Add a check only mode

2020-09-09 15:31:31 +02:00 · 2020-09-09 15:31:31 +02:00 · e4ca594165
commit e4ca594165
parent c866d219cb
1 changed files with 25 additions and 18 deletions
--- a/sort_certificate.py
+++ b/sort_certificate.py
@ -250,6 +250,10 @@ def handle_args():
                        action='store_true',
                        help='Show only error logging')

+    loggrp.add_argument('-c', '--check',
+                        action='store_true',
+                        help='Only check, output nothing')
+
    outputgrp = parser.add_mutually_exclusive_group()

    outputgrp.add_argument('--just-certificate',
@ -304,7 +308,7 @@ def main():

    args = handle_args()

-    if args.verbose:
+    if args.verbose or args.check:
        logging.basicConfig(level=logging.INFO)
    elif args.debug:
        logging.basicConfig(level=logging.DEBUG)
@ -414,32 +418,35 @@ def main():
            logging.info('Subject: %s', x509_subject)
            logging.info('Issuer: %s', x509_issuer)

-            print(CERTINFO_TEMPLATE.format(
+            logging.info(CERTINFO_TEMPLATE.format(
                subject=x509_subject,
                issuer=x509_issuer,
                notbefore=x509_not_before.strftime(OPENSSLTIME_FMT),
                notafter=x509_not_after.strftime(OPENSSLTIME_FMT),
                sha1fingerprint=x509_object.digest('sha1').decode()))

-            print(crypto.dump_certificate(crypto.FILETYPE_PEM,
-                                          x509_object).decode('ascii'),
-                  end='')
+            if not args.check:
+                print(crypto.dump_certificate(crypto.FILETYPE_PEM,
+                                              x509_object).decode('ascii'),
+                      end='')

        if rsa_objects:
-            logging.info('Print RSA private keys')
-            for rsa_object in rsa_objects:
-                print(rsa_object.to_cryptography_key().private_bytes(
-                    encoding=serialization.Encoding.PEM,
-                    format=serialization.PrivateFormat.TraditionalOpenSSL,
-                    encryption_algorithm=serialization.NoEncryption()).decode(
-                        'ascii'),
-                      end='')
+            if not args.check:
+                logging.info('Print RSA private keys')
+                for rsa_object in rsa_objects:
+                    print(rsa_object.to_cryptography_key().private_bytes(
+                        encoding=serialization.Encoding.PEM,
+                        format=serialization.PrivateFormat.TraditionalOpenSSL,
+                        encryption_algorithm=serialization.NoEncryption()).decode(
+                            'ascii'),
+                          end='')
        elif pk_objects:
-            logging.info('Print private keys')
-            for pk_object in pk_objects:
-                print(crypto.dump_privatekey(crypto.FILETYPE_PEM,
-                                             pk_object).decode('ascii'),
-                      end='')
+            if not args.check:
+                logging.info('Print private keys')
+                for pk_object in pk_objects:
+                    print(crypto.dump_privatekey(crypto.FILETYPE_PEM,
+                                                 pk_object).decode('ascii'),
+                          end='')


 if __name__ == "__main__":