#!/usr/bin/python -tt
# sign/list keys
+# --ca ca sign/list certs for the 'ca'
# --sign hostname hostname hostname
# --list # lists all csrs needing to be signed
-# --list-all ?
+# --list-all ca list all certs for a given ca
# --clean? not sure what it will do
import sys
def parseargs(args):
usage = 'certmaster-ca <option> [args]'
parser = CertmasterCAOptionParser(usage=usage,version=True)
-
+
+ parser.add_option("", '--ca', default='', action="store", dest="ca", metavar="CA",
+ help="certificate authority used to sign/list certs")
parser.add_option('-l', '--list', default=False, action="store_true",
help='list signing requests remaining')
parser.add_option('-s', '--sign', default=False, action="store_true",
if opts.list:
- hns = cm.get_csrs_waiting()
+ hns = cm.get_csrs_waiting(opts.ca)
if hns:
for hn in sorted(hns):
print hn
return 1
for hn in args:
- csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
+ csrglob = '%s/%s.csr' % (cm.cfg.cas[opts.ca]['csrroot'], hn)
csrs = glob.glob(csrglob)
if not csrs:
errorprint('No match for %s to sign' % hn)
return 1
for fn in csrs:
- certfile = cm.sign_this_csr(fn)
+ certfile = cm.sign_this_csr(opts.ca,fn)
print '%s signed - cert located at %s' % (fn, certfile)
return 0
return 1
for hn in args:
- cm.remove_this_cert(hn)
+ cm.remove_this_cert(opts.ca,hn)
return 0
if args:
hostglobs = args
- signed_certs = cm.get_signed_certs(args)
+ signed_certs = cm.get_signed_certs(opts.ca, args)
for i in sorted(signed_certs):
print i
if args:
hostglobs = args
- cert_hashes = cm.get_cert_hashes(hostglobs)
+ cert_hashes = cm.get_cert_hashes(opts.ca, hostglobs)
for i in sorted(cert_hashes):
print i
projects / certmaster.git / blobdiff