cmd/ski: update display mode

.gitignore

@@ -1,2 +1,4 @@
 .idea
 cmd/cert-bundler/testdata/pkg/*
+# Added by goreleaser init:
+dist/

certlib/helpers.go

@@ -399,15 +399,18 @@ func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, e
 // LoadFullCertPool returns a certificate pool with roots and intermediates
 // from disk. If no roots are provided, the system root pool will be used.
 func LoadFullCertPool(roots, intermediates string) (*x509.CertPool, error) {
+	var err error
+
 	pool := x509.NewCertPool()
 
 	if roots == "" {
-		pool, err := x509.SystemCertPool()
+		pool, err = x509.SystemCertPool()
 		if err != nil {
 			return nil, fmt.Errorf("loading system cert pool: %w", err)
 		}
 	} else {
-		rootCerts, err := LoadCertificates(roots)
+		var rootCerts []*x509.Certificate
+		rootCerts, err = LoadCertificates(roots)
 		if err != nil {
 			return nil, fmt.Errorf("loading roots: %w", err)
 		}
@@ -418,7 +421,8 @@ func LoadFullCertPool(roots, intermediates string) (*x509.CertPool, error) {
 	}
 
 	if intermediates != "" {
-		intCerts, err := LoadCertificates(intermediates)
+		var intCerts []*x509.Certificate
+		intCerts, err = LoadCertificates(intermediates)
 		if err != nil {
 			return nil, fmt.Errorf("loading intermediates: %w", err)
 		}

certlib/hosts/hosts.go

@@ -33,7 +33,6 @@ func parseURL(host string) (string, int, error) {
 	// OK
 	default:
 		return "", 0, errors.New("certlib/hosts: only https scheme supported")
-
 	}
 
 	if url.Port() == "" {

certlib/hosts/hosts_test.go

@@ -1,8 +1,9 @@
 package hosts_test
 
 import (
-	"git.wntrmute.dev/kyle/goutils/certlib/hosts"
 	"testing"
+
+	"git.wntrmute.dev/kyle/goutils/certlib/hosts"
 )
 
 type testCase struct {

cmd/ski/main.go

@@ -13,7 +13,6 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"strings"
 
 	"git.wntrmute.dev/kyle/goutils/certlib"
 	"git.wntrmute.dev/kyle/goutils/die"
@@ -32,10 +31,10 @@ Usage:
 	ski [-hm] files...
 
 Flags:
+	-d  Hex encoding mode.
 	-h	Print this help message.
 	-m	All SKIs should match; as soon as an SKI mismatch is found,
 		it is reported.
-
 `)
 }
 
@@ -145,15 +144,8 @@ func parseCSR(data []byte) ([]byte, string) {
 	return public, kt
 }
 
-func dumpHex(in []byte) string {
-	var s string
-	var sSb153 strings.Builder
-	for i := range in {
-		sSb153.WriteString(fmt.Sprintf("%02X:", in[i]))
-	}
-	s += sSb153.String()
-
-	return strings.Trim(s, ":")
+func dumpHex(in []byte, mode lib.HexEncodeMode) string {
+	return lib.HexEncode(in, mode)
 }
 
 type subjectPublicKeyInfo struct {
@@ -163,10 +155,14 @@ type subjectPublicKeyInfo struct {
 
 func main() {
 	var help, shouldMatch bool
+	var displayModeString string
+	flag.StringVar(&displayModeString, "d", "lower", "hex encoding mode")
 	flag.BoolVar(&help, "h", false, "print a help message and exit")
 	flag.BoolVar(&shouldMatch, "m", false, "all SKIs should match")
 	flag.Parse()
 
+	displayMode := lib.ParseHexEncodeMode(displayModeString)
+
 	if help {
 		usage(os.Stdout)
 		os.Exit(0)
@@ -184,7 +180,7 @@ func main() {
 		}
 
 		pubHash := sha1.Sum(subPKI.SubjectPublicKey.Bytes) // #nosec G401 this is the standard
-		pubHashString := dumpHex(pubHash[:])
+		pubHashString := dumpHex(pubHash[:], displayMode)
 		if ski == "" {
 			ski = pubHashString
 		}

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/benbjohnson/clock v1.3.5
 	github.com/davecgh/go-spew v1.1.1
 	github.com/google/certificate-transparency-go v1.0.21
+	rsc.io/qr v0.2.0
 )
 
 require (
@@ -22,5 +23,4 @@ require (
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
-	rsc.io/qr v0.2.0 // indirect
 )