From 18ffd7efe05e55a3cf907309d5cd8b97aeec61c5 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 17 Nov 2012 01:28:52 -0800 Subject: added ability to fingerprint x509 certs --- lib/leap_cli.rb | 1 + lib/leap_cli/config/object.rb | 10 ++++++++++ lib/leap_cli/util/x509.rb | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 lib/leap_cli/util/x509.rb diff --git a/lib/leap_cli.rb b/lib/leap_cli.rb index cc9ec69..5eecf62 100644 --- a/lib/leap_cli.rb +++ b/lib/leap_cli.rb @@ -11,6 +11,7 @@ require 'leap_cli/path' require 'leap_cli/util' require 'leap_cli/util/secret' require 'leap_cli/util/remote_command' +require 'leap_cli/util/x509' require 'leap_cli/log' require 'leap_cli/ssh_key' diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb index 492de34..70834a5 100644 --- a/lib/leap_cli/config/object.rb +++ b/lib/leap_cli/config/object.rb @@ -218,6 +218,9 @@ module LeapCli @path = path @options = options end + def to_s + @path + end end # @@ -258,6 +261,13 @@ module LeapCli @manager.secrets[name.to_s] ||= Util::Secret.generate(length) end + # + # return a fingerprint for a x509 certificate + # + def fingerprint(filename) + "SHA256: " + X509.fingerprint("SHA256", Path.named_path(filename)) + end + private # diff --git a/lib/leap_cli/util/x509.rb b/lib/leap_cli/util/x509.rb new file mode 100644 index 0000000..9ecd92d --- /dev/null +++ b/lib/leap_cli/util/x509.rb @@ -0,0 +1,32 @@ +require 'openssl' +require 'certificate_authority' +require 'digest' +require 'digest/md5' +require 'digest/sha1' + +module LeapCli; module X509 + extend self + + # + # returns a fingerprint of a x509 certificate + # + def fingerprint(digest, cert_file) + if cert_file.is_a? String + cert = OpenSSL::X509::Certificate.new(Util.read_file!(cert_file)) + elsif cert_file.is_a? OpenSSL::X509::Certificate + cert = cert_file + elsif cert_file.is_a? CertificateAuthority::Certificate + cert = cert_file.openssl_body + end + digester = case digest + when "MD5" then Digest::MD5.new + when "SHA1" then Digest::SHA1.new + when "SHA256" then Digest::SHA256.new + when "SHA384" then Digest::SHA384.new + when "SHA512" then Digest::SHA512.new + end + digester.hexdigest(cert.to_der) + end + + +end; end -- cgit v1.2.3