Added note on the python~rc dns bug
[re6stnet.git] / setup.py
1 #!/usr/bin/env python
2 import argparse, os, subprocess, sqlite3, sys, xmlrpclib
3 from OpenSSL import crypto
4
5 def main():
6 parser = argparse.ArgumentParser(
7 description='Setup script for vifib')
8 _ = parser.add_argument
9 _('--ca-only', action='store_true',
10 help='To only get CA form server')
11 _('--db-only', action='store_true',
12 help='To only get CA and setup peer db with bootstrap peer')
13 _('--no-boot', action='store_true',
14 help='Enable to skip getting bootstrap peer')
15 _('--server', required=True,
16 help='Address of the server delivering certifiactes')
17 _('--port', required=True, type=int,
18 help='Port to which connect on the server')
19 _('-d', '--dir', default='/etc/vifib',
20 help='Directory where the key and certificate will be stored')
21 _('-r', '--req', nargs=2, action='append',
22 help='Name and value of certificate request additional arguments')
23 config = parser.parse_args()
24
25 # Establish connection with server
26 s = xmlrpclib.ServerProxy('http://%s:%u' % (config.server, config.port))
27
28 # Get CA
29 ca = s.getCa()
30 with open(os.path.join(config.dir, 'ca.pem'), 'w') as f:
31 f.write(ca)
32
33 if config.ca_only:
34 sys.exit(0)
35
36 # Create and initialize peers DB
37 db = sqlite3.connect(os.path.join(config.dir, 'peers.db'), isolation_level=None)
38 try:
39 db.execute("""CREATE TABLE peers (
40 prefix TEXT PRIMARY KEY,
41 address TEXT NOT NULL,
42 used INTEGER NOT NULL DEFAULT 0,
43 date INTEGER DEFAULT (strftime('%s', 'now')))""")
44 db.execute("CREATE INDEX _peers_used ON peers(used)")
45 except sqlite3.OperationalError, e:
46 if e.args[0] == 'table peers already exists':
47 print "Table peers already exists, leaving it as it is"
48 else:
49 print "sqlite3.OperationalError :" + e.args[0]
50 sys.exit(1)
51
52 if not config.no_boot:
53 prefix, address = s.getBootstrapPeer()
54 db.execute("INSERT INTO peers (prefix, address) VALUES (?,?)", (prefix, address))
55
56 if config.db_only:
57 sys.exit(0)
58
59 # Get token
60 email = raw_input('Please enter your email address : ')
61 _ = s.requestToken(email)
62 token = raw_input('Please enter your token : ')
63
64 # Generate key and cert request
65 pkey = crypto.PKey()
66 pkey.generate_key(crypto.TYPE_RSA, 2048)
67 key = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
68
69 req = crypto.X509Req()
70 subj = req.get_subject()
71 if config.req:
72 for arg in config.req:
73 setattr(subj, arg[0], arg[1])
74 req.set_pubkey(pkey)
75 req.sign(pkey, 'sha1')
76 req = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
77
78 # Get certificate
79 cert = s.requestCertificate(token, req)
80
81 # Store cert and key
82 with open(os.path.join(config.dir, 'cert.key'), 'w') as f:
83 f.write(key)
84 with open(os.path.join(config.dir, 'cert.crt'), 'w') as f:
85 f.write(cert)
86
87 # Generating dh file
88 if not os.access(os.path.join(config.dir, 'dh2048.pem'), os.F_OK):
89 subprocess.call(['openssl', 'dhparam', '-out', os.path.join(config.dir, 'dh2048.pem'), '2048'])
90
91 print "Certificate setup complete."
92
93 if __name__ == "__main__":
94 main()