Blame SOURCES/centos-cert

fe92a6
#!/usr/bin/python
fe92a6
# -*- coding: utf-8 -*-
fe92a6
fe92a6
import os
108032
import pwd
fe92a6
import sys
fe92a6
import optparse
fe92a6
import urlparse
fe92a6
import requests
fe92a6
fe92a6
from getpass import getpass
fe92a6
fe92a6
from centos import CentOSUserCert
fe92a6
from centos import defaults
fe92a6
6d79d7
fe92a6
def download_cert(username, password, topurl=None, servercacert=None, uploadcacert=None):
fe92a6
    if not topurl:
fe92a6
        topurl = defaults.FAS_TOPURL
fe92a6
fe92a6
    if not servercacert:
fe92a6
        servercacert = defaults.SERVER_CA_CERT_FILE
fe92a6
fe92a6
    if not uploadcacert:
fe92a6
        uploadcacert = defaults.UPLOAD_CA_CERT_FILE
fe92a6
fe92a6
    splittopurl = urlparse.urlsplit(topurl)
fe92a6
fe92a6
    usercertpath = os.path.join(splittopurl.path, 'user/dogencert')
6d79d7
    params = {'user_name': username, 'password': password, 'login': 'Login'}
fe92a6
fe92a6
    userspliturl = urlparse.SplitResult(splittopurl.scheme,
fe92a6
                                        splittopurl.netloc,
fe92a6
                                        usercertpath,
fe92a6
                                        None,
fe92a6
                                        None)
fe92a6
108032
    servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem')
fe92a6
    servercaspliturl = urlparse.SplitResult(splittopurl.scheme,
fe92a6
                                            splittopurl.netloc,
fe92a6
                                            servercapath,
fe92a6
                                            None,
fe92a6
                                            None)
fe92a6
fe92a6
    userurl = urlparse.urlunsplit(userspliturl)
fe92a6
    servercaurl = urlparse.urlunsplit(servercaspliturl)
fe92a6
fe92a6
    with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile:
137162
        r = requests.post(userurl, params=params)
137162
        try:
137162
            r.raise_for_status()
137162
        except requests.exceptions.HTTPError as e:
7948a5
            print("""Could not generate certificate!
7948a5
Response Code: {0}
7948a5
Message: {1}""".format(e.response.status_code, e.response.reason)).strip()
137162
            sys.exit(1)
108032
137162
        response = r.text
137162
        usercertfile.write(response)
fe92a6
fe92a6
    with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile:
137162
        r = requests.get(servercaurl, params=params)
137162
        try:
137162
            r.raise_for_status()
137162
        except requests.exceptions.HTTPError as e:
7948a5
            print("""Could not download CA Certificate!
7948a5
Response Code: {0}
7948a5
Message: {1}""".format(e.response.status_code, e.response.reason)).strip()
137162
            sys.exit(1)
108032
137162
        response = r.text
137162
        servercacertfile.write(response)
fe92a6
108032
    # for now upload-ca.cert is the same as the server-ca cert. let's link them here
108032
    if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)):
108032
        os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
108032
108032
    os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE),
108032
               os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
108032
faf598
    os.chmod(os.path.expanduser(defaults.USER_CERT_FILE), 0o600)
faf598
fe92a6
fe92a6
def main(opts):
fe92a6
fe92a6
    if not opts.certfile:
fe92a6
        certfile = defaults.USER_CERT_FILE
fe92a6
    else:
fe92a6
        certfile = opts.certfile
fe92a6
fe92a6
    if opts.username and not opts.verifycert:
fe92a6
        username = opts.username
fe92a6
    else:
fe92a6
        try:
fe92a6
            cert = CentOSUserCert(certfile)
fe92a6
            username = cert.CN
fe92a6
        except IOError, e:
108032
            if opts.verifycert:
108032
                print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror)
108032
                exit(1)
108032
            username = pwd.getpwuid(os.geteuid())[0]
fe92a6
fe92a6
    if opts.verifycert:
fe92a6
        if not cert.valid:
fe92a6
            print "Your certificate is not valid"
fe92a6
            sys.exit(1)
fe92a6
        else:
fe92a6
            print "Your certificate is valid"
fe92a6
            sys.exit(0)
fe92a6
fe92a6
    if opts.newcert:
fe92a6
        password = getpass('FAS Password: ')
fe92a6
        download_cert(username, password)
fe92a6
fe92a6
if __name__ == '__main__':
fe92a6
fe92a6
    parser = optparse.OptionParser(usage="%prog [OPTIONS] ")
fe92a6
    parser.add_option('-u', '--username', action='store', dest='username',
0224b4
                      default=False, help="ACO Username.")
fe92a6
    parser.add_option('-n', '--new-cert', action='store_true', dest='newcert',
0224b4
                      default=False, help="Generate a new User Certificate.")
fe92a6
    parser.add_option('-f', '--file', action='store', dest='certfile',
6d79d7
                      default=None, help="User Certificate.")
fe92a6
    parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
6d79d7
                      default=False, help="Verify Certificate.")
6d79d7
    opts, args = parser.parse_args()
fe92a6
108032
    if not opts.newcert and not opts.verifycert:
108032
        print "Must specify one of arguments: -v or -n"
108032
        parser.print_help()
108032
        sys.exit(1)
108032
fe92a6
    main(opts)