From 1080329c325997b640add68b544657031f7202cc Mon Sep 17 00:00:00 2001
From: Brian Stinson <brian@bstinson.com>
Date: Oct 28 2015 20:59:26 +0000
Subject: feat(centos_cert): download the user's certificate or verify the existing one


---

diff --git a/SOURCES/centos_cert b/SOURCES/centos_cert
index f044634..e896bbe 100644
--- a/SOURCES/centos_cert
+++ b/SOURCES/centos_cert
@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 
 import os
+import pwd
 import sys
 import optparse
 import urlparse
@@ -34,42 +35,42 @@ def download_cert(username, password, topurl=None, servercacert=None, uploadcace
                                         None,
                                         None)
 
-    servercapath = os.path.join(splittopurl.path, 'centos-server-ca.cert')
+    servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem')
     servercaspliturl = urlparse.SplitResult(splittopurl.scheme,
                                             splittopurl.netloc,
                                             servercapath,
                                             None,
                                             None)
 
-    uploadcapath = os.path.join(splittopurl.path, 'centos-upload-ca.cert')
-    uploadcaspliturl = urlparse.SplitResult(splittopurl.scheme,
-                                            splittopurl.netloc,
-                                            uploadcapath,
-                                            None,
-                                            None)
-
     userurl = urlparse.urlunsplit(userspliturl)
     servercaurl = urlparse.urlunsplit(servercaspliturl)
-    uploadcaurl = urlparse.urlunsplit(uploadcaspliturl)
-
 
     with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile:
         r = requests.post(userurl, params=params, verify=False)
+        response = r.text
+
         if r.status_code <= 400:
-            usercertfile.write(r.raw.read())
-        print os.path.expanduser(defaults.USER_CERT_FILE)
+            usercertfile.write(response)
+        else:
+            print r.statuscode
+            print r.text
+            print os.path.expanduser(defaults.USER_CERT_FILE)
 
     with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile:
         r = requests.get(servercaurl, params=params, verify=False)
+        response = r.text
+
         if r.status_code <= 400:
-            servercacertfile.write(r.raw.read())
+            servercacertfile.write(response)
         print os.path.expanduser(defaults.SERVER_CA_CERT_FILE)
 
-    with open(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE), 'w') as uploadcacertfile:
-        r = requests.get(uploadcaurl, params=params, verify=False)
-        if r.status_code <= 400:
-            uploadcacertfile.write(r.raw.read())
-        print os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)
+    # for now upload-ca.cert is the same as the server-ca cert. let's link them here
+    if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)):
+        os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
+
+    os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE),
+               os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE))
+
 
 def main(opts):
 
@@ -85,8 +86,10 @@ def main(opts):
             cert = CentOSUserCert(certfile)
             username = cert.CN
         except IOError, e:
-            print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror)
-            exit(1)
+            if opts.verifycert:
+                print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror)
+                exit(1)
+            username = pwd.getpwuid(os.geteuid())[0]
 
     if opts.verifycert:
         if not cert.valid:
@@ -113,4 +116,9 @@ if __name__ == '__main__':
                       default=False, help="Verify Certificate.")
     opts, args = parser.parse_args()
 
+    if not opts.newcert and not opts.verifycert:
+        print "Must specify one of arguments: -v or -n"
+        parser.print_help()
+        sys.exit(1)
+
     main(opts)