3 # --sign hostname hostname hostname
4 # --list # lists all csrs needing to be signed
6 # --clean? not sure what it will do
14 import certmaster
.certs
15 import certmaster
.certmaster
20 def errorprint(stuff
):
21 print >> sys
.stderr
, stuff
23 class CertmasterCAOptionParser(optparse
.OptionParser
):
24 def get_version(self
):
25 return file("/etc/func/version").read().strip()
28 usage
= 'certmaster-ca <option> [args]'
29 parser
= CertmasterCAOptionParser(usage
=usage
,version
=True)
31 parser
.add_option('-l', '--list', default
=False, action
="store_true",
32 help='list signing requests remaining')
33 parser
.add_option('-s', '--sign', default
=False, action
="store_true",
34 help='sign requests of hosts specified')
35 parser
.add_option('-c', '--clean', default
=False, action
="store_true",
36 help="clean out all certs or csrs for the hosts specified")
37 parser
.add_option("", "--list-signed", default
=False, action
="store_true",
38 help='list all signed certs')
39 parser
.add_option("", "--list-cert-hash", default
=False, action
="store_true",
40 help="list the cert hash for signed certs")
42 (opts
, args
) = parser
.parse_args()
45 # gotta be a better way...
46 if not opts
.list and not opts
.sign
and not opts
.clean \
47 and not opts
.list_signed
and not opts
.list_cert_hash
:
55 errorprint('Must be root to run certmaster-ca')
58 cm
= certmaster
.certmaster
.CertMaster()
60 (opts
, args
) = parseargs(args
)
64 hns
= cm
.get_csrs_waiting()
66 for hn
in sorted(hns
):
69 print 'No certificates to sign'
75 errorprint('Need hostnames to sign')
79 csrglob
= '%s/%s.csr' % (cm
.cfg
.csrroot
, hn
)
80 csrs
= glob
.glob(csrglob
)
82 errorprint('No match for %s to sign' % hn
)
86 certfile
= cm
.sign_this_csr(fn
)
87 print '%s signed - cert located at %s' % (fn
, certfile
)
92 errorprint('Need hostname(s) to clean up')
96 cm
.remove_this_cert(hn
)
105 signed_certs
= cm
.get_signed_certs(args
)
107 for i
in sorted(signed_certs
):
112 if opts
.list_cert_hash
:
117 cert_hashes
= cm
.get_cert_hashes(hostglobs
)
119 for i
in sorted(cert_hashes
):
124 if __name__
== "__main__":
125 sys
.exit(main(sys
.argv
[1:]))