3 # --ca ca sign/list certs for the 'ca'
4 # --sign hostname hostname hostname
5 # --list # lists all csrs needing to be signed
6 # --list-all ca list all certs for a given ca
7 # --clean? not sure what it will do
15 import certmaster
.certs
16 import certmaster
.certmaster
18 def errorprint(stuff
):
19 print >> sys
.stderr
, stuff
21 class CertmasterCAOptionParser(optparse
.OptionParser
):
22 def get_version(self
):
23 return file("/etc/certmaster/version").read().strip()
26 usage
= 'certmaster-ca <option> [args]'
27 parser
= CertmasterCAOptionParser(usage
=usage
,version
=True)
29 parser
.add_option("", '--ca', default
='', action
="store", dest
="ca", metavar
="CA",
30 help="certificate authority used to sign/list certs")
31 parser
.add_option('-l', '--list', default
=False, action
="store_true",
32 help='list signing requests remaining')
33 parser
.add_option('-s', '--sign', default
=False, action
="store_true",
34 help='sign requests of hosts specified')
35 parser
.add_option('-c', '--clean', default
=False, action
="store_true",
36 help="clean out all certs or csrs for the hosts specified")
37 parser
.add_option("", "--list-signed", default
=False, action
="store_true",
38 help='list all signed certs')
39 parser
.add_option("", "--list-cert-hash", default
=False, action
="store_true",
40 help="list the cert hash for signed certs")
42 (opts
, args
) = parser
.parse_args()
45 # gotta be a better way...
46 if not opts
.list and not opts
.sign
and not opts
.clean \
47 and not opts
.list_signed
and not opts
.list_cert_hash
:
55 errorprint('Must be root to run certmaster-ca')
58 cm
= certmaster
.certmaster
.CertMaster()
60 (opts
, args
) = parseargs(args
)
62 ## Check that the ca option matches a configured ca
64 certauth
= cm
.cfg
.ca
[opts
.ca
]
66 errorprint("Unknown ca %s: check /etc/certmaster.cfg" % opts
.ca
)
70 hns
= cm
.get_csrs_waiting(certauth
)
72 for hn
in sorted(hns
):
75 print 'No certificates to sign'
81 errorprint('Need hostnames to sign')
85 csrglob
= '%s/%s.csr' % (certauth
.csrroot
, hn
)
86 csrs
= glob
.glob(csrglob
)
88 errorprint('No match for %s to sign' % hn
)
92 certfile
= cm
.sign_this_csr(fn
, certauth
)
93 print '%s signed - cert located at %s' % (fn
, certfile
)
98 errorprint('Need hostname(s) to clean up')
102 cm
.remove_this_cert(hn
, certauth
)
111 signed_certs
= cm
.get_signed_certs(certauth
, args
)
113 for i
in sorted(signed_certs
):
118 if opts
.list_cert_hash
:
123 cert_hashes
= cm
.get_cert_hashes(certauth
, hostglobs
)
125 for i
in sorted(cert_hashes
):
130 if __name__
== "__main__":
131 sys
.exit(main(sys
.argv
[1:]))