From b0c2698aeff5497c96485101fdfffcde895a41f2 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 25 May 2024 21:53:19 +0200
Subject: op-mode: T6400: pki: unable to generate fingerprint for ACME issued
 certificates

This fixes (for and ACME generated certificate)

vyos@vyos:~$ show pki certificate vyos fingerprint sha512
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module>
    show_certificate_fingerprint(args.certificate, args.fingerprint)
  File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint
    print(get_certificate_fingerprint(cert, hash))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint
    fp = cert.fingerprint(hash_algorithm)
         ^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'fingerprint'

After the fix:

vyos@vyos# run show pki certificate vyos fingerprint sha256
10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2

(cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
---
 src/op_mode/pki.py | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py
index ad2c1ada0..4490e609c 100755
--- a/src/op_mode/pki.py
+++ b/src/op_mode/pki.py
@@ -876,7 +876,7 @@ def show_certificate_authority(name=None, pem=False):
     print("Certificate Authorities:")
     print(tabulate.tabulate(data, headers))
 
-def show_certificate(name=None, pem=False):
+def show_certificate(name=None, pem=False, fingerprint_hash=None):
     headers = ['Name', 'Type', 'Subject CN', 'Issuer CN', 'Issued', 'Expiry', 'Revoked', 'Private Key', 'CA Present']
     data = []
     certs = get_config_certificate()
@@ -897,6 +897,9 @@ def show_certificate(name=None, pem=False):
             if name and pem:
                 print(encode_certificate(cert))
                 return
+            elif name and fingerprint_hash:
+                print(get_certificate_fingerprint(cert, fingerprint_hash))
+                return
 
             ca_name = get_certificate_ca(cert, ca_certs)
             cert_subject_cn = cert.subject.rfc4514_string().split(",")[0]
@@ -923,12 +926,6 @@ def show_certificate(name=None, pem=False):
     print("Certificates:")
     print(tabulate.tabulate(data, headers))
 
-def show_certificate_fingerprint(name, hash):
-    cert = get_config_certificate(name=name)
-    cert = load_certificate(cert['certificate'])
-
-    print(get_certificate_fingerprint(cert, hash))
-
 def show_crl(name=None, pem=False):
     headers = ['CA Name', 'Updated', 'Revokes']
     data = []
@@ -1074,7 +1071,7 @@ if __name__ == '__main__':
                 if args.fingerprint is None:
                     show_certificate(None if args.certificate == 'all' else args.certificate, args.pem)
                 else:
-                    show_certificate_fingerprint(args.certificate, args.fingerprint)
+                    show_certificate(args.certificate, fingerprint_hash=args.fingerprint)
             elif args.crl:
                 show_crl(None if args.crl == 'all' else args.crl, args.pem)
             else:
-- 
cgit v1.2.3