#!/usr/bin/python
# encoding: utf-8
#
# Copyright 2014 Greg Neagle.
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an 'AS IS' BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
keychain

Created by Greg Neagle on 2014-10-15.
Incorporating work and ideas from Michael Lynn here:
    https://gist.github.com/pudquick/7704254

"""

import optparse
import os
import sys

from munkilib import munkicommon
from munkilib import keychain


def main():
    '''Main routine'''
    usage = "usage: %prog [options]"
    parser = optparse.OptionParser(usage=usage)
    parser.add_option('--ca_cert_path', help='Path to a CA cert.')
    parser.add_option('--ca_dir_path', help='Path to a directory of CA certs.')
    parser.add_option('--client_cert_path', help='Path to a client cert.')
    parser.add_option('--client_key_path', help='Path to a client key.')
    parser.add_option('--site_url',
                      help='Site URL. '
                           '(Generally the root URL of the munki repo.)')
    options, arguments = parser.parse_args()

    # check to see if we're root
    if os.geteuid() != 0:
        print >> sys.stderr, 'You must run this as root!'
        exit(munkicommon.EXIT_STATUS_ROOT_REQUIRED)

    if arguments:
        print >> sys.stderr, 'Extra arguments supplied!'
        parser.print_usage()
        exit(-1)

    server_cert_data = keychain.get_munki_server_cert_data()
    client_cert_data = keychain.get_munki_client_cert_data()

    # command-line options override what we find from Munki
    if options.ca_cert_path:
        server_cert_data['ca_cert_path'] = options.ca_cert_path
    if options.ca_dir_path:
        server_cert_data['ca_dir_path'] = options.ca_dir_path

    if options.client_cert_path:
        client_cert_data['client_cert_path'] = options.client_cert_path
    if options.client_key_path:
        client_cert_data['client_key_path'] = options.client_key_path
    if options.site_url:
        client_cert_data['site_url'] = options.site_url

    keychain.add_ca_certs_to_system_keychain(server_cert_data)
    keychain.make_client_keychain(client_cert_data)


if __name__ == '__main__':
    main()