Looks like certmaster-request and certmaster-ca are working with the new --ca flag.

[certmaster.git] / scripts / certmaster-ca

diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca
index 27e190e..7f8f967 100755 (executable)
--- a/scripts/certmaster-ca
+++ b/scripts/certmaster-ca
@@ -1,12 +1,14 @@
 #!/usr/bin/python -tt
 # sign/list keys
+# --ca ca sign/list certs for the 'ca' 
 # --sign hostname hostname hostname
 # --list # lists all csrs needing to be signed
-# --list-all ?
+# --list-all ca list all certs for a given ca
 # --clean? not sure what it will do
 
 import sys
 import glob
+import optparse
 import os
 
 import certmaster
@@ -15,27 +17,37 @@ import certmaster.certmaster
 
 
 
-from optparse import OptionParser
 
 def errorprint(stuff):
     print >> sys.stderr, stuff
 
+class CertmasterCAOptionParser(optparse.OptionParser):
+    def get_version(self):
+        return file("/etc/func/version").read().strip()
 
 def parseargs(args):
     usage = 'certmaster-ca <option> [args]'
-    parser = OptionParser(usage=usage)
-    
+    parser = CertmasterCAOptionParser(usage=usage,version=True)
+
+    parser.add_option("", '--ca', default='', action="store", dest="ca", metavar="CA",
+          help="certificate authority used to sign/list certs")
     parser.add_option('-l', '--list', default=False, action="store_true",
           help='list signing requests remaining')
     parser.add_option('-s', '--sign', default=False, action="store_true",
           help='sign requests of hosts specified')
     parser.add_option('-c', '--clean', default=False, action="store_true",
           help="clean out all certs or csrs for the hosts specified")
+    parser.add_option("", "--list-signed", default=False, action="store_true",
+          help='list all signed certs')
+    parser.add_option("", "--list-cert-hash", default=False, action="store_true",
+          help="list the cert hash for signed certs")
           
     (opts, args) = parser.parse_args()
     
     
-    if not opts.list and not opts.sign and not opts.clean:
+    # gotta be a better way...
+    if not opts.list and not opts.sign and not opts.clean \
+            and not opts.list_signed and not opts.list_cert_hash:
         parser.print_help()
         sys.exit(1)
             
@@ -52,9 +64,9 @@ def main(args):
 
         
     if opts.list:
-        hns = cm.get_csrs_waiting()
+        hns = cm.get_csrs_waiting(ca=opts.ca)
         if hns:
-            for hn in cm.get_csrs_waiting():
+            for hn in sorted(hns):
                 print hn
         else:
            print 'No certificates to sign'
@@ -67,14 +79,14 @@ def main(args):
             return 1
             
         for hn in args:
-            csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
+            csrglob = '%s/%s.csr' % (cm.cfg.cas[opts.ca]['csrroot'], hn)
             csrs = glob.glob(csrglob)
             if not csrs:
                 errorprint('No match for %s to sign' % hn)
                 return 1
             
             for fn in csrs:
-                certfile = cm.sign_this_csr(fn)
+                certfile = cm.sign_this_csr(fn, ca=opts.ca)
                 print '%s signed - cert located at %s' % (fn, certfile)
         return 0
     
@@ -84,8 +96,32 @@ def main(args):
             return 1
         
         for hn in args:
-            cm.remove_this_cert(hn)
+            cm.remove_this_cert(hn, ca=opts.ca)
+        
+        return 0
+
+    if opts.list_signed:
+        hostglobs = ["*"]
+        if args:
+            hostglobs = args
+
+        signed_certs = cm.get_signed_certs(args, ca=opts.ca)
+
+        for i in sorted(signed_certs):
+            print i
+            
+        return 0
         
+    if opts.list_cert_hash:
+        hostglobs = ["*"]
+        if args:
+            hostglobs = args
+            
+        cert_hashes = cm.get_cert_hashes(hostglobs, ca=opts.ca)
+
+        for i in sorted(cert_hashes):
+            print i
+            
         return 0
 
 if __name__ == "__main__":