import optparse import os import logging import sys from OpenSSL import crypto from autoca import ca_stub from autoca import certutil def writeout(output, data): if output: outfd = open(output, 'w') else: outfd = sys.stdout outfd.write(data) if output: outfd.close() def main(): parser = optparse.OptionParser() parser.add_option('--url', dest='url', help='autoca API endpoint') parser.add_option('--output', dest='output', metavar='FILE', help='write output to this file') parser.add_option('--outkey', dest='outkey', metavar='FILE', help='write private key to this file (only ' 'useful with the "sign" command)') parser.add_option('--server', dest='server', action='store_true', help='create a server certificate (for "sign")') parser.add_option('--subject', dest='subject', help='specify the X.509 subject as a set of ' 'comma-separated ATTR=VALUE assignments') parser.add_option('--secret', dest='secret', help='shared secret for authentication') opts, args = parser.parse_args() if len(args) < 1: parser.error('No command specified') if not opts.url: parser.error('Must specify --url') secret = opts.secret if not secret: if os.getenv('AUTOCA_SECRET'): with open(os.getenv('AUTOCA_SECRET'), 'r') as fd: secret = fd.read().strip() ca = ca_stub.CaStub(opts.url, secret) cmd, args = args[0], args[1:] if cmd == 'get-ca': writeout(opts.output, ca.get_ca()) elif cmd == 'get-crl': writeout(opts.output, ca.get_crl(format='pem')) elif cmd == 'sign': if not opts.subject: parser.error('Must specify --subject') subject = certutil.parse_subject(opts.subject) pkey, cert = ca.make_certificate(subject, days=7, server=opts.server) writeout(opts.output, crypto.dump_certificate( crypto.FILETYPE_PEM, cert)) writeout(opts.outkey, crypto.dump_privatekey( crypto.FILETYPE_PEM, pkey)) else: parser.error('Unknown command') if __name__ == '__main__': main()