scripts/certmaster-ca

   1 #!/usr/bin/python -tt
   2 # sign/list keys
   3 # --sign hostname hostname hostname
   4 # --list # lists all csrs needing to be signed
   5 # --list-all ?
   6 # --clean? not sure what it will do
   7
   8 import sys
   9 import glob
  10 import os
  11
  12 import certmaster
  13 import certmaster.certs
  14 import certmaster.certmaster
  15
  16
  17
  18 from optparse import OptionParser
  19
  20 def errorprint(stuff):
  21     print >> sys.stderr, stuff
  22
  23
  24 def parseargs(args):
  25     usage = 'certmaster-ca <option> [args]'
  26     parser = OptionParser(usage=usage)
  27
  28     parser.add_option('-l', '--list', default=False, action="store_true",
  29           help='list signing requests remaining')
  30     parser.add_option('-s', '--sign', default=False, action="store_true",
  31           help='sign requests of hosts specified')
  32     parser.add_option('-c', '--clean', default=False, action="store_true",
  33           help="clean out all certs or csrs for the hosts specified")
  34
  35     (opts, args) = parser.parse_args()
  36
  37
  38     if not opts.list and not opts.sign and not opts.clean:
  39         parser.print_help()
  40         sys.exit(1)
  41
  42     return (opts, args)
  43
  44 def main(args):
  45     if os.geteuid() != 0:
  46         errorprint('Must be root to run certmaster-ca')
  47         return 1
  48
  49     cm = certmaster.certmaster.CertMaster()
  50
  51     (opts, args) = parseargs(args)
  52
  53
  54     if opts.list:
  55         hns = cm.get_csrs_waiting()
  56         if hns:
  57             for hn in cm.get_csrs_waiting():
  58                 print hn
  59         else:
  60            print 'No certificates to sign'
  61
  62         return 0
  63
  64     if opts.sign:
  65         if not args:
  66             errorprint('Need hostnames to sign')
  67             return 1
  68
  69         for hn in args:
  70             csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
  71             csrs = glob.glob(csrglob)
  72             if not csrs:
  73                 errorprint('No match for %s to sign' % hn)
  74                 return 1
  75
  76             for fn in csrs:
  77                 certfile = cm.sign_this_csr(fn)
  78                 print '%s signed - cert located at %s' % (fn, certfile)
  79         return 0
  80
  81     if opts.clean:
  82         if not args:
  83             errorprint('Need hostname(s) to clean up')
  84             return 1
  85
  86         for hn in args:
  87             cm.remove_this_cert(hn)
  88
  89         return 0
  90
  91 if __name__ == "__main__":
  92     sys.exit(main(sys.argv[1:]))