3 # --sign hostname hostname hostname
4 # --list # lists all csrs needing to be signed
6 # --clean? not sure what it will do
13 import certmaster
.certs
14 import certmaster
.certmaster
18 from optparse
import OptionParser
20 def errorprint(stuff
):
21 print >> sys
.stderr
, stuff
25 usage
= 'certmaster-ca <option> [args]'
26 parser
= OptionParser(usage
=usage
)
28 parser
.add_option('-l', '--list', default
=False, action
="store_true",
29 help='list signing requests remaining')
30 parser
.add_option('-s', '--sign', default
=False, action
="store_true",
31 help='sign requests of hosts specified')
32 parser
.add_option('-c', '--clean', default
=False, action
="store_true",
33 help="clean out all certs or csrs for the hosts specified")
34 parser
.add_option("", "--list-signed", default
=False, action
="store_true",
35 help='list all signed certs')
36 parser
.add_option("", "--list-cert-hash", default
=False, action
="store_true",
37 help="list the cert hash for signed certs")
39 (opts
, args
) = parser
.parse_args()
42 # gotta be a better way...
43 if not opts
.list and not opts
.sign
and not opts
.clean \
44 and not opts
.list_signed
and not opts
.list_cert_hash
:
52 errorprint('Must be root to run certmaster-ca')
55 cm
= certmaster
.certmaster
.CertMaster()
57 (opts
, args
) = parseargs(args
)
61 hns
= cm
.get_csrs_waiting()
63 for hn
in cm
.get_csrs_waiting():
66 print 'No certificates to sign'
72 errorprint('Need hostnames to sign')
76 csrglob
= '%s/%s.csr' % (cm
.cfg
.csrroot
, hn
)
77 csrs
= glob
.glob(csrglob
)
79 errorprint('No match for %s to sign' % hn
)
83 certfile
= cm
.sign_this_csr(fn
)
84 print '%s signed - cert located at %s' % (fn
, certfile
)
89 errorprint('Need hostname(s) to clean up')
93 cm
.remove_this_cert(hn
)
102 signed_certs
= cm
.get_signed_certs(args
)
104 for i
in signed_certs
:
109 if opts
.list_cert_hash
:
114 cert_hashes
= cm
.get_cert_hashes(hostglobs
)
116 for i
in cert_hashes
:
121 if __name__
== "__main__":
122 sys
.exit(main(sys
.argv
[1:]))