aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2012-11-17 01:28:52 -0800
committerelijah <elijah@riseup.net>2012-11-17 01:28:52 -0800
commit18ffd7efe05e55a3cf907309d5cd8b97aeec61c5 (patch)
tree5f97f30211e1ed7027c50077f36663c013ae2738 /lib
parent76a3a736cfb50cb1c6d926d1e3afb0f504818157 (diff)
downloadleap_cli-18ffd7efe05e55a3cf907309d5cd8b97aeec61c5.tar.gz
leap_cli-18ffd7efe05e55a3cf907309d5cd8b97aeec61c5.tar.bz2
added ability to fingerprint x509 certs
Diffstat (limited to 'lib')
-rw-r--r--lib/leap_cli.rb1
-rw-r--r--lib/leap_cli/config/object.rb10
-rw-r--r--lib/leap_cli/util/x509.rb32
3 files changed, 43 insertions, 0 deletions
diff --git a/lib/leap_cli.rb b/lib/leap_cli.rb
index cc9ec69..5eecf62 100644
--- a/lib/leap_cli.rb
+++ b/lib/leap_cli.rb
@@ -11,6 +11,7 @@ require 'leap_cli/path'
require 'leap_cli/util'
require 'leap_cli/util/secret'
require 'leap_cli/util/remote_command'
+require 'leap_cli/util/x509'
require 'leap_cli/log'
require 'leap_cli/ssh_key'
diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb
index 492de34..70834a5 100644
--- a/lib/leap_cli/config/object.rb
+++ b/lib/leap_cli/config/object.rb
@@ -218,6 +218,9 @@ module LeapCli
@path = path
@options = options
end
+ def to_s
+ @path
+ end
end
#
@@ -258,6 +261,13 @@ module LeapCli
@manager.secrets[name.to_s] ||= Util::Secret.generate(length)
end
+ #
+ # return a fingerprint for a x509 certificate
+ #
+ def fingerprint(filename)
+ "SHA256: " + X509.fingerprint("SHA256", Path.named_path(filename))
+ end
+
private
#
diff --git a/lib/leap_cli/util/x509.rb b/lib/leap_cli/util/x509.rb
new file mode 100644
index 0000000..9ecd92d
--- /dev/null
+++ b/lib/leap_cli/util/x509.rb
@@ -0,0 +1,32 @@
+require 'openssl'
+require 'certificate_authority'
+require 'digest'
+require 'digest/md5'
+require 'digest/sha1'
+
+module LeapCli; module X509
+ extend self
+
+ #
+ # returns a fingerprint of a x509 certificate
+ #
+ def fingerprint(digest, cert_file)
+ if cert_file.is_a? String
+ cert = OpenSSL::X509::Certificate.new(Util.read_file!(cert_file))
+ elsif cert_file.is_a? OpenSSL::X509::Certificate
+ cert = cert_file
+ elsif cert_file.is_a? CertificateAuthority::Certificate
+ cert = cert_file.openssl_body
+ end
+ digester = case digest
+ when "MD5" then Digest::MD5.new
+ when "SHA1" then Digest::SHA1.new
+ when "SHA256" then Digest::SHA256.new
+ when "SHA384" then Digest::SHA384.new
+ when "SHA512" then Digest::SHA512.new
+ end
+ digester.hexdigest(cert.to_der)
+ end
+
+
+end; end