diff options
Diffstat (limited to 'scripts/certmaster-ca')
-rwxr-xr-x | scripts/certmaster-ca | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca new file mode 100755 index 0000000..b3e844a --- /dev/null +++ b/scripts/certmaster-ca @@ -0,0 +1,92 @@ +#!/usr/bin/python -tt +# sign/list keys +# --sign hostname hostname hostname +# --list # lists all csrs needing to be signed +# --list-all ? +# --clean? not sure what it will do + +import sys +import glob +import os + +import func +import func.certs +import func.certmaster + + + +from optparse import OptionParser + +def errorprint(stuff): + print >> sys.stderr, stuff + + +def parseargs(args): + usage = 'certmaster-ca <option> [args]' + parser = OptionParser(usage=usage) + + parser.add_option('-l', '--list', default=False, action="store_true", + help='list signing requests remaining') + parser.add_option('-s', '--sign', default=False, action="store_true", + help='sign requests of hosts specified') + parser.add_option('-c', '--clean', default=False, action="store_true", + help="clean out all certs or csrs for the hosts specified") + + (opts, args) = parser.parse_args() + + + if not opts.list and not opts.sign and not opts.clean: + parser.print_help() + sys.exit(1) + + return (opts, args) + +def main(args): + if os.geteuid() != 0: + errorprint('Must be root to run certmaster-ca') + return 1 + + cm = func.certmaster.CertMaster() + + (opts, args) = parseargs(args) + + + if opts.list: + hns = cm.get_csrs_waiting() + if hns: + for hn in cm.get_csrs_waiting(): + print hn + else: + print 'No certificates to sign' + + return 0 + + if opts.sign: + if not args: + errorprint('Need hostnames to sign') + return 1 + + for hn in args: + csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) + csrs = glob.glob(csrglob) + if not csrs: + errorprint('No match for %s to sign' % hn) + return 1 + + for fn in csrs: + certfile = cm.sign_this_csr(fn) + print '%s signed - cert located at %s' % (fn, certfile) + return 0 + + if opts.clean: + if not args: + errorprint('Need hostname(s) to clean up') + return 1 + + for hn in args: + cm.remove_this_host(hn) + + return 0 + +if __name__ == "__main__": + sys.exit(main(sys.argv[1:])) |