137162 |
usercertfile.write(response)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile:
|
|
|
503aa6 |
r = requests.get(servercaurl)
|
|
|
137162 |
try:
|
|
|
137162 |
r.raise_for_status()
|
|
|
137162 |
except requests.exceptions.HTTPError as e:
|
|
|
7948a5 |
print("""Could not download CA Certificate!
|
|
|
7948a5 |
Response Code: {0}
|
|
|
7948a5 |
Message: {1}""".format(e.response.status_code, e.response.reason)).strip()
|
|
|
137162 |
sys.exit(1)
|
|
|
108032 |
|
|
|
137162 |
response = r.text
|
|
|
137162 |
servercacertfile.write(response)
|
|
|
fe92a6 |
|
|
|
108032 |
# for now upload-ca.cert is the same as the server-ca cert. let's link them here
|
|
|
108032 |
if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)):
|
|
|
108032 |
os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
|
|
|
108032 |
|
|
|
108032 |
os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE),
|
|
|
108032 |
os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
|
|
|
108032 |
|
|
|
faf598 |
os.chmod(os.path.expanduser(defaults.USER_CERT_FILE), 0o600)
|
|
|
faf598 |
|
|
|
fe92a6 |
|
|
|
fe92a6 |
def main(opts):
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if not opts.certfile:
|
|
|
fe92a6 |
certfile = defaults.USER_CERT_FILE
|
|
|
fe92a6 |
else:
|
|
|
fe92a6 |
certfile = opts.certfile
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if opts.username and not opts.verifycert:
|
|
|
fe92a6 |
username = opts.username
|
|
|
fe92a6 |
else:
|
|
|
fe92a6 |
try:
|
|
|
fe92a6 |
cert = CentOSUserCert(certfile)
|
|
|
fe92a6 |
username = cert.CN
|
|
|
fe92a6 |
except IOError, e:
|
|
|
108032 |
if opts.verifycert:
|
|
|
108032 |
print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror)
|
|
|
108032 |
exit(1)
|
|
|
108032 |
username = pwd.getpwuid(os.geteuid())[0]
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if opts.verifycert:
|
|
|
fe92a6 |
if not cert.valid:
|
|
|
fe92a6 |
print "Your certificate is not valid"
|
|
|
fe92a6 |
sys.exit(1)
|
|
|
fe92a6 |
else:
|
|
|
fe92a6 |
print "Your certificate is valid"
|
|
|
fe92a6 |
sys.exit(0)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if opts.newcert:
|
|
|
fe92a6 |
password = getpass('FAS Password: ')
|
|
|
fe92a6 |
download_cert(username, password)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if __name__ == '__main__':
|
|
|
fe92a6 |
|
|
|
fe92a6 |
parser = optparse.OptionParser(usage="%prog [OPTIONS] ")
|
|
|
fe92a6 |
parser.add_option('-u', '--username', action='store', dest='username',
|
|
|
0224b4 |
default=False, help="ACO Username.")
|
|
|
fe92a6 |
parser.add_option('-n', '--new-cert', action='store_true', dest='newcert',
|
|
|
0224b4 |
default=False, help="Generate a new User Certificate.")
|
|
|
fe92a6 |
parser.add_option('-f', '--file', action='store', dest='certfile',
|
|
|
6d79d7 |
default=None, help="User Certificate.")
|
|
|
fe92a6 |
parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
|
|
|
6d79d7 |
default=False, help="Verify Certificate.")
|
|
|
6d79d7 |
opts, args = parser.parse_args()
|
|
|
fe92a6 |
|
|
|
108032 |
if not opts.newcert and not opts.verifycert:
|
|
|
108032 |
print "Must specify one of arguments: -v or -n"
|
|
|
108032 |
parser.print_help()
|
|
|
108032 |
sys.exit(1)
|
|
|
108032 |
|
|
|
fe92a6 |
main(opts)
|