forked from smallstep/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fingerprint.go
97 lines (81 loc) · 2.48 KB
/
fingerprint.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package certificate
import (
"crypto/sha256"
"crypto/x509"
"encoding/hex"
"fmt"
"strings"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/errs"
"github.com/urfave/cli"
)
func fingerprintCommand() cli.Command {
return cli.Command{
Name: "fingerprint",
Action: cli.ActionFunc(fingerprintAction),
Usage: "print the fingerprint of a certificate",
UsageText: `**step certificate fingerprint** <crt-file>`,
Description: `**step certificate fingerprint** reads a certificate and prints to STDOUT the
certificate SHA256 of the raw certificate.
## POSITIONAL ARGUMENTS
<crt-file>
: A certificate PEM file, usually the root certificate.
## EXAMPLES
Get the fingerprint for a root certificate:
'''
$ step certificate fingerprint /path/to/root_ca.crt
0d7d3834cf187726cf331c40a31aa7ef6b29ba4df601416c9788f6ee01058cf3
'''
Get the fingerprint for a remote certificate:
'''
$ step certificate fingerprint https://smallstep.com
0d7d3834cf187726cf331c40a31aa7ef6b29ba4df601416c9788f6ee01058cf3
'''`,
Flags: []cli.Flag{
cli.StringFlag{
Name: "roots",
Usage: `Root certificate(s) that will be used to verify the
authenticity of the remote server.
: <roots> is a case-sensitive string and may be one of:
**file**
: Relative or full path to a file. All certificates in the file will be used for path validation.
**list of files**
: Comma-separated list of relative or full file paths. Every PEM encoded certificate from each file will be used for path validation.
**directory**
: Relative or full path to a directory. Every PEM encoded certificate from each file in the directory will be used for path validation.`,
},
cli.BoolFlag{
Name: "insecure",
Usage: `Use an insecure client to retrieve a remote peer certificate. Useful for
debugging invalid certificates remotely.`,
},
},
}
}
func fingerprintAction(ctx *cli.Context) error {
if err := errs.NumberOfArguments(ctx, 1); err != nil {
return err
}
var (
crt *x509.Certificate
err error
roots = ctx.String("roots")
insecure = ctx.Bool("insecure")
crtFile = ctx.Args().First()
)
if _, addr, isURL := trimURLPrefix(crtFile); isURL {
peerCertificates, err := getPeerCertificates(addr, roots, insecure)
if err != nil {
return err
}
crt = peerCertificates[0]
} else {
crt, err = pemutil.ReadCertificate(crtFile)
if err != nil {
return err
}
}
sum := sha256.Sum256(crt.Raw)
fmt.Println(strings.ToLower(hex.EncodeToString(sum[:])))
return nil
}