From 1c44d82bc9270466521e8c8d5339d0213935f385 Mon Sep 17 00:00:00 2001 From: Adrian Likins Date: Wed, 30 Apr 2008 22:37:07 -0400 Subject: add two new options to "certmaster-ca" -list-signed shows a list of certs the certmaster has already signed --list-cert-hashes returns the list of signed certs in the CN-hash format that the acls files expects. Should make it a little easier to use the acls. Both options take optional hostnames or hostname globs --- certmaster/certmaster.py | 40 ++++++++++++++++++++++++++++++++++++++++ scripts/certmaster-ca | 32 +++++++++++++++++++++++++++++++- 2 files changed, 71 insertions(+), 1 deletion(-) diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py index 970ff59..7431324 100755 --- a/certmaster/certmaster.py +++ b/certmaster/certmaster.py @@ -252,7 +252,47 @@ class CertMaster(object): os.unlink(csr_unlink_file) return certfile + + # return a list of already signed certs + def get_signed_certs(self, hostglobs=None): + certglob = "%s/*.cert" % (self.cfg.certroot) + + certs = [] + globs = "*" + if hostglobs: + globs = hostglobs + + for hostglob in globs: + certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob) + certs = certs + glob.glob(certglob) + + signed_certs = [] + for cert in certs: + # just want the hostname, so strip off path and ext + signed_certs.append(os.path.basename(cert).split(".cert", 1)[0]) + + return signed_certs + + # return a list of the cert hash string we use to identify systems + def get_cert_hashes(self, hostglobs=None): + certglob = "%s/*.cert" % (self.cfg.certroot) + + certfiles = [] + globs = "*" + if hostglobs: + globs = hostglobs + + for hostglob in globs: + certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob) + certfiles = certfiles + glob.glob(certglob) + cert_hashes = [] + for certfile in certfiles: + cert = certs.retrieve_cert_from_file(certfile) + cert_hashes.append("%s-%s" % (cert.get_subject().CN, cert.subject_name_hash())) + + return cert_hashes + def _run_triggers(self, ref, globber): return utils.run_triggers(ref, globber) diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca index 27e190e..7370ef3 100755 --- a/scripts/certmaster-ca +++ b/scripts/certmaster-ca @@ -31,11 +31,17 @@ def parseargs(args): help='sign requests of hosts specified') parser.add_option('-c', '--clean', default=False, action="store_true", help="clean out all certs or csrs for the hosts specified") + parser.add_option("", "--list-signed", default=False, action="store_true", + help='list all signed certs') + parser.add_option("", "--list-cert-hash", default=False, action="store_true", + help="list the cert hash for signed certs") (opts, args) = parser.parse_args() - if not opts.list and not opts.sign and not opts.clean: + # gotta be a better way... + if not opts.list and not opts.sign and not opts.clean \ + and not opts.list_signed and not opts.list_cert_hash: parser.print_help() sys.exit(1) @@ -88,5 +94,29 @@ def main(args): return 0 + if opts.list_signed: + hostglobs = ["*"] + if args: + hostglobs = args + + signed_certs = cm.get_signed_certs(args) + + for i in signed_certs: + print i + + return 0 + + if opts.list_cert_hash: + hostglobs = ["*"] + if args: + hostglobs = args + + cert_hashes = cm.get_cert_hashes(hostglobs) + + for i in cert_hashes: + print i + + return 0 + if __name__ == "__main__": sys.exit(main(sys.argv[1:])) -- cgit