From d535d52a58ae719aa1b5c60e7d8febacdaf8cebd Mon Sep 17 00:00:00 2001
From: Seth Vidal <skvidal@fedoraproject.org>
Date: Wed, 26 Sep 2007 16:13:41 -0400
Subject: certmaster-ca added for signing csrs manually added sign/list
 capabilities into certmaster since we can use the same object for both

---
 scripts/certmaster-ca | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100755 scripts/certmaster-ca

(limited to 'scripts')

diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca
new file mode 100755
index 0000000..14f7c2f
--- /dev/null
+++ b/scripts/certmaster-ca
@@ -0,0 +1,70 @@
+#!/usr/bin/python -tt
+# sign/list keys
+# --sign hostname hostname hostname
+# --list # lists all csrs needing to be signed
+# --list-all ?
+# --clean? not sure what it will do
+
+import sys
+
+import func
+import func.certs
+import func.certmaster
+
+
+
+from optparse import OptionParser
+defaults = { 'listen_addr': 'localhost',
+             'listen_port': '51235',
+             'cadir': '/etc/pki/func/ca',
+             'certroot': '/var/lib/func/certmaster/certs',
+             'csrroot': '/var/lib/func/certmaster/csrs',
+             'autosign': 'false'
+            }
+
+def errorprint(stuff):
+    print >> sys.stderr, stuff
+
+
+def parseargs(args):
+    usage = 'certmaster-ca [options]'
+    parser = OptionParser(usage=usage)
+    
+    parser.add_option('-l', '--list', default=False, action="store_true",
+          help='list signing requests remaining')
+    parser.add_option('-s', '--sign', default=False, action="store_true",
+          help='sign requests of hosts specified')
+    
+    (opts, args) = parser.parse_args()
+    # XXX FIXME check for obviously impossible things and exit, etc
+    
+    return (opts, args)
+
+def main(args):
+    cm = func.certmaster.CertMaster('/etc/func/certmaster.conf', defaults)
+    
+    (opts, args) = parseargs(args)
+    if opts.list:
+        hns = cm.get_csrs_waiting()
+        if hns:
+            for hn in cm.get_csrs_waiting():
+                print hn
+        else:
+           print 'No certificates to sign'
+
+        return 0
+    
+    if opts.sign:
+        if not args:
+            errorprint('Need hostnames to sign')
+            return 1
+            
+        for hn in args:
+            csrfile = '%s/%s.csr' % (cm.cfg.csrroot, hn)
+            certfile = cm.sign_this_csr(csrfile)
+            print '%s signed - cert located at %s' % (hn, certfile)
+        return 0
+        
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))
-- 
cgit