119
119
result = GetoptLong.new(*options)
121
modes = Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS
125
modes = [:clean, :list, :revoke, :generate, :sign, :print, :verify]
128
127
result.each { |opt,arg|
133
134
Puppet::Util::Log.level = :debug
138
136
if Puppet.features.usage?
139
137
RDoc::usage && exit
190
if [:verify, :print, :generate, :clean, :revoke, :list].include?(mode)
191
185
hosts = ARGV.collect { |h| h.downcase }
194
if [:sign, :list].include?(mode)
196
unless waiting.length > 0 or (mode == :list and all)
197
puts "No certificates to sign"
209
if waiting.length > 0
210
puts waiting.join("\n")
213
puts ca.list_signed.collect { |cert | cert.sub(/^/,"+ ") }.join("\n")
217
$stderr.puts "You must specify one or more hosts to clean"
222
cert = ca.getclientcert(host)[0]
224
$stderr.puts "Could not find client certificate for %s" % host
234
to_sign = ARGV.collect { |h| h.downcase }
235
unless to_sign.length > 0 or all
237
"You must specify to sign all certificates or you must specify hostnames"
243
to_sign.each { |host|
244
unless waiting.include?(host)
245
$stderr.puts "No waiting request for %s" % host
248
waiting = waiting.find_all { |host|
249
to_sign.include?(host)
253
waiting.each { |host|
255
csr = ca.getclientcsr(host)
257
$stderr.puts "Could not retrieve request for %s: %s" % [host, detail]
262
$stderr.puts "Signed %s" % host
264
$stderr.puts "Could not sign request for %s: %s" % [host, detail]
268
ca.removeclientcsr(host)
270
$stderr.puts "Could not remove request for %s: %s" % [host, detail]
274
# we need to generate a certificate for a host
276
puts "Generating certificate for %s" % host
277
cert = Puppet::SSLCertificates::Certificate.new(
281
signedcert, cacert = ca.sign(cert.csr)
283
cert.cert = signedcert
289
cert = ca.getclientcert(h)[0]
295
if h =~ /^0x[0-9a-f]+$/
297
elsif h =~ /^[0-9]+$/
300
cert = ca.getclientcert(h)[0]
302
$stderr.puts "Could not find client certificate for %s" % h
309
puts "Revoked certificate with serial #{serial}"
313
unless ssl = %x{which openssl}.chomp
314
raise "Can't verify certificates without the openssl binary and could not find one"
318
cacert = Puppet[:localcacert]
322
file = ca.host2certfile(host)
323
unless FileTest.exist?(file)
324
puts "no certificate found"
330
command = %{#{ssl} verify -CAfile #{cacert} #{file}}
331
output = %x{#{command}}
340
$stderr.puts "Invalid mode %s" % mode
189
ca.apply(mode, :to => hosts)
191
puts detail.backtrace if Puppet[:trace]