From 14f2be7e10228aebae68812b8c200d8c054257bc Mon Sep 17 00:00:00 2001
From: Ian Gulliver <flamingcow@gmail.com>
Date: Wed, 6 Apr 2016 22:52:48 -0700
Subject: [PATCH] Support certs in fetcher

---
 client/fetch_and_update.sh   | 13 ++++++++++++-
 server/modules/iconograph.py | 10 ++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/client/fetch_and_update.sh b/client/fetch_and_update.sh
index b248fd4..c866ba4 100755
--- a/client/fetch_and_update.sh
+++ b/client/fetch_and_update.sh
@@ -12,5 +12,16 @@ BOOT="/isodevice"
 FLAGS="$(cat /icon/config/fetcher.flags)"
 CA_CERT="/icon/config/ca.image.cert.pem"
 
-"${BASE}/fetcher.py" --image-dir="${IMAGES}" --ca-cert="${CA_CERT}" ${FLAGS}
+HTTPS_CLIENT_KEY="/systemid/$(hostname).www.key.pem"
+HTTPS_CLIENT_CERT="/systemid/$(hostname).www.cert.pem"
+HTTPS_CA_CERT="/icon/config/ca.www.cert.pem"
+
+if test -e "${HTTPS_CLIENT_KEY}" -a -e "${HTTPS_CLIENT_CERT}"; then
+  HTTPS_CLIENT_FLAGS="--https-client-cert=${HTTPS_CLIENT_CERT} --https-client-key=${HTTPS_CLIENT_KEY}"
+fi
+if test -e "${HTTPS_CA_CERT}"; then
+  HTTPS_CA_FLAGS="--https-ca-cert=${HTTPS_CA_CERT}"
+fi
+
+"${BASE}/fetcher.py" --image-dir="${IMAGES}" --ca-cert="${CA_CERT}" ${FLAGS} ${HTTPS_CLIENT_FLAGS} ${HTTPS_CA_FLAGS}
 "${BASE}/update_grub.py" --image-dir="${IMAGES}" --boot-dir="${BOOT}" > "${BOOT}/grub/grub.cfg.tmp" && mv "${BOOT}/grub/grub.cfg.tmp" "${BOOT}/grub/grub.cfg"
diff --git a/server/modules/iconograph.py b/server/modules/iconograph.py
index 673c347..2776279 100755
--- a/server/modules/iconograph.py
+++ b/server/modules/iconograph.py
@@ -22,6 +22,10 @@ parser.add_argument(
     dest='chroot_path',
     action='store',
     required=True)
+parser.add_argument(
+    '--https-ca-cert',
+    dest='https_ca_cert',
+    action='store')
 parser.add_argument(
     '--max-images',
     dest='max_images',
@@ -60,6 +64,12 @@ def main():
       FLAGS.ca_cert,
       os.path.join(FLAGS.chroot_path, 'icon', 'config', 'ca.image.cert.pem'))
 
+  if FLAGS.https_ca_cert:
+    shutil.copyfile(
+        FLAGS.https_ca_cert,
+        os.path.join(FLAGS.chroot_path, 'icon', 'config', 'ca.www.cert.pem'))
+
+
   path = os.path.join(FLAGS.chroot_path, 'icon', 'config', 'fetcher.flags')
   with open(path, 'w') as fh:
     fh.write('--base-url=%(base_url)s --max-images=%(max_images)d\n' % {