diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-09-26 13:17:08 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-09-26 13:17:08 +0200 |
| commit | 579c64f5ab5c6bc140f72045ca243fa3f2134ba3 (patch) | |
| tree | a71b5bfc0b1b198ff4f7460ec8a6ef30ea82b27b | |
| parent | 3bc79ff3cb40eeb36a33de7112d558abb96cb22f (diff) | |
| download | vyos-1x-579c64f5ab5c6bc140f72045ca243fa3f2134ba3.tar.gz vyos-1x-579c64f5ab5c6bc140f72045ca243fa3f2134ba3.zip | |
op-mode: pki: T3826: perform input validation when listing certificates
| -rwxr-xr-x | src/op_mode/pki.py | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index e1428c581..2283cd820 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -858,8 +858,18 @@ if __name__ == '__main__': elif args.action == 'show': if args.ca: - show_certificate_authority(None if args.ca == 'all' else args.ca) + ca_name = None if args.ca == 'all' else args.ca + if ca_name: + if not conf.exists(['pki', 'ca', ca_name]): + print(f'CA "{ca_name}" does not exist!') + exit(1) + show_certificate_authority(ca_name) elif args.certificate: + cert_name = None if args.certificate == 'all' else args.certificate + if cert_name: + if not conf.exists(['pki', 'certificate', cert_name]): + print(f'Certificate "{cert_name}" does not exist!') + exit(1) show_certificate(None if args.certificate == 'all' else args.certificate) elif args.crl: show_crl(None if args.crl == 'all' else args.crl) |