From 1080329c325997b640add68b544657031f7202cc Mon Sep 17 00:00:00 2001 From: Brian Stinson Date: Oct 28 2015 20:59:26 +0000 Subject: feat(centos_cert): download the user's certificate or verify the existing one --- diff --git a/SOURCES/centos_cert b/SOURCES/centos_cert index f044634..e896bbe 100644 --- a/SOURCES/centos_cert +++ b/SOURCES/centos_cert @@ -2,6 +2,7 @@ # -*- coding: utf-8 -*- import os +import pwd import sys import optparse import urlparse @@ -34,42 +35,42 @@ def download_cert(username, password, topurl=None, servercacert=None, uploadcace None, None) - servercapath = os.path.join(splittopurl.path, 'centos-server-ca.cert') + servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem') servercaspliturl = urlparse.SplitResult(splittopurl.scheme, splittopurl.netloc, servercapath, None, None) - uploadcapath = os.path.join(splittopurl.path, 'centos-upload-ca.cert') - uploadcaspliturl = urlparse.SplitResult(splittopurl.scheme, - splittopurl.netloc, - uploadcapath, - None, - None) - userurl = urlparse.urlunsplit(userspliturl) servercaurl = urlparse.urlunsplit(servercaspliturl) - uploadcaurl = urlparse.urlunsplit(uploadcaspliturl) - with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile: r = requests.post(userurl, params=params, verify=False) + response = r.text + if r.status_code <= 400: - usercertfile.write(r.raw.read()) - print os.path.expanduser(defaults.USER_CERT_FILE) + usercertfile.write(response) + else: + print r.statuscode + print r.text + print os.path.expanduser(defaults.USER_CERT_FILE) with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile: r = requests.get(servercaurl, params=params, verify=False) + response = r.text + if r.status_code <= 400: - servercacertfile.write(r.raw.read()) + servercacertfile.write(response) print os.path.expanduser(defaults.SERVER_CA_CERT_FILE) - with open(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE), 'w') as uploadcacertfile: - r = requests.get(uploadcaurl, params=params, verify=False) - if r.status_code <= 400: - uploadcacertfile.write(r.raw.read()) - print os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE) + # for now upload-ca.cert is the same as the server-ca cert. let's link them here + if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)): + os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)) + + os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), + os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)) + def main(opts): @@ -85,8 +86,10 @@ def main(opts): cert = CentOSUserCert(certfile) username = cert.CN except IOError, e: - print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror) - exit(1) + if opts.verifycert: + print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror) + exit(1) + username = pwd.getpwuid(os.geteuid())[0] if opts.verifycert: if not cert.valid: @@ -113,4 +116,9 @@ if __name__ == '__main__': default=False, help="Verify Certificate.") opts, args = parser.parse_args() + if not opts.newcert and not opts.verifycert: + print "Must specify one of arguments: -v or -n" + parser.print_help() + sys.exit(1) + main(opts)