#!/usr/bin/python
# -*- coding: utf-8 -*-
import os
import pwd
import sys
import optparse
import urlparse
import requests
from getpass import getpass
from centos import CentOSUserCert
from centos import defaults
def download_cert(username, password, topurl=None, servercacert=None, uploadcacert=None):
if not topurl:
topurl = defaults.FAS_TOPURL
if not servercacert:
servercacert = defaults.SERVER_CA_CERT_FILE
if not uploadcacert:
uploadcacert = defaults.UPLOAD_CA_CERT_FILE
splittopurl = urlparse.urlsplit(topurl)
usercertpath = os.path.join(splittopurl.path, 'user/dogencert')
params = {'user_name': username, 'password': password, 'login': 'Login'}
userspliturl = urlparse.SplitResult(splittopurl.scheme,
splittopurl.netloc,
usercertpath,
None,
None)
servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem')
servercaspliturl = urlparse.SplitResult(splittopurl.scheme,
splittopurl.netloc,
servercapath,
None,
None)
userurl = urlparse.urlunsplit(userspliturl)
servercaurl = urlparse.urlunsplit(servercaspliturl)
with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile:
r = requests.post(userurl, params=params)
try:
r.raise_for_status()
except requests.exceptions.HTTPError as e:
print e.message
sys.exit(1)
response = r.text
usercertfile.write(response)
with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile:
r = requests.get(servercaurl, params=params)
try:
r.raise_for_status()
except requests.exceptions.HTTPError as e:
print e.message
sys.exit(1)
response = r.text
servercacertfile.write(response)
# for now upload-ca.cert is the same as the server-ca cert. let's link them here
if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)):
os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE),
os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
os.chmod(os.path.expanduser(defaults.USER_CERT_FILE), 0o600)
def main(opts):
if not opts.certfile:
certfile = defaults.USER_CERT_FILE
else:
certfile = opts.certfile
if opts.username and not opts.verifycert:
username = opts.username
else:
try:
cert = CentOSUserCert(certfile)
username = cert.CN
except IOError, e:
if opts.verifycert:
print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror)
exit(1)
username = pwd.getpwuid(os.geteuid())[0]
if opts.verifycert:
if not cert.valid:
print "Your certificate is not valid"
sys.exit(1)
else:
print "Your certificate is valid"
sys.exit(0)
if opts.newcert:
password = getpass('FAS Password: ')
download_cert(username, password)
if __name__ == '__main__':
parser = optparse.OptionParser(usage="%prog [OPTIONS] ")
parser.add_option('-u', '--username', action='store', dest='username',
default=False, help="ACO Username.")
parser.add_option('-n', '--new-cert', action='store_true', dest='newcert',
default=False, help="Generate a new User Certificate.")
parser.add_option('-f', '--file', action='store', dest='certfile',
default=None, help="User Certificate.")
parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert',
default=False, help="Verify Certificate.")
opts, args = parser.parse_args()
if not opts.newcert and not opts.verifycert:
print "Must specify one of arguments: -v or -n"
parser.print_help()
sys.exit(1)
main(opts)