From e4ca594165a690c0dcc52230a6d757804e79180d Mon Sep 17 00:00:00 2001
From: Ruben van Staveren <ruben@verweg.com>
Date: Wed, 9 Sep 2020 15:31:31 +0200
Subject: [PATCH] Add a check only mode

---
 sort_certificate.py | 43 +++++++++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 18 deletions(-)

diff --git a/sort_certificate.py b/sort_certificate.py
index 7e2c3a8..7d210cc 100755
--- a/sort_certificate.py
+++ b/sort_certificate.py
@@ -250,6 +250,10 @@ def handle_args():
                         action='store_true',
                         help='Show only error logging')
 
+    loggrp.add_argument('-c', '--check',
+                        action='store_true',
+                        help='Only check, output nothing')
+
     outputgrp = parser.add_mutually_exclusive_group()
 
     outputgrp.add_argument('--just-certificate',
@@ -304,7 +308,7 @@ def main():
 
     args = handle_args()
 
-    if args.verbose:
+    if args.verbose or args.check:
         logging.basicConfig(level=logging.INFO)
     elif args.debug:
         logging.basicConfig(level=logging.DEBUG)
@@ -414,32 +418,35 @@ def main():
             logging.info('Subject: %s', x509_subject)
             logging.info('Issuer: %s', x509_issuer)
 
-            print(CERTINFO_TEMPLATE.format(
+            logging.info(CERTINFO_TEMPLATE.format(
                 subject=x509_subject,
                 issuer=x509_issuer,
                 notbefore=x509_not_before.strftime(OPENSSLTIME_FMT),
                 notafter=x509_not_after.strftime(OPENSSLTIME_FMT),
                 sha1fingerprint=x509_object.digest('sha1').decode()))
 
-            print(crypto.dump_certificate(crypto.FILETYPE_PEM,
-                                          x509_object).decode('ascii'),
-                  end='')
+            if not args.check:
+                print(crypto.dump_certificate(crypto.FILETYPE_PEM,
+                                              x509_object).decode('ascii'),
+                      end='')
 
         if rsa_objects:
-            logging.info('Print RSA private keys')
-            for rsa_object in rsa_objects:
-                print(rsa_object.to_cryptography_key().private_bytes(
-                    encoding=serialization.Encoding.PEM,
-                    format=serialization.PrivateFormat.TraditionalOpenSSL,
-                    encryption_algorithm=serialization.NoEncryption()).decode(
-                        'ascii'),
-                      end='')
+            if not args.check:
+                logging.info('Print RSA private keys')
+                for rsa_object in rsa_objects:
+                    print(rsa_object.to_cryptography_key().private_bytes(
+                        encoding=serialization.Encoding.PEM,
+                        format=serialization.PrivateFormat.TraditionalOpenSSL,
+                        encryption_algorithm=serialization.NoEncryption()).decode(
+                            'ascii'),
+                          end='')
         elif pk_objects:
-            logging.info('Print private keys')
-            for pk_object in pk_objects:
-                print(crypto.dump_privatekey(crypto.FILETYPE_PEM,
-                                             pk_object).decode('ascii'),
-                      end='')
+            if not args.check:
+                logging.info('Print private keys')
+                for pk_object in pk_objects:
+                    print(crypto.dump_privatekey(crypto.FILETYPE_PEM,
+                                                 pk_object).decode('ascii'),
+                          end='')
 
 
 if __name__ == "__main__":