3 # --ca ca sign/list certs for the 'ca'
4 # --sign hostname hostname hostname
5 # --list # lists all csrs needing to be signed
6 # --list-all ca list all certs for a given ca
7 # --clean? not sure what it will do
15 import certmaster
.certs
16 import certmaster
.certmaster
21 def errorprint(stuff
):
22 print >> sys
.stderr
, stuff
24 class CertmasterCAOptionParser(optparse
.OptionParser
):
25 def get_version(self
):
26 return file("/etc/func/version").read().strip()
29 usage
= 'certmaster-ca <option> [args]'
30 parser
= CertmasterCAOptionParser(usage
=usage
,version
=True)
32 parser
.add_option("", '--ca', default
='', action
="store", dest
="ca", metavar
="CA",
33 help="certificate authority used to sign/list certs")
34 parser
.add_option('-l', '--list', default
=False, action
="store_true",
35 help='list signing requests remaining')
36 parser
.add_option('-s', '--sign', default
=False, action
="store_true",
37 help='sign requests of hosts specified')
38 parser
.add_option('-c', '--clean', default
=False, action
="store_true",
39 help="clean out all certs or csrs for the hosts specified")
40 parser
.add_option("", "--list-signed", default
=False, action
="store_true",
41 help='list all signed certs')
42 parser
.add_option("", "--list-cert-hash", default
=False, action
="store_true",
43 help="list the cert hash for signed certs")
45 (opts
, args
) = parser
.parse_args()
48 # gotta be a better way...
49 if not opts
.list and not opts
.sign
and not opts
.clean \
50 and not opts
.list_signed
and not opts
.list_cert_hash
:
58 errorprint('Must be root to run certmaster-ca')
61 cm
= certmaster
.certmaster
.CertMaster()
63 (opts
, args
) = parseargs(args
)
67 hns
= cm
.get_csrs_waiting(ca
=opts
.ca
)
69 for hn
in sorted(hns
):
72 print 'No certificates to sign'
78 errorprint('Need hostnames to sign')
82 csrglob
= '%s/%s.csr' % (cm
.cfg
.cas
[opts
.ca
]['csrroot'], hn
)
83 csrs
= glob
.glob(csrglob
)
85 errorprint('No match for %s to sign' % hn
)
89 certfile
= cm
.sign_this_csr(fn
, ca
=opts
.ca
)
90 print '%s signed - cert located at %s' % (fn
, certfile
)
95 errorprint('Need hostname(s) to clean up')
99 cm
.remove_this_cert(hn
, ca
=opts
.ca
)
108 signed_certs
= cm
.get_signed_certs(args
, ca
=opts
.ca
)
110 for i
in sorted(signed_certs
):
115 if opts
.list_cert_hash
:
120 cert_hashes
= cm
.get_cert_hashes(hostglobs
, ca
=opts
.ca
)
122 for i
in sorted(cert_hashes
):
127 if __name__
== "__main__":
128 sys
.exit(main(sys
.argv
[1:]))