#!/usr/bin/python
"""
This program generates a signed PKCS#10 request from an existing PGP key pair.

usage: gencsr PUBKEYRING PRIVKEYRING EMAIL

PUBKEYRING  is path to the public key ring
PRIVKEYRING is path to the private key ring
EMAIL is email associated with the key; it is used to fetch the key
"""

import sys
import array
import getpass
from cryptlib_py import *

def usage():
	print __doc__
	sys.exit(1)

def open_keyrings(pub_fn, priv_fn):
	priv = cryptKeysetOpen(CRYPT_UNUSED, CRYPT_KEYSET_FILE, priv_fn, CRYPT_KEYOPT_READONLY)
	return pub, priv

def get_keys(pub_fn, priv_fn, keyid):
	pub = cryptKeysetOpen(CRYPT_UNUSED, CRYPT_KEYSET_FILE, pub_fn, CRYPT_KEYOPT_READONLY)
	priv = cryptKeysetOpen(CRYPT_UNUSED, CRYPT_KEYSET_FILE, priv_fn, CRYPT_KEYOPT_READONLY)
	
	pubkey = cryptGetPublicKey(pub, CRYPT_KEYID_EMAIL, keyid)
	password = getpass.getpass("Password for private key: ")
	privkey = cryptGetPrivateKey(priv, CRYPT_KEYID_EMAIL, keyid, password)
	
	cryptKeysetClose(pub)
	cryptKeysetClose(priv)
	return pubkey, privkey

def query_request(pubkey, privkey):
	query_attrs = {
		'country': 'CRYPT_CERTINFO_COUNTRYNAME',
		'organization': 'CRYPT_CERTINFO_ORGANIZATIONNAME',
		'organizationalUnit': 'CRYPT_CERTINFO_ORGANIZATIONALUNITNAME',
		'commonName': 'CRYPT_CERTINFO_COMMONNAME'
	}

	csr = cryptCreateCert(CRYPT_UNUSED, CRYPT_CERTTYPE_CERTREQUEST)
	csr.CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO = pubkey
	for k, v in query_attrs.iteritems():
		sys.stdout.write(k + ": ")
		attr = sys.stdin.readline().strip()
		setattr(csr, v, attr)

	cryptSignCert(csr, privkey)
	return csr

##
# MAIN FUNCTION
##
def main(argv):
	pubkey, privkey = get_keys(argv[1], argv[2], argv[3])
	csr = query_request(pubkey, privkey)
	cryptDestroyContext(pubkey)
	cryptDestroyContext(privkey)
	
	csr_exp = array('c', ['\0'] * 4096)
	cryptExportCert(csr_exp, CRYPT_CERTFORMAT_TEXT_CERTIFICATE, csr)
	cryptDestroyCert(csr)
	csr_exp.tofile(sys.stdout)

if len(sys.argv) != 4: usage()
cryptInit()
main(sys.argv)
cryptEnd()