|
 |
fe92a6 |
#!/usr/bin/python
|
|
|
fe92a6 |
# -*- coding: utf-8 -*-
|
|
|
fe92a6 |
|
|
|
fe92a6 |
import os
|
|
|
fe92a6 |
import sys
|
|
|
fe92a6 |
import optparse
|
|
|
fe92a6 |
import urlparse
|
|
|
fe92a6 |
import requests
|
|
|
fe92a6 |
|
|
|
fe92a6 |
from getpass import getpass
|
|
|
fe92a6 |
|
|
|
fe92a6 |
from centos import CentOSUserCert
|
|
|
fe92a6 |
from centos import defaults
|
|
|
fe92a6 |
|
|
|
6d79d7 |
|
|
|
fe92a6 |
def download_cert(username, password, topurl=None, servercacert=None, uploadcacert=None):
|
|
|
fe92a6 |
if not topurl:
|
|
|
fe92a6 |
topurl = defaults.FAS_TOPURL
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if not servercacert:
|
|
|
fe92a6 |
servercacert = defaults.SERVER_CA_CERT_FILE
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if not uploadcacert:
|
|
|
fe92a6 |
uploadcacert = defaults.UPLOAD_CA_CERT_FILE
|
|
|
fe92a6 |
|
|
|
fe92a6 |
splittopurl = urlparse.urlsplit(topurl)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
usercertpath = os.path.join(splittopurl.path, 'user/dogencert')
|
|
|
6d79d7 |
params = {'user_name': username, 'password': password, 'login': 'Login'}
|
|
|
fe92a6 |
|
|
|
fe92a6 |
userspliturl = urlparse.SplitResult(splittopurl.scheme,
|
|
|
fe92a6 |
splittopurl.netloc,
|
|
|
fe92a6 |
usercertpath,
|
|
|
fe92a6 |
None,
|
|
|
fe92a6 |
None)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
servercapath = os.path.join(splittopurl.path, 'centos-server-ca.cert')
|
|
|
fe92a6 |
servercaspliturl = urlparse.SplitResult(splittopurl.scheme,
|
|
|
fe92a6 |
splittopurl.netloc,
|
|
|
fe92a6 |
servercapath,
|
|
|
fe92a6 |
None,
|
|
|
fe92a6 |
None)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
uploadcapath = os.path.join(splittopurl.path, 'centos-upload-ca.cert')
|
|
|
fe92a6 |
uploadcaspliturl = urlparse.SplitResult(splittopurl.scheme,
|
|
|
fe92a6 |
splittopurl.netloc,
|
|
|
fe92a6 |
uploadcapath,
|
|
|
fe92a6 |
None,
|
|
|
fe92a6 |
None)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
userurl = urlparse.urlunsplit(userspliturl)
|
|
|
fe92a6 |
servercaurl = urlparse.urlunsplit(servercaspliturl)
|
|
|
fe92a6 |
uploadcaurl = urlparse.urlunsplit(uploadcaspliturl)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
|
|
|
fe92a6 |
with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile:
|
|
|
fe92a6 |
r = requests.post(userurl, params=params, verify=False)
|
|
|
fe92a6 |
if r.status_code <= 400:
|
|
|
fe92a6 |
usercertfile.write(r.raw.read())
|
|
|
fe92a6 |
print os.path.expanduser(defaults.USER_CERT_FILE)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile:
|
|
|
fe92a6 |
r = requests.get(servercaurl, params=params, verify=False)
|
|
|
fe92a6 |
if r.status_code <= 400:
|
|
|
fe92a6 |
servercacertfile.write(r.raw.read())
|
|
|
fe92a6 |
print os.path.expanduser(defaults.SERVER_CA_CERT_FILE)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
with open(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE), 'w') as uploadcacertfile:
|
|
|
fe92a6 |
r = requests.get(uploadcaurl, params=params, verify=False)
|
|
|
fe92a6 |
if r.status_code <= 400:
|
|
|
fe92a6 |
uploadcacertfile.write(r.raw.read())
|
|
|
fe92a6 |
print os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
def main(opts):
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if not opts.certfile:
|
|
|
fe92a6 |
certfile = defaults.USER_CERT_FILE
|
|
|
fe92a6 |
else:
|
|
|
fe92a6 |
certfile = opts.certfile
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if opts.username and not opts.verifycert:
|
|
|
fe92a6 |
username = opts.username
|
|
|
fe92a6 |
else:
|
|
|
fe92a6 |
try:
|
|
|
fe92a6 |
cert = CentOSUserCert(certfile)
|
|
|
fe92a6 |
username = cert.CN
|
|
|
fe92a6 |
except IOError, e:
|
|
|
fe92a6 |
print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror)
|
|
|
fe92a6 |
exit(1)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if opts.verifycert:
|
|
|
fe92a6 |
if not cert.valid:
|
|
|
fe92a6 |
print "Your certificate is not valid"
|
|
|
fe92a6 |
sys.exit(1)
|
|
|
fe92a6 |
else:
|
|
|
fe92a6 |
print "Your certificate is valid"
|
|
|
fe92a6 |
sys.exit(0)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if opts.newcert:
|
|
|
fe92a6 |
password = getpass('FAS Password: ')
|
|
|
fe92a6 |
download_cert(username, password)
|
|
|
fe92a6 |
|
|
|
fe92a6 |
if __name__ == '__main__':
|
|
|
fe92a6 |
|
|
|
fe92a6 |
parser = optparse.OptionParser(usage="%prog [OPTIONS] ")
|
|
|
fe92a6 |
parser.add_option('-u', '--username', action='store', dest='username',
|
|
|
6d79d7 |
default=False, help="FAS Username.")
|
|
|
fe92a6 |
parser.add_option('-n', '--new-cert', action='store_true', dest='newcert',
|
|
|
6d79d7 |
default=False, help="Generate a new Fedora Certificate.")
|
|
|
fe92a6 |
parser.add_option('-f', '--file', action='store', dest='certfile',
|
|
|
6d79d7 |
default=None, help="User Certificate.")
|
|
|
fe92a6 |
parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
|
|
|
6d79d7 |
default=False, help="Verify Certificate.")
|
|
|
6d79d7 |
opts, args = parser.parse_args()
|
|
|
fe92a6 |
|
|
|
fe92a6 |
main(opts)
|