Update export_cert.py

added setting permission

export_cert.py

@@ -1,62 +1,78 @@
-import requests
+import requests
-import yaml
+import yaml
-import os
+import os
-import sys
+import sys
-from requests.auth import HTTPBasicAuth
+from requests.auth import HTTPBasicAuth
-
+import platform
-def load_config(config_path):
+
-    with open(config_path, 'r') as f:
+def load_config(config_path):
-        return yaml.safe_load(f)
+    with open(config_path, 'r') as f:
-
+        return yaml.safe_load(f)
-def search_certificates(config):
+
-    url = f"{config['host']}/api/trust/cert/search"
+def search_certificates(config):
-    payload = {
+    url = f"{config['host']}/api/trust/cert/search"
-        "searchPhrase": config['certificate_search']
+    payload = {
-    }
+        "searchPhrase": config['certificate_search']
-    response = requests.post(url, json=payload, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
+    }
-    response.raise_for_status()
+    response = requests.post(url, json=payload, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
-    return response.json().get("rows", [])
+    response.raise_for_status()
-
+    return response.json().get("rows", [])
-def export_certificate(config, uuid):
+
-    url = f"{config['host']}/api/trust/cert/generate_file/{uuid}/{config['export_format']}"
+def export_certificate(config, uuid):
-    response = requests.post(url, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
+    url = f"{config['host']}/api/trust/cert/generate_file/{uuid}/{config['export_format']}"
-    response.raise_for_status()
+    response = requests.post(url, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
-    return response.json().get("payload")
+    response.raise_for_status()
-
+    return response.json().get("payload")
-def save_certificate(cert_data, filename, output_dir):
+
-    os.makedirs(output_dir, exist_ok=True)
+def save_certificate(config, cert_data, filename, output_dir):
-    filepath = os.path.join(output_dir, filename)
+    os.makedirs(output_dir, exist_ok=True)
-    with open(filepath, 'w') as f:
+    filepath = os.path.join(output_dir, filename)
-        f.write(cert_data)
+    with open(filepath, 'w') as f:
-    print(f"Zertifikat saved.")
+        f.write(cert_data)
-
+        
-def main():
+    if platform.system().lower() == "linux":
-    if len(sys.argv) != 2:
+        try:
-        print("Usage: python export_cert.py <config.yaml>")
+            import pwd
-        sys.exit(1)
+            import grp
-
+
-    ### Load Config ###
+            if 'file_mode' in config:
-    config = load_config(sys.argv[1])
+                os.chmod(filepath, int(config['file_mode'], 8))
-    
+
-    ### check cert options ###
+            if 'file_owner' in config or 'file_group' in config:
-    if config['export_format'] not in ['crt', 'prv']:
+                uid = pwd.getpwnam(config.get('file_owner', pwd.getpwuid(os.getuid()).pw_name)).pw_uid
-        print(f"Invalid export format. Possible options are crt or prv.")
+                gid = grp.getgrnam(config.get('file_group', grp.getgrgid(os.getgid()).gr_name)).gr_gid
-        sys.exit(1)
+                os.chown(filepath, uid, gid)
-    
+        except Exception as e:
-    ### Search Certificates ###
+            print(f"[WARN] Error setting permissions: {e}")
-    certificates = search_certificates(config)
+    print(f"Certificate saved.")
-    if len(certificates) > 1:
+
-        print(f"Search results in more then one certificate. Please adjust your search to only return a single one.")
+def main():
-        sys.exit(1)
+    if len(sys.argv) != 2:
-    if len(certificates) == 0:
+        print("Usage: python export_cert.py <config.yaml>")
-        print(f"No certificate found with search phrase: {config['certificate_search']}")
+        sys.exit(1)
-        sys.exit(1)
+
-        
+    ### Load Config ###
-    certificate_uuid = certificates[0]['uuid']
+    config = load_config(sys.argv[1])
-    
+    
-    ### Get Certificate by uuid ###
+    ### check cert options ###
-    certificate_data = export_certificate(config, certificate_uuid)
+    if config['export_format'] not in ['crt', 'prv']:
-    save_certificate(certificate_data, 'cert.crt', config['output_directory'])
+        print(f"Invalid export format. Possible options are crt or prv.")
-
+        sys.exit(1)
-if __name__ == "__main__":
+    
-    main()
+    ### Search Certificates ###
+    certificates = search_certificates(config)
+    if len(certificates) > 1:
+        print(f"Search results in more then one certificate. Please adjust your search to only return a single one.")
+        sys.exit(1)
+    if len(certificates) == 0:
+        print(f"No certificate found with search phrase: {config['certificate_search']}")
+        sys.exit(1)
+        
+    certificate_uuid = certificates[0]['uuid']
+    
+    ### Get Certificate by uuid ###
+    certificate_data = export_certificate(config, certificate_uuid)
+    save_certificate(config, certificate_data, 'cert.crt', config['output_directory'])
+
+if __name__ == "__main__":
+    main()