#! /usr/bin/python
#
# ssh-import-id - Authorize SSH public keys from trusted online identities.
#
# Copyright (c) 2013 Casey Marshall <casey.marshall@gmail.com>
# Copyright (c) 2013 Dustin Kirkland <dustin.kirkland@gmail.com>
#
# ssh-import-id is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# ssh-import-id is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ssh-import-id.  If not, see <http://www.gnu.org/licenses/>.

import json
import os
import subprocess
import sys
try:
	import requests
	# Only versions >= 1.1.0 support SSL certificate verification
	if requests.__version__ >= '1.1.0':
		REQUESTS = True
	else:
		REQUESTS = False
except:
	REQUESTS = False
try:
	from urllib import quote_plus
except (ImportError,):
	from urllib.parse import quote_plus


if __name__ == '__main__':
	if not sys.argv[:1]:
		sys.stderr.write("Usage: %s <launchpad-id>\n" % (sys.argv[0]))
		os._exit(1)
	for lpid in sys.argv[1:]:
		try:
			url = os.getenv("URL", None)
			if url is None and os.path.exists("/etc/ssh/ssh_import_id"):
				try:
					conf = json.loads(open("/etc/ssh/ssh_import_id").read())
					url = conf.get("URL", None).decode("utf-8") % (quote_plus(lpid))
				except:
					raise Exception("Ensure that URL is defined in [/etc/ssh/ssh_import_id] is in JSON syntax")
			elif url is not None:
				url = url % (quote_plus(lpid))
			# Finally, fall back to Launchpad
			if url is None:
				url = "https://launchpad.net/~%s/+sshkeys" % (quote_plus(lpid))
			if REQUESTS:
				text = requests.get(url, verify=True).text
			else:
				# Fall back to using good 'ole ubiquitous wget
				p = subprocess.Popen(["wget", "--no-verbose", "-O", "-", url], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
				stdout, stderr = p.communicate()
				sys.stderr.write(stderr.decode('utf-8'))
				if p.returncode == 0:
					text = stdout.decode('utf-8')
				else:
					raise Exception("Could not fetch URL [%s]" % url)
			sys.stdout.write(str(text))
			sys.stdout.write("\n")
			sys.stdout.flush()
		except (Exception,):
			e = sys.exc_info()[1]
			sys.stderr.write("ERROR: %s\n" % (str(e)))
			os._exit(1)
		sys.stdout.write("\n")
	os._exit(0)