#!/usr/bin/env python3

# === HEADER START ===
# SPDX-License-Identifier: MIT
# Copyright © 2025 Benjamin Hoch
#
# @NAME         : agent_clearpass_api.py
# @DESCRIPTION  : check clearpass via api
# @AUTHOR       : Benjamin Hoch <b.hoch@pronexon.de>
# @VERSION      : 1.0.0
# @CREATED      : 2025-06-09
# @UPDATED      : 2025-08-04
# @URL          : https://pronexon.de
# @USAGE        : z.B. './agent_clearpass_api.py -ip 10.115.0.211 -cid test_api_user -cs "NvHZ/zMrhqEa2TcBoH/iQbgFTFgXsKdLGc6S5Ievcdk7"'
# @REQUIRES     :
#
# @SETUP:
#  I)    create clearpass api user:
#        - navigate to the clearpass server via browser and login
#        - ClearPass Guest > Administration > API Services > API Clients > Create API client
#
#  II)   api documentation:
#        - https://developer.arubanetworks.com/aruba-cppm/reference/tokenendpointpost
#
# @NOTES:
#	-
#
# @HISTORY:
#   Version   Date        Author             Description
#   -------   ----------  -----------------  ------------------------------
#   1.0.0     2025-06-09  Benjamin Hoch      initial release
#   1.1.0     2025-08-04  Benjamin Hoch      added api call for pluigns
#
# @TODO:
#   -
# === HEADER END ===

import argparse
import logging
import requests

# parser
parser = argparse.ArgumentParser()
parser.add_argument("--debug", "-d", action="store_true")
requiredArgs = parser.add_argument_group("required arguments")
requiredArgs.add_argument("--ip_address", "-ip", type=str, required=True)
requiredArgs.add_argument("--client_id", "-cid", type=str, required=True)
requiredArgs.add_argument("--client_secret", "-cs", type=str, required= True)
args = parser.parse_args()

# debug
debug = False

if args.debug:
    debug = args.debug

# logging
if debug:
    logging.basicConfig(filename="clearpass-mkp-log", level=logging.INFO, filemode="a", format='%(name)s:%(levelname)s: %(message)s')
    logger = logging.getLogger("clearpass-mkp-log")

# payload
payload = {
    "client_id": args.client_id,
    "grant_type": "client_credentials",
    "client_secret": args.client_secret,
}

# header_access
headers_access = {
    "accept": "application/json",
    "Authorization": "Bearer <TOKEN>",
    "content-type": "application/json"
}

# token
token = "Bearer "

def get_token():
    try:
        response_token = requests.post(f"https://{args.ip_address}/api/oauth", json=payload, verify=False)
    except Exception as error:
        if debug:
            logger.error(error)
    else:
        if response_token.status_code == 200:
            if debug:
                logger.info("Login successful")
            return response_token.json()["access_token"]
        else:
            if debug:
                logger.error("Login failed!")
            return None

if __name__ == "__main__":
    # first get the token
    token = get_token()

    # then get the data
    if token != None:
        # header_certs
        headers_cert = {
            "accept": "application/json",
            "Authorization": f"Bearer {token}",
        }

        try:
            # certificates
            response_cert = requests.get(f" https://{args.ip_address}/api/server-cert", headers=headers_cert, verify=False)
            print("<<<clearpass_cert:sep(0)>>>")
            print(response_cert.json())

            # license
            response_license = requests.get(f" https://{args.ip_address}/api/application-license", headers=headers_cert, verify=False)
            print("<<<clearpass_license:sep(0)>>>")
            print(response_license.json())

            # user count
            response_user_count = requests.get(f" https://{args.ip_address}/api/application-license/summary", headers=headers_cert, verify=False)
            print("<<<clearpass_user_count:sep(0)>>>")
            print(response_user_count.json())

            # plugins
            response_plugins = requests.get(f" https://{args.ip_address}/api/extension/instance", headers=headers_cert, verify=False)
            print("<<<clearpass_plugins:sep(0)>>>")
            print(response_plugins.json())

            # certificates_trust_list
            params_trust_cert={
                "limit": 1000,
                "offset": 0,
                "sort": "+id",
                "calculate_count": "false",
            }
            response_plugins = requests.get(f" https://{args.ip_address}/api/cert-trust-list-details", headers=headers_cert, params=params_trust_cert, verify=False)
            print("<<<clearpass_cert_trust_list:sep(0)>>>")
            print(response_plugins.json())

            # certificates_service
            response_plugins = requests.get(f" https://{args.ip_address}/api/service-cert", headers=headers_cert, verify=False)
            print("<<<clearpass_cert_service:sep(0)>>>")
            print(response_plugins.json())
        except Exception as error:
            if debug:
                logger.error(error)

