diff options
| author | Michael DeHaan <mdehaan@redhat.com> | 2008-02-07 12:08:55 -0500 |
|---|---|---|
| committer | Michael DeHaan <mdehaan@redhat.com> | 2008-02-07 12:08:55 -0500 |
| commit | 697402da24ca930b3608359a61b9872fdddc62d9 (patch) | |
| tree | 625403025dbfe9caca1254aab45724c8de4d8302 /scripts/certmaster-ca | |
| parent | ac3061bcffd2ea634596c188beaa13339e3fa24a (diff) | |
| download | certmaster-697402da24ca930b3608359a61b9872fdddc62d9.tar.gz certmaster-697402da24ca930b3608359a61b9872fdddc62d9.tar.xz certmaster-697402da24ca930b3608359a61b9872fdddc62d9.zip | |
Starting off the certmaster tree with most of the func code, shortly non-certmaster related parts will be removed, and other small parts added/tweaked
Diffstat (limited to 'scripts/certmaster-ca')
| -rwxr-xr-x | scripts/certmaster-ca | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca new file mode 100755 index 0000000..b3e844a --- /dev/null +++ b/scripts/certmaster-ca @@ -0,0 +1,92 @@ +#!/usr/bin/python -tt +# sign/list keys +# --sign hostname hostname hostname +# --list # lists all csrs needing to be signed +# --list-all ? +# --clean? not sure what it will do + +import sys +import glob +import os + +import func +import func.certs +import func.certmaster + + + +from optparse import OptionParser + +def errorprint(stuff): + print >> sys.stderr, stuff + + +def parseargs(args): + usage = 'certmaster-ca <option> [args]' + parser = OptionParser(usage=usage) + + parser.add_option('-l', '--list', default=False, action="store_true", + help='list signing requests remaining') + parser.add_option('-s', '--sign', default=False, action="store_true", + help='sign requests of hosts specified') + parser.add_option('-c', '--clean', default=False, action="store_true", + help="clean out all certs or csrs for the hosts specified") + + (opts, args) = parser.parse_args() + + + if not opts.list and not opts.sign and not opts.clean: + parser.print_help() + sys.exit(1) + + return (opts, args) + +def main(args): + if os.geteuid() != 0: + errorprint('Must be root to run certmaster-ca') + return 1 + + cm = func.certmaster.CertMaster() + + (opts, args) = parseargs(args) + + + if opts.list: + hns = cm.get_csrs_waiting() + if hns: + for hn in cm.get_csrs_waiting(): + print hn + else: + print 'No certificates to sign' + + return 0 + + if opts.sign: + if not args: + errorprint('Need hostnames to sign') + return 1 + + for hn in args: + csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) + csrs = glob.glob(csrglob) + if not csrs: + errorprint('No match for %s to sign' % hn) + return 1 + + for fn in csrs: + certfile = cm.sign_this_csr(fn) + print '%s signed - cert located at %s' % (fn, certfile) + return 0 + + if opts.clean: + if not args: + errorprint('Need hostname(s) to clean up') + return 1 + + for hn in args: + cm.remove_this_host(hn) + + return 0 + +if __name__ == "__main__": + sys.exit(main(sys.argv[1:])) |