centos / centos-packager

Clone
Source Code
GIT

Blame SOURCES/centos-cert

master
  1.   b36d26efafb75049e3e84a8e9f121256e577e7cf
  2.   SOURCES
  3.   centos-cert
Blob History Raw
fe92a6 
#!/usr/bin/python
fe92a6 
# -*- coding: utf-8 -*-
b36d26 
from __future__ import print_function
fe92a6
fe92a6 
import os
108032 
import pwd
fe92a6 
import sys
fe92a6 
import optparse
fe92a6 
import requests
fe92a6
fe92a6 
from getpass import getpass
fe92a6
fe92a6 
from centos import CentOSUserCert
fe92a6 
from centos import defaults
fe92a6
b36d26 
try:
b36d26 
    import urlparse
b36d26 
except ImportError:
b36d26 
    import urllib.parse as urlparse
b36d26
6d79d7
c8d20e 
def download_cert(username, password, topurl=None):
fe92a6 
    if not topurl:
fe92a6 
        topurl = defaults.FAS_TOPURL
fe92a6
fe92a6 
    splittopurl = urlparse.urlsplit(topurl)
fe92a6
fe92a6 
    usercertpath = os.path.join(splittopurl.path, 'user/dogencert')
6d79d7 
    params = {'user_name': username, 'password': password, 'login': 'Login'}
fe92a6
fe92a6 
    userspliturl = urlparse.SplitResult(splittopurl.scheme,
fe92a6 
                                        splittopurl.netloc,
fe92a6 
                                        usercertpath,
fe92a6 
                                        None,
fe92a6 
                                        None)
fe92a6
108032 
    servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem')
fe92a6 
    servercaspliturl = urlparse.SplitResult(splittopurl.scheme,
fe92a6 
                                            splittopurl.netloc,
fe92a6 
                                            servercapath,
fe92a6 
                                            None,
fe92a6 
                                            None)
fe92a6
fe92a6 
    userurl = urlparse.urlunsplit(userspliturl)
fe92a6 
    servercaurl = urlparse.urlunsplit(servercaspliturl)
fe92a6
ac981c 
    certfile = os.path.expanduser(defaults.USER_CERT_FILE)
ac981c 
    if os.path.exists(certfile):
ac981c 
        # Delete file in case we are changing its mode
ac981c 
        os.unlink(certfile)
ac981c 
    flags = os.O_WRONLY | os.O_CREAT
ac981c 
    mode = 0o600
ac981c 
    with os.fdopen(os.open(certfile, flags, mode), 'w') as usercertfile:
137162 
        r = requests.post(userurl, params=params)
137162 
        try:
137162 
            r.raise_for_status()
137162 
        except requests.exceptions.HTTPError as e:
7948a5 
            print("""Could not generate certificate!
7948a5 
Response Code: {0}
b36d26 
Message: {1}""".format(e.response.status_code, e.response.reason).strip())
137162 
            sys.exit(1)
108032
137162 
        response = r.text
137162 
        usercertfile.write(response)
fe92a6
fe92a6 
    with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile:
503aa6 
        r = requests.get(servercaurl)
137162 
        try:
137162 
            r.raise_for_status()
137162 
        except requests.exceptions.HTTPError as e:
7948a5 
            print("""Could not download CA Certificate!
7948a5 
Response Code: {0}
b36d26 
Message: {1}""".format(e.response.status_code, e.response.reason).strip())
137162 
            sys.exit(1)
108032
137162 
        response = r.text
137162 
        servercacertfile.write(response)
fe92a6
108032 
    # for now upload-ca.cert is the same as the server-ca cert. let's link them here
108032 
    if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)):
108032 
        os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
108032
108032 
    os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE),
108032 
               os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
108032
fe92a6
fe92a6 
def main(opts):
fe92a6
fe92a6 
    if not opts.certfile:
fe92a6 
        certfile = defaults.USER_CERT_FILE
fe92a6 
    else:
fe92a6 
        certfile = opts.certfile
fe92a6
fe92a6 
    if opts.username and not opts.verifycert:
fe92a6 
        username = opts.username
fe92a6 
    else:
fe92a6 
        try:
fe92a6 
            cert = CentOSUserCert(certfile)
fe92a6 
            username = cert.CN
b36d26 
        except IOError as e:
108032 
            if opts.verifycert:
b36d26 
                print("{0}: {1}".format(os.path.expanduser(certfile), e.strerror))
108032 
                exit(1)
108032 
            username = pwd.getpwuid(os.geteuid())[0]
fe92a6
fe92a6 
    if opts.verifycert:
fe92a6 
        if not cert.valid:
b36d26 
            print("Your certificate is not valid")
fe92a6 
            sys.exit(1)
fe92a6 
        else:
b36d26 
            print("Your certificate is valid")
fe92a6 
            sys.exit(0)
fe92a6
fe92a6 
    if opts.newcert:
4ec805 
        password = getpass('ACO Password: ')
fe92a6 
        download_cert(username, password)
fe92a6
fe92a6
b36d26 
if __name__ == '__main__':
fe92a6 
    parser = optparse.OptionParser(usage="%prog [OPTIONS] ")
fe92a6 
    parser.add_option('-u', '--username', action='store', dest='username',
0224b4 
                      default=False, help="ACO Username.")
fe92a6 
    parser.add_option('-n', '--new-cert', action='store_true', dest='newcert',
0224b4 
                      default=False, help="Generate a new User Certificate.")
fe92a6 
    parser.add_option('-f', '--file', action='store', dest='certfile',
6d79d7 
                      default=None, help="User Certificate.")
fe92a6 
    parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
6d79d7 
                      default=False, help="Verify Certificate.")
6d79d7 
    opts, args = parser.parse_args()
fe92a6
108032 
    if not opts.newcert and not opts.verifycert:
b36d26 
        print("Must specify one of arguments: -v or -n")
108032 
        parser.print_help()
108032 
        sys.exit(1)
108032
fe92a6 
    main(opts)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation