diff options
| author | Daniil Baturin <daniil@vyos.io> | 2026-05-26 12:44:59 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-05-26 12:44:59 +0100 |
| commit | 6ef84d9a2b30c4cfb9ce298b007162bab16275aa (patch) | |
| tree | 21fbc76b402d5636a95eb18a159cc03cc4ace67e /src | |
| parent | 567e968f5c6ee86360151144bd8239ec2cdca12b (diff) | |
| parent | 88a50d1700cac0b38595b206f804a59592bdb3d2 (diff) | |
| download | vyos-1x-6ef84d9a2b30c4cfb9ce298b007162bab16275aa.tar.gz vyos-1x-6ef84d9a2b30c4cfb9ce298b007162bab16275aa.zip | |
Merge pull request #5202 from indrajitr/T8877-pki-private-key
pki: T8877: Add ability to show private key in pem format
Diffstat (limited to 'src')
| -rwxr-xr-x | src/op_mode/pki.py | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index b84b6f02a..bf8bba657 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -1252,6 +1252,7 @@ def show_certificate_authority( def show_certificate( raw: bool, name: typing.Optional[str] = None, + private: typing.Optional[bool] = False, pem: typing.Optional[bool] = False, fingerprint: typing.Optional[ArgsFingerprint] = None, ): @@ -1282,12 +1283,31 @@ def show_certificate( if not cert: continue - if name and pem: + if name and pem and not (private or fingerprint): print(encode_certificate(cert)) return - elif name and fingerprint: + elif name and fingerprint and not private: print(get_certificate_fingerprint(cert, fingerprint)) return + elif name and private: + if 'private' in cert_dict and 'key' in cert_dict['private']: + protected = 'password_protected' in cert_dict['private'] + private_key = load_private_key( + cert_dict['private']['key'], + passphrase=None, + wrap_tags=True, + ) + if private_key: + print(encode_private_key(private_key, passphrase=None)) + else: + if protected: + print(f'Private key for certificate "{cert_name}" is ' + 'password-protected and cannot be displayed') + else: + print(f'Failed to load private key for certificate "{cert_name}"') + else: + print(f'No private key found for certificate "{cert_name}"') + return ca_name = get_certificate_ca(cert, ca_certs) cert_subject_cn = cert.subject.rfc4514_string().split(',')[0] |
