#! /usr/bin/perl -w
#
# dctcs-listdomains.pl     - DigiCert TCS listing of domains and organisations
#
# @(#)$Id$
# David Groep, Nikhef, 2020 - www.nikhef.nl/pdp
#
# As per doc https://www.digicert.com/services/v2/documentation
#
use strict;
use LWP::UserAgent;
use LWP::Protocol::https;
use IO::Socket::SSL;
use JSON;
use Data::Dumper;
use Getopt::Long;
$Getopt::Long::ignorecase = 0;

# ###########################################################################
# basic configuration - you SHOULD probably change apikeyfile and orgid!
# where apikeyfile may be the empty string (will then ask key from STDIN)
#
my $resturl    = "https://www.digicert.com/services/v2";
my $apikeylen  = 82; # length in characters of API key, seems to be 47 or 82
#
# CONFIGURE these values or override with args each time
my $apikeyfile = ""; # CONFIG: provide your own filename here

my $hostname;
my $outfile;
my $help = 0;
my $verb = 0;
my $activeonly = 0;
my $useorgbasename = 0;

&GetOptions(
  'o|outfile=s' => \$outfile,
  'K|keyfile=s' => \$apikeyfile,
  'activeonly+' => \$activeonly,
  'orgbasename+' => \$useorgbasename,
  'v+' => \$verb,
  'h|help' => \$help
) or exit 1;

if ( $help ) { &help; exit 0 }

# ###########################################################################
#
# validate options and input
# NONE for now

# ###########################################################################
#
# read password if needed from file or use env var DIGICERTAPIKEY or STDIN
my $apikey;
if ( $apikeyfile ne "none" && $apikeyfile ne "" && -e $apikeyfile ) {
  open FH,"<$apikeyfile";
  $apikey = <FH>; chomp($apikey);
  close FH;
} elsif (defined($ENV{DIGICERTAPIKEY})) {
  $apikey = $ENV{DIGICERTAPIKEY};
} else {
  print "Provide API key: ";
  system("stty -echo");
  $apikey = <STDIN>; chomp($apikey);
  system("stty echo"); print "***\n";
}
#die "Invalid API key length\n" if length($apikey) != $apikeylen;

# ###########################################################################
# setup defaults and LWP
#
# initialise UA
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 1 });
$ua->agent("dctcs-listdomains/0.1 (libwww-perl/$]; TERENA-TCS; $^O)");
$ua->default_header('X-DC-DEVKEY' => $apikey);
$ua->default_header('Content-Type' => "application/json");
$ua->default_header('Accept' => "application/json");

# ###########################################################################
# Actions
#

$verb and print "Retrieving list of domains ...\n";

my $domaindata = 
    &getDump($ua,"GET","domain?include_validation=true");

die "Division access invalid or no domains registered\n" 
    unless defined $domaindata->{"domains"}[0]{"id"};

my $of;
$outfile = "-" unless defined $outfile and $outfile ne "";
open $of,">$outfile" or die "Cannot open $outfile: $!\n";


#print Dumper($domaindata);

foreach my $dom ( @{$domaindata->{"domains"}} ) {
    next if $activeonly and ! ($dom->{"is_active"} and $dom->{"organization"}{"is_active"}); 

    printf $of "%s,%s\n",
        $dom->{"name"},
        ($useorgbasename?$dom->{"organization"}{"name"}:$dom->{"organization"}{"display_name"});
}

close $of;


exit 0;

# ###########################################################################
#

# getDump($ua,"(GET|PUT|GETDUMP|PUTDUMP|POST|POSTDUMP)",$url,[$content])
#   where the "DUMP" modes will return plain text from the answer, but
#   the default modes will return a perl object created from the JSON
#
sub getDump($$$$) {
  my ($ua,$type,$request,$content) = @_;
  my $data;
  $type = "GET" unless (defined $type and $type ne "");
  die "Invalid call with GET and contents\n" 
    if ( $type eq "GET" and defined $content and $content ne "");

  my $outtype = $type; 
  $type =~ s/DUMP$//;

  my $req = HTTP::Request->new($type => "$resturl/$request");
  if ( ( $type eq "POST" || $type eq "PUT" ) 
       and defined $content and $content ne "" ) {
    $req->content($content);
  }

  my $res = $ua->request($req);

  if ($res->is_success) {
    if ( $outtype =~ /DUMP/ ) { $data = $res->content; }
    else { $data = from_json($res->content); }
  } else {
    die "Invalid API call: ", $res->status_line, "\n";
  }
  return $data;
}

# example of a specific API wrapper 
sub getContainerId($) {
  my ($ua) = @_;
  my $data;

  my $req = HTTP::Request->new(GET => "$resturl/user/me");
  my $res = $ua->request($req);

  if ($res->is_success) {
    $data = from_json($res->content);
  } else {
    die "Invalid API call: ", $res->status_line, "\n";
  }
  return $data->{container}{id};
}


# ###########################################################################
# HELP

sub help() {

  ( my $base = $0 ) =~ s/^.*\///;
  print <<EOF;
Retrieve list of domains per division from the TCS DigiCert service via the API

 $base [-o outfile] [-v] [-K keyfile] [--activeonly] [--orgbasename]

  -K keyfile    file with the API key for the user as a single line
  -o outfile    file to write output to (default: STDOUT)
  --activeonly  only list those domains where bothdomain and organisation 
                are active
  --orgbasename use basename of the organsisation instead of the displayname 
                (which is the name showing up in the O RDN attribute)

EOF
  return 0;
}