#!/usr/bin/env python
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import argparse
import json
import os
import requests
import subprocess
import uuid
from Crypto.PublicKey import RSA

parser = argparse.ArgumentParser(description='Revoke a Tatu-generated user SSH certificate.')
parser.add_argument('--projid', '-P', required=True)
parser.add_argument('--serial', '-K', required=True)
parser.add_argument('--tatu-url', default= 'http://127.0.0.1:18322',
                    help='URL of the Tatu API')
args = parser.parse_args()

try:
    auth_id = str(uuid.UUID(args.projid, version=4))
except:
    print '--projid should be the UUID of a Tatu CA (usually a cloud tenant/project).'
    exit()

if not args.serial.isdigit():
    print '--serial should be a number'
    exit()

server = args.tatu_url

body = {
    'serial': args.serial,
    'auth_id': auth_id,
    'key.pub': pubkeytext
}

response = requests.post(
    server + '/revokeduserkeys/' + auth_id,
    data=json.dumps({'serial': args.serial})
)
if response.status_code != 200:
    print 'Failed: ' + str(response)
    exit()