polished the newcert.py tool

newcert.py

@@ -4,17 +4,50 @@
 
 import os, sys
 import certutil
+import optparse
+import urllib
+import urllib2
 from OpenSSL import crypto
 
+
+AUTOCA_URL = "http://www.autistici.org/internalca"
+AUTOCA_CONF = "ca.yml"
+
+
 def main():
-    cn = sys.argv[1]
-    ca = certutil.CA("ca.yml", load=False)
+    parser = optparse.OptionParser(usage="Usage: newcert [<OPTIONS>] <CN>")
+    parser.add_option("-c", "--config", dest="config_file", default=AUTOCA_CONF,
+                      help="Load CA configuration from this file")
+    parser.add_option("-u", "--ca-url", dest="ca_url", default=AUTOCA_URL,
+                      help="Set AutoCA endpoint URL")
+    parser.add_option("-o", "--output", dest="output_base", default="newcert",
+                      help="Set the name of the output files (minus the extension)")
+    opts, args = parser.parse_args()
+    if len(args) != 1:
+        parser.error("Wrong number of arguments")
+
+    cn = args[0]
+    ca = certutil.CA(opts.config_file, load=False)
     pkey = ca.create_rsa_key_pair()
     req = ca.create_cert_request(pkey, CN=cn)
 
-    open("newreq.key", "w", 0600).write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
-    open("newreq.csr", "w").write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
-    print "key and request written to newreq.{key,csr}"
+    key_file = "%s.key" % opts.output_base
+    csr_file = "%s.csr" % opts.output_base
+    crt_file = "%s.pem" % opts.output_base
+
+    csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
+    open(key_file, "w").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
+    os.chmod(key_file, 0400)
+    open(csr_file, "w").write(csr)
+
+    data = urllib.urlencode({"cert": csr})
+    req = urllib2.urlopen(AUTOCA_URL + "/sign", data)
+    signed = req.read()
+    open(crt_file, "w").write(signed)
+
+    print "private key saved in %s" % key_file
+    print "public cert saved in %s" % crt_file
+
 
 if __name__ == "__main__":
     main()