scripts/certmaster-ca

   1 #!/usr/bin/python -tt
   2 # sign/list keys
   3 # --sign hostname hostname hostname
   4 # --list # lists all csrs needing to be signed
   5 # --list-all ?
   6 # --clean? not sure what it will do
   7
   8 import sys
   9 import glob
  10 import os
  11
  12 import certmaster
  13 import certmaster.certs
  14 import certmaster.certmaster
  15
  16
  17
  18 from optparse import OptionParser
  19
  20 def errorprint(stuff):
  21     print >> sys.stderr, stuff
  22
  23
  24 def parseargs(args):
  25     usage = 'certmaster-ca <option> [args]'
  26     parser = OptionParser(usage=usage)
  27
  28     parser.add_option('-l', '--list', default=False, action="store_true",
  29           help='list signing requests remaining')
  30     parser.add_option('-s', '--sign', default=False, action="store_true",
  31           help='sign requests of hosts specified')
  32     parser.add_option('-c', '--clean', default=False, action="store_true",
  33           help="clean out all certs or csrs for the hosts specified")
  34     parser.add_option("", "--list-signed", default=False, action="store_true",
  35           help='list all signed certs')
  36     parser.add_option("", "--list-cert-hash", default=False, action="store_true",
  37           help="list the cert hash for signed certs")
  38
  39     (opts, args) = parser.parse_args()
  40
  41
  42     # gotta be a better way...
  43     if not opts.list and not opts.sign and not opts.clean \
  44             and not opts.list_signed and not opts.list_cert_hash:
  45         parser.print_help()
  46         sys.exit(1)
  47
  48     return (opts, args)
  49
  50 def main(args):
  51     if os.geteuid() != 0:
  52         errorprint('Must be root to run certmaster-ca')
  53         return 1
  54
  55     cm = certmaster.certmaster.CertMaster()
  56
  57     (opts, args) = parseargs(args)
  58
  59
  60     if opts.list:
  61         hns = cm.get_csrs_waiting()
  62         if hns:
  63             for hn in cm.get_csrs_waiting():
  64                 print hn
  65         else:
  66            print 'No certificates to sign'
  67
  68         return 0
  69
  70     if opts.sign:
  71         if not args:
  72             errorprint('Need hostnames to sign')
  73             return 1
  74
  75         for hn in args:
  76             csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
  77             csrs = glob.glob(csrglob)
  78             if not csrs:
  79                 errorprint('No match for %s to sign' % hn)
  80                 return 1
  81
  82             for fn in csrs:
  83                 certfile = cm.sign_this_csr(fn)
  84                 print '%s signed - cert located at %s' % (fn, certfile)
  85         return 0
  86
  87     if opts.clean:
  88         if not args:
  89             errorprint('Need hostname(s) to clean up')
  90             return 1
  91
  92         for hn in args:
  93             cm.remove_this_cert(hn)
  94
  95         return 0
  96
  97     if opts.list_signed:
  98         hostglobs = ["*"]
  99         if args:
 100             hostglobs = args
 101
 102         signed_certs = cm.get_signed_certs(args)
 103
 104         for i in signed_certs:
 105             print i
 106
 107         return 0
 108
 109     if opts.list_cert_hash:
 110         hostglobs = ["*"]
 111         if args:
 112             hostglobs = args
 113
 114         cert_hashes = cm.get_cert_hashes(hostglobs)
 115
 116         for i in cert_hashes:
 117             print i
 118
 119         return 0
 120
 121 if __name__ == "__main__":
 122     sys.exit(main(sys.argv[1:]))