diff options
| author | Seth Vidal <skvidal@fedoraproject.org> | 2007-09-26 16:13:41 -0400 |
|---|---|---|
| committer | Seth Vidal <skvidal@fedoraproject.org> | 2007-09-26 16:13:41 -0400 |
| commit | d535d52a58ae719aa1b5c60e7d8febacdaf8cebd (patch) | |
| tree | cd74b5a118dee572e06c0ccb99dbc806d8cf56ce /scripts | |
| parent | 2d2db746fa88a97dacd81db1a3b9840d52be1557 (diff) | |
| download | third_party-func-d535d52a58ae719aa1b5c60e7d8febacdaf8cebd.tar.gz third_party-func-d535d52a58ae719aa1b5c60e7d8febacdaf8cebd.tar.xz third_party-func-d535d52a58ae719aa1b5c60e7d8febacdaf8cebd.zip | |
certmaster-ca added for signing csrs manually
added sign/list capabilities into certmaster since we can use the same object for both
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/certmaster-ca | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca new file mode 100755 index 0000000..14f7c2f --- /dev/null +++ b/scripts/certmaster-ca @@ -0,0 +1,70 @@ +#!/usr/bin/python -tt +# sign/list keys +# --sign hostname hostname hostname +# --list # lists all csrs needing to be signed +# --list-all ? +# --clean? not sure what it will do + +import sys + +import func +import func.certs +import func.certmaster + + + +from optparse import OptionParser +defaults = { 'listen_addr': 'localhost', + 'listen_port': '51235', + 'cadir': '/etc/pki/func/ca', + 'certroot': '/var/lib/func/certmaster/certs', + 'csrroot': '/var/lib/func/certmaster/csrs', + 'autosign': 'false' + } + +def errorprint(stuff): + print >> sys.stderr, stuff + + +def parseargs(args): + usage = 'certmaster-ca [options]' + parser = OptionParser(usage=usage) + + parser.add_option('-l', '--list', default=False, action="store_true", + help='list signing requests remaining') + parser.add_option('-s', '--sign', default=False, action="store_true", + help='sign requests of hosts specified') + + (opts, args) = parser.parse_args() + # XXX FIXME check for obviously impossible things and exit, etc + + return (opts, args) + +def main(args): + cm = func.certmaster.CertMaster('/etc/func/certmaster.conf', defaults) + + (opts, args) = parseargs(args) + if opts.list: + hns = cm.get_csrs_waiting() + if hns: + for hn in cm.get_csrs_waiting(): + print hn + else: + print 'No certificates to sign' + + return 0 + + if opts.sign: + if not args: + errorprint('Need hostnames to sign') + return 1 + + for hn in args: + csrfile = '%s/%s.csr' % (cm.cfg.csrroot, hn) + certfile = cm.sign_this_csr(csrfile) + print '%s signed - cert located at %s' % (hn, certfile) + return 0 + + +if __name__ == "__main__": + sys.exit(main(sys.argv[1:])) |