From 8a1f3a5f5b1458aceb7567add95e7637e9c2e5fc Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Thu, 2 Feb 2017 16:08:24 +0100
Subject: Added tools for getting and generating global config

---
 tools/getconfig.py | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100755 tools/getconfig.py

(limited to 'tools/getconfig.py')

diff --git a/tools/getconfig.py b/tools/getconfig.py
new file mode 100755
index 0000000..92cde1f
--- /dev/null
+++ b/tools/getconfig.py
@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017, NORDUnet A/S.
+# See LICENSE for licensing information.
+
+import sys
+import argparse
+import readconfig
+from certtools import create_ssl_context, get_sth, mv_file
+import os
+import errno
+
+def get_file(configurl):
+    if configurl.startswith("https://") or configurl.startswith("http://"):
+        result = urlget(configurl)
+        result.raise_for_status()
+        return result
+    elif configurl.startswith("file:///"):
+        path = configurl[8:]
+        path = path.replace("CURRENTWORKINGDIRECTORY", os.getcwd())
+        return open(path).read()
+
+def write_file(fn, data):
+    tempname = fn + ".new"
+    open(tempname, 'w').write(data)
+    mv_file(tempname, fn)
+
+def get_config_version(filename, logadminkey):
+    try:
+        config = readconfig.verify_and_read_config(filename, logadminkey)
+        return config["version"]
+    except IOError, e:
+        if e.errno == errno.ENOENT:
+            return -1
+        raise e
+
+def main():
+    parser = argparse.ArgumentParser(description="")
+    parser.add_argument('--dest', help="Where to write the verified system configuration",
+                        required=True)
+    parser.add_argument('--localconfig', help="Local configuration",
+                        required=True)
+    args = parser.parse_args()
+
+    localconfig = readconfig.read_config(args.localconfig)
+
+    old_config_version = get_config_version(args.dest, localconfig["logadminkey"])
+    
+    configurl = localconfig["configurl"]
+    unverified_config = get_file(configurl)
+    unverified_config_sig = get_file(configurl + ".sig")
+    new_config = readconfig.verify_config(unverified_config, unverified_config_sig, localconfig["logadminkey"], configurl)
+    verified_config = unverified_config
+    verified_config_sig = unverified_config_sig
+
+    new_config_version = new_config["version"]
+
+    if new_config_version > old_config_version:
+        write_file(args.dest, verified_config)
+        write_file(args.dest + ".sig", verified_config_sig)
+        print "newconfig"
+            
+    elif new_config_version < old_config_version:
+        print >>sys.stderr, "The version of the configuration on the admin server is older than the version we have, refusing update"
+        sys.exit(1)
+
+main()
-- 
cgit v1.1