summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Likins <alikins@grimlock.devel.redhat.com>2008-04-30 22:37:07 -0400
committerAdrian Likins <alikins@grimlock.devel.redhat.com>2008-04-30 22:37:07 -0400
commit1c44d82bc9270466521e8c8d5339d0213935f385 (patch)
tree394edc4c2d4d299e128e28d98f0883b7a24d9ac5
parent7e743092d11acb95be40a415c3a9207fd040a0cf (diff)
downloadcertmaster-master.tar.gz
certmaster-master.tar.xz
certmaster-master.zip
add two new options to "certmaster-ca"HEADmaster
-list-signed shows a list of certs the certmaster has already signed --list-cert-hashes returns the list of signed certs in the CN-hash format that the acls files expects. Should make it a little easier to use the acls. Both options take optional hostnames or hostname globs
-rwxr-xr-xcertmaster/certmaster.py40
-rwxr-xr-xscripts/certmaster-ca32
2 files changed, 71 insertions, 1 deletions
diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py
index 970ff59..7431324 100755
--- a/certmaster/certmaster.py
+++ b/certmaster/certmaster.py
@@ -252,7 +252,47 @@ class CertMaster(object):
os.unlink(csr_unlink_file)
return certfile
+
+ # return a list of already signed certs
+ def get_signed_certs(self, hostglobs=None):
+ certglob = "%s/*.cert" % (self.cfg.certroot)
+
+ certs = []
+ globs = "*"
+ if hostglobs:
+ globs = hostglobs
+
+ for hostglob in globs:
+ certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob)
+ certs = certs + glob.glob(certglob)
+
+ signed_certs = []
+ for cert in certs:
+ # just want the hostname, so strip off path and ext
+ signed_certs.append(os.path.basename(cert).split(".cert", 1)[0])
+
+ return signed_certs
+
+ # return a list of the cert hash string we use to identify systems
+ def get_cert_hashes(self, hostglobs=None):
+ certglob = "%s/*.cert" % (self.cfg.certroot)
+
+ certfiles = []
+ globs = "*"
+ if hostglobs:
+ globs = hostglobs
+
+ for hostglob in globs:
+ certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob)
+ certfiles = certfiles + glob.glob(certglob)
+ cert_hashes = []
+ for certfile in certfiles:
+ cert = certs.retrieve_cert_from_file(certfile)
+ cert_hashes.append("%s-%s" % (cert.get_subject().CN, cert.subject_name_hash()))
+
+ return cert_hashes
+
def _run_triggers(self, ref, globber):
return utils.run_triggers(ref, globber)
diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca
index 27e190e..7370ef3 100755
--- a/scripts/certmaster-ca
+++ b/scripts/certmaster-ca
@@ -31,11 +31,17 @@ def parseargs(args):
help='sign requests of hosts specified')
parser.add_option('-c', '--clean', default=False, action="store_true",
help="clean out all certs or csrs for the hosts specified")
+ parser.add_option("", "--list-signed", default=False, action="store_true",
+ help='list all signed certs')
+ parser.add_option("", "--list-cert-hash", default=False, action="store_true",
+ help="list the cert hash for signed certs")
(opts, args) = parser.parse_args()
- if not opts.list and not opts.sign and not opts.clean:
+ # gotta be a better way...
+ if not opts.list and not opts.sign and not opts.clean \
+ and not opts.list_signed and not opts.list_cert_hash:
parser.print_help()
sys.exit(1)
@@ -88,5 +94,29 @@ def main(args):
return 0
+ if opts.list_signed:
+ hostglobs = ["*"]
+ if args:
+ hostglobs = args
+
+ signed_certs = cm.get_signed_certs(args)
+
+ for i in signed_certs:
+ print i
+
+ return 0
+
+ if opts.list_cert_hash:
+ hostglobs = ["*"]
+ if args:
+ hostglobs = args
+
+ cert_hashes = cm.get_cert_hashes(hostglobs)
+
+ for i in cert_hashes:
+ print i
+
+ return 0
+
if __name__ == "__main__":
sys.exit(main(sys.argv[1:]))