diff options
| author | Daniil Baturin <daniil@baturin.org> | 2023-08-09 17:54:31 +0100 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2023-08-09 17:54:31 +0100 |
| commit | 9427d7b001bd9cb769fb2940cfa263a448d62b80 (patch) | |
| tree | dae070a1f3ad40b6fb9bc503a7f4e6d1750f6468 /src | |
| parent | e4b932ed0a140c9ced9a4eb501d520560b125406 (diff) | |
| download | vyos-1x-9427d7b001bd9cb769fb2940cfa263a448d62b80.tar.gz vyos-1x-9427d7b001bd9cb769fb2940cfa263a448d62b80.zip | |
pki: T5273: add a certificate fingerprint command
Diffstat (limited to 'src')
| -rwxr-xr-x | src/op_mode/pki.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index 4c31291ad..f638c51bc 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -28,6 +28,7 @@ from vyos.config import Config from vyos.configquery import ConfigTreeQuery from vyos.configdict import dict_merge from vyos.pki import encode_certificate, encode_public_key, encode_private_key, encode_dh_parameters +from vyos.pki import get_certificate_fingerprint from vyos.pki import create_certificate, create_certificate_request, create_certificate_revocation_list from vyos.pki import create_private_key from vyos.pki import create_dh_parameters @@ -916,6 +917,12 @@ def show_certificate(name=None, pem=False): print("Certificates:") print(tabulate.tabulate(data, headers)) +def show_certificate_fingerprint(name, hash): + cert = get_config_certificate(name=name) + cert = load_certificate(cert['certificate']) + + print(get_certificate_fingerprint(cert, hash)) + def show_crl(name=None, pem=False): headers = ['CA Name', 'Updated', 'Revokes'] data = [] @@ -961,6 +968,7 @@ if __name__ == '__main__': parser.add_argument('--sign', help='Sign certificate with specified CA', required=False) parser.add_argument('--self-sign', help='Self-sign the certificate', action='store_true') parser.add_argument('--pem', help='Output using PEM encoding', action='store_true') + parser.add_argument('--fingerprint', help='Show fingerprint and exit', action='store') # SSH parser.add_argument('--ssh', help='SSH Key', required=False) @@ -1057,7 +1065,10 @@ if __name__ == '__main__': if not conf.exists(['pki', 'certificate', cert_name]): print(f'Certificate "{cert_name}" does not exist!') exit(1) - show_certificate(None if args.certificate == 'all' else args.certificate, args.pem) + if args.fingerprint is None: + show_certificate(None if args.certificate == 'all' else args.certificate, args.pem) + else: + show_certificate_fingerprint(args.certificate, args.fingerprint) elif args.crl: show_crl(None if args.crl == 'all' else args.crl, args.pem) else: |