From bf23aed9c14e470c8ca06eb05f4f640975c2d303 Mon Sep 17 00:00:00 2001 From: Brian Stinson Date: Oct 29 2015 21:33:10 +0000 Subject: refactor: move centos_cert to centos-cert --- diff --git a/SOURCES/centos-cert b/SOURCES/centos-cert new file mode 100644 index 0000000..c414b9d --- /dev/null +++ b/SOURCES/centos-cert @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +import os +import pwd +import sys +import optparse +import urlparse +import requests + +from getpass import getpass + +from centos import CentOSUserCert +from centos import defaults + + +def download_cert(username, password, topurl=None, servercacert=None, uploadcacert=None): + if not topurl: + topurl = defaults.FAS_TOPURL + + if not servercacert: + servercacert = defaults.SERVER_CA_CERT_FILE + + if not uploadcacert: + uploadcacert = defaults.UPLOAD_CA_CERT_FILE + + splittopurl = urlparse.urlsplit(topurl) + + usercertpath = os.path.join(splittopurl.path, 'user/dogencert') + params = {'user_name': username, 'password': password, 'login': 'Login'} + + userspliturl = urlparse.SplitResult(splittopurl.scheme, + splittopurl.netloc, + usercertpath, + None, + None) + + servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem') + servercaspliturl = urlparse.SplitResult(splittopurl.scheme, + splittopurl.netloc, + servercapath, + None, + None) + + userurl = urlparse.urlunsplit(userspliturl) + servercaurl = urlparse.urlunsplit(servercaspliturl) + + with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile: + r = requests.post(userurl, params=params) + try: + r.raise_for_status() + except requests.exceptions.HTTPError as e: + print e.message + sys.exit(1) + + response = r.text + usercertfile.write(response) + + with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile: + r = requests.get(servercaurl, params=params) + try: + r.raise_for_status() + except requests.exceptions.HTTPError as e: + print e.message + sys.exit(1) + + response = r.text + servercacertfile.write(response) + + # for now upload-ca.cert is the same as the server-ca cert. let's link them here + if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)): + os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)) + + os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), + os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)) + + +def main(opts): + + if not opts.certfile: + certfile = defaults.USER_CERT_FILE + else: + certfile = opts.certfile + + if opts.username and not opts.verifycert: + username = opts.username + else: + try: + cert = CentOSUserCert(certfile) + username = cert.CN + except IOError, e: + if opts.verifycert: + print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror) + exit(1) + username = pwd.getpwuid(os.geteuid())[0] + + if opts.verifycert: + if not cert.valid: + print "Your certificate is not valid" + sys.exit(1) + else: + print "Your certificate is valid" + sys.exit(0) + + if opts.newcert: + password = getpass('FAS Password: ') + download_cert(username, password) + +if __name__ == '__main__': + + parser = optparse.OptionParser(usage="%prog [OPTIONS] ") + parser.add_option('-u', '--username', action='store', dest='username', + default=False, help="FAS Username.") + parser.add_option('-n', '--new-cert', action='store_true', dest='newcert', + default=False, help="Generate a new Fedora Certificate.") + parser.add_option('-f', '--file', action='store', dest='certfile', + default=None, help="User Certificate.") + parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert', + default=False, help="Verify Certificate.") + opts, args = parser.parse_args() + + if not opts.newcert and not opts.verifycert: + print "Must specify one of arguments: -v or -n" + parser.print_help() + sys.exit(1) + + main(opts) diff --git a/SOURCES/centos_cert b/SOURCES/centos_cert deleted file mode 100644 index c414b9d..0000000 --- a/SOURCES/centos_cert +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -import os -import pwd -import sys -import optparse -import urlparse -import requests - -from getpass import getpass - -from centos import CentOSUserCert -from centos import defaults - - -def download_cert(username, password, topurl=None, servercacert=None, uploadcacert=None): - if not topurl: - topurl = defaults.FAS_TOPURL - - if not servercacert: - servercacert = defaults.SERVER_CA_CERT_FILE - - if not uploadcacert: - uploadcacert = defaults.UPLOAD_CA_CERT_FILE - - splittopurl = urlparse.urlsplit(topurl) - - usercertpath = os.path.join(splittopurl.path, 'user/dogencert') - params = {'user_name': username, 'password': password, 'login': 'Login'} - - userspliturl = urlparse.SplitResult(splittopurl.scheme, - splittopurl.netloc, - usercertpath, - None, - None) - - servercapath = os.path.join(splittopurl.path, 'ca/ca-cert.pem') - servercaspliturl = urlparse.SplitResult(splittopurl.scheme, - splittopurl.netloc, - servercapath, - None, - None) - - userurl = urlparse.urlunsplit(userspliturl) - servercaurl = urlparse.urlunsplit(servercaspliturl) - - with open(os.path.expanduser(defaults.USER_CERT_FILE), 'w') as usercertfile: - r = requests.post(userurl, params=params) - try: - r.raise_for_status() - except requests.exceptions.HTTPError as e: - print e.message - sys.exit(1) - - response = r.text - usercertfile.write(response) - - with open(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), 'w') as servercacertfile: - r = requests.get(servercaurl, params=params) - try: - r.raise_for_status() - except requests.exceptions.HTTPError as e: - print e.message - sys.exit(1) - - response = r.text - servercacertfile.write(response) - - # for now upload-ca.cert is the same as the server-ca cert. let's link them here - if os.path.exists(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)): - os.unlink(os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)) - - os.symlink(os.path.expanduser(defaults.SERVER_CA_CERT_FILE), - os.path.expanduser(defaults.UPLOAD_CA_CERT_FILE)) - - -def main(opts): - - if not opts.certfile: - certfile = defaults.USER_CERT_FILE - else: - certfile = opts.certfile - - if opts.username and not opts.verifycert: - username = opts.username - else: - try: - cert = CentOSUserCert(certfile) - username = cert.CN - except IOError, e: - if opts.verifycert: - print "{0}: {1}".format(os.path.expanduser(certfile), e.strerror) - exit(1) - username = pwd.getpwuid(os.geteuid())[0] - - if opts.verifycert: - if not cert.valid: - print "Your certificate is not valid" - sys.exit(1) - else: - print "Your certificate is valid" - sys.exit(0) - - if opts.newcert: - password = getpass('FAS Password: ') - download_cert(username, password) - -if __name__ == '__main__': - - parser = optparse.OptionParser(usage="%prog [OPTIONS] ") - parser.add_option('-u', '--username', action='store', dest='username', - default=False, help="FAS Username.") - parser.add_option('-n', '--new-cert', action='store_true', dest='newcert', - default=False, help="Generate a new Fedora Certificate.") - parser.add_option('-f', '--file', action='store', dest='certfile', - default=None, help="User Certificate.") - parser.add_option('-v', '--verify-cert', action='store_true', dest='verifycert', - default=False, help="Verify Certificate.") - opts, args = parser.parse_args() - - if not opts.newcert and not opts.verifycert: - print "Must specify one of arguments: -v or -n" - parser.print_help() - sys.exit(1) - - main(opts)