Blob Blame History Raw
#!/usr/bin/python
# -*- coding: utf-8 -*-

import os
import pwd
import sys
import optparse
import urlparse
import requests

from getpass import getpass

from centos import CentOSUserCert
from centos import defaults


def download_cert(username, password, topurl=None, servercacert=None, uploadcacert=None):
    if not topurl:
        topurl = defaults.FAS_TOPURL

    if not servercacert:
        servercacert = defaults.SERVER_CA_CERT_FILE

    if not uploadcacert:
        uploadcacert = defaults.UPLOAD_CA_CERT_FILE

    splittopurl = urlparse.urlsplit(topurl)

    usercertpath = os.path.join(splittopurl.path, 'user/dogencert')
    params = {'user_name': username, 'password': password, 'login': 'Login'}

    userspliturl = urlparse.SplitResult(splittopurl.scheme,
                                        splittopurl.netloc,
                                        usercertpath,
                                        None,
                                        None)

    servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem')
    servercaspliturl = urlparse.SplitResult(splittopurl.scheme,
                                            splittopurl.netloc,
                                            servercapath,
                                            None,
                                            None)

    userurl = urlparse.urlunsplit(userspliturl)
    servercaurl = urlparse.urlunsplit(servercaspliturl)

    with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile:
        r = requests.post(userurl, params=params)
        try:
            r.raise_for_status()
        except requests.exceptions.HTTPError as e:
            print e.message
            sys.exit(1)

        response = r.text
        usercertfile.write(response)

    with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile:
        r = requests.get(servercaurl, params=params)
        try:
            r.raise_for_status()
        except requests.exceptions.HTTPError as e:
            print e.message
            sys.exit(1)

        response = r.text
        servercacertfile.write(response)

    # for now upload-ca.cert is the same as the server-ca cert. let's link them here
    if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)):
        os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))

    os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE),
               os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))

    os.chmod(os.path.expanduser(defaults.USER_CERT_FILE), 0o600)


def main(opts):

    if not opts.certfile:
        certfile = defaults.USER_CERT_FILE
    else:
        certfile = opts.certfile

    if opts.username and not opts.verifycert:
        username = opts.username
    else:
        try:
            cert = CentOSUserCert(certfile)
            username = cert.CN
        except IOError, e:
            if opts.verifycert:
                print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror)
                exit(1)
            username = pwd.getpwuid(os.geteuid())[0]

    if opts.verifycert:
        if not cert.valid:
            print "Your certificate is not valid"
            sys.exit(1)
        else:
            print "Your certificate is valid"
            sys.exit(0)

    if opts.newcert:
        password = getpass('FAS Password: ')
        download_cert(username, password)

if __name__ == '__main__':

    parser = optparse.OptionParser(usage="%prog [OPTIONS] ")
    parser.add_option('-u', '--username', action='store', dest='username',
                      default=False, help="ACO Username.")
    parser.add_option('-n', '--new-cert', action='store_true', dest='newcert',
                      default=False, help="Generate a new User Certificate.")
    parser.add_option('-f', '--file', action='store', dest='certfile',
                      default=None, help="User Certificate.")
    parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
                      default=False, help="Verify Certificate.")
    opts, args = parser.parse_args()

    if not opts.newcert and not opts.verifycert:
        print "Must specify one of arguments: -v or -n"
        parser.print_help()
        sys.exit(1)

    main(opts)