summaryrefslogtreecommitdiffstats
path: root/scripts/certmaster-ca
blob: 7370ef3fee48de971da480582c151e313574edb4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/usr/bin/python -tt
# sign/list keys
# --sign hostname hostname hostname
# --list # lists all csrs needing to be signed
# --list-all ?
# --clean? not sure what it will do

import sys
import glob
import os

import certmaster
import certmaster.certs
import certmaster.certmaster



from optparse import OptionParser

def errorprint(stuff):
    print >> sys.stderr, stuff


def parseargs(args):
    usage = 'certmaster-ca <option> [args]'
    parser = OptionParser(usage=usage)
    
    parser.add_option('-l', '--list', default=False, action="store_true",
          help='list signing requests remaining')
    parser.add_option('-s', '--sign', default=False, action="store_true",
          help='sign requests of hosts specified')
    parser.add_option('-c', '--clean', default=False, action="store_true",
          help="clean out all certs or csrs for the hosts specified")
    parser.add_option("", "--list-signed", default=False, action="store_true",
          help='list all signed certs')
    parser.add_option("", "--list-cert-hash", default=False, action="store_true",
          help="list the cert hash for signed certs")
          
    (opts, args) = parser.parse_args()
    
    
    # gotta be a better way...
    if not opts.list and not opts.sign and not opts.clean \
            and not opts.list_signed and not opts.list_cert_hash:
        parser.print_help()
        sys.exit(1)
            
    return (opts, args)

def main(args):
    if os.geteuid() != 0:
        errorprint('Must be root to run certmaster-ca')
        return 1
        
    cm = certmaster.certmaster.CertMaster()
    
    (opts, args) = parseargs(args)

        
    if opts.list:
        hns = cm.get_csrs_waiting()
        if hns:
            for hn in cm.get_csrs_waiting():
                print hn
        else:
           print 'No certificates to sign'

        return 0
    
    if opts.sign:
        if not args:
            errorprint('Need hostnames to sign')
            return 1
            
        for hn in args:
            csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
            csrs = glob.glob(csrglob)
            if not csrs:
                errorprint('No match for %s to sign' % hn)
                return 1
            
            for fn in csrs:
                certfile = cm.sign_this_csr(fn)
                print '%s signed - cert located at %s' % (fn, certfile)
        return 0
    
    if opts.clean:
        if not args:
            errorprint('Need hostname(s) to clean up')
            return 1
        
        for hn in args:
            cm.remove_this_cert(hn)
        
        return 0

    if opts.list_signed:
        hostglobs = ["*"]
        if args:
            hostglobs = args

        signed_certs = cm.get_signed_certs(args)

        for i in signed_certs:
            print i
            
        return 0
        
    if opts.list_cert_hash:
        hostglobs = ["*"]
        if args:
            hostglobs = args
            
        cert_hashes = cm.get_cert_hashes(hostglobs)

        for i in cert_hashes:
            print i
            
        return 0

if __name__ == "__main__":
    sys.exit(main(sys.argv[1:]))