1 files changed, 92 insertions, 0 deletions

diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca
new file mode 100755
index 0000000..b3e844a
--- /dev/null
+++ b/scripts/certmaster-ca
@@ -0,0 +1,92 @@
+#!/usr/bin/python -tt
+# sign/list keys
+# --sign hostname hostname hostname
+# --list # lists all csrs needing to be signed
+# --list-all ?
+# --clean? not sure what it will do
+
+import sys
+import glob
+import os
+
+import func
+import func.certs
+import func.certmaster
+
+
+
+from optparse import OptionParser
+
+def errorprint(stuff):
+    print >> sys.stderr, stuff
+
+
+def parseargs(args):
+    usage = 'certmaster-ca <option> [args]'
+    parser = OptionParser(usage=usage)
+    
+    parser.add_option('-l', '--list', default=False, action="store_true",
+          help='list signing requests remaining')
+    parser.add_option('-s', '--sign', default=False, action="store_true",
+          help='sign requests of hosts specified')
+    parser.add_option('-c', '--clean', default=False, action="store_true",
+          help="clean out all certs or csrs for the hosts specified")
+          
+    (opts, args) = parser.parse_args()
+    
+    
+    if not opts.list and not opts.sign and not opts.clean:
+        parser.print_help()
+        sys.exit(1)
+            
+    return (opts, args)
+
+def main(args):
+    if os.geteuid() != 0:
+        errorprint('Must be root to run certmaster-ca')
+        return 1
+        
+    cm = func.certmaster.CertMaster()
+    
+    (opts, args) = parseargs(args)
+
+        
+    if opts.list:
+        hns = cm.get_csrs_waiting()
+        if hns:
+            for hn in cm.get_csrs_waiting():
+                print hn
+        else:
+           print 'No certificates to sign'
+
+        return 0
+    
+    if opts.sign:
+        if not args:
+            errorprint('Need hostnames to sign')
+            return 1
+            
+        for hn in args:
+            csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
+            csrs = glob.glob(csrglob)
+            if not csrs:
+                errorprint('No match for %s to sign' % hn)
+                return 1
+            
+            for fn in csrs:
+                certfile = cm.sign_this_csr(fn)
+                print '%s signed - cert located at %s' % (fn, certfile)
+        return 0
+    
+    if opts.clean:
+        if not args:
+            errorprint('Need hostname(s) to clean up')
+            return 1
+        
+        for hn in args:
+            cm.remove_this_host(hn)
+        
+        return 0
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))