diff options
author | elijah <elijah@riseup.net> | 2012-11-17 01:28:52 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2012-11-17 01:28:52 -0800 |
commit | 18ffd7efe05e55a3cf907309d5cd8b97aeec61c5 (patch) | |
tree | 5f97f30211e1ed7027c50077f36663c013ae2738 | |
parent | 76a3a736cfb50cb1c6d926d1e3afb0f504818157 (diff) | |
download | leap_cli-18ffd7efe05e55a3cf907309d5cd8b97aeec61c5.tar.gz leap_cli-18ffd7efe05e55a3cf907309d5cd8b97aeec61c5.tar.bz2 |
added ability to fingerprint x509 certs
-rw-r--r-- | lib/leap_cli.rb | 1 | ||||
-rw-r--r-- | lib/leap_cli/config/object.rb | 10 | ||||
-rw-r--r-- | lib/leap_cli/util/x509.rb | 32 |
3 files changed, 43 insertions, 0 deletions
diff --git a/lib/leap_cli.rb b/lib/leap_cli.rb index cc9ec69..5eecf62 100644 --- a/lib/leap_cli.rb +++ b/lib/leap_cli.rb @@ -11,6 +11,7 @@ require 'leap_cli/path' require 'leap_cli/util' require 'leap_cli/util/secret' require 'leap_cli/util/remote_command' +require 'leap_cli/util/x509' require 'leap_cli/log' require 'leap_cli/ssh_key' diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb index 492de34..70834a5 100644 --- a/lib/leap_cli/config/object.rb +++ b/lib/leap_cli/config/object.rb @@ -218,6 +218,9 @@ module LeapCli @path = path @options = options end + def to_s + @path + end end # @@ -258,6 +261,13 @@ module LeapCli @manager.secrets[name.to_s] ||= Util::Secret.generate(length) end + # + # return a fingerprint for a x509 certificate + # + def fingerprint(filename) + "SHA256: " + X509.fingerprint("SHA256", Path.named_path(filename)) + end + private # diff --git a/lib/leap_cli/util/x509.rb b/lib/leap_cli/util/x509.rb new file mode 100644 index 0000000..9ecd92d --- /dev/null +++ b/lib/leap_cli/util/x509.rb @@ -0,0 +1,32 @@ +require 'openssl' +require 'certificate_authority' +require 'digest' +require 'digest/md5' +require 'digest/sha1' + +module LeapCli; module X509 + extend self + + # + # returns a fingerprint of a x509 certificate + # + def fingerprint(digest, cert_file) + if cert_file.is_a? String + cert = OpenSSL::X509::Certificate.new(Util.read_file!(cert_file)) + elsif cert_file.is_a? OpenSSL::X509::Certificate + cert = cert_file + elsif cert_file.is_a? CertificateAuthority::Certificate + cert = cert_file.openssl_body + end + digester = case digest + when "MD5" then Digest::MD5.new + when "SHA1" then Digest::SHA1.new + when "SHA256" then Digest::SHA256.new + when "SHA384" then Digest::SHA384.new + when "SHA512" then Digest::SHA512.new + end + digester.hexdigest(cert.to_der) + end + + +end; end |