From aad7d68599f8e44b8ce407aa57fb71d56469eb3b Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Tue, 18 Nov 2025 11:46:58 -0800 Subject: [PATCH] cmd/ski: update display mode --- .gitignore | 2 ++ certlib/helpers.go | 10 +++++++--- certlib/hosts/hosts.go | 1 - certlib/hosts/hosts_test.go | 3 ++- cmd/ski/main.go | 20 ++++++++------------ go.mod | 2 +- 6 files changed, 20 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index b60278c..a0ebed5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ .idea cmd/cert-bundler/testdata/pkg/* +# Added by goreleaser init: +dist/ diff --git a/certlib/helpers.go b/certlib/helpers.go index bf525d4..911accc 100644 --- a/certlib/helpers.go +++ b/certlib/helpers.go @@ -399,15 +399,18 @@ func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, e // LoadFullCertPool returns a certificate pool with roots and intermediates // from disk. If no roots are provided, the system root pool will be used. func LoadFullCertPool(roots, intermediates string) (*x509.CertPool, error) { + var err error + pool := x509.NewCertPool() if roots == "" { - pool, err := x509.SystemCertPool() + pool, err = x509.SystemCertPool() if err != nil { return nil, fmt.Errorf("loading system cert pool: %w", err) } } else { - rootCerts, err := LoadCertificates(roots) + var rootCerts []*x509.Certificate + rootCerts, err = LoadCertificates(roots) if err != nil { return nil, fmt.Errorf("loading roots: %w", err) } @@ -418,7 +421,8 @@ func LoadFullCertPool(roots, intermediates string) (*x509.CertPool, error) { } if intermediates != "" { - intCerts, err := LoadCertificates(intermediates) + var intCerts []*x509.Certificate + intCerts, err = LoadCertificates(intermediates) if err != nil { return nil, fmt.Errorf("loading intermediates: %w", err) } diff --git a/certlib/hosts/hosts.go b/certlib/hosts/hosts.go index 80ac494..f564500 100644 --- a/certlib/hosts/hosts.go +++ b/certlib/hosts/hosts.go @@ -33,7 +33,6 @@ func parseURL(host string) (string, int, error) { // OK default: return "", 0, errors.New("certlib/hosts: only https scheme supported") - } if url.Port() == "" { diff --git a/certlib/hosts/hosts_test.go b/certlib/hosts/hosts_test.go index 09dab4b..8cb34d1 100644 --- a/certlib/hosts/hosts_test.go +++ b/certlib/hosts/hosts_test.go @@ -1,8 +1,9 @@ package hosts_test import ( - "git.wntrmute.dev/kyle/goutils/certlib/hosts" "testing" + + "git.wntrmute.dev/kyle/goutils/certlib/hosts" ) type testCase struct { diff --git a/cmd/ski/main.go b/cmd/ski/main.go index 817a947..f956ac8 100644 --- a/cmd/ski/main.go +++ b/cmd/ski/main.go @@ -13,7 +13,6 @@ import ( "fmt" "io" "os" - "strings" "git.wntrmute.dev/kyle/goutils/certlib" "git.wntrmute.dev/kyle/goutils/die" @@ -32,10 +31,10 @@ Usage: ski [-hm] files... Flags: + -d Hex encoding mode. -h Print this help message. -m All SKIs should match; as soon as an SKI mismatch is found, it is reported. - `) } @@ -145,15 +144,8 @@ func parseCSR(data []byte) ([]byte, string) { return public, kt } -func dumpHex(in []byte) string { - var s string - var sSb153 strings.Builder - for i := range in { - sSb153.WriteString(fmt.Sprintf("%02X:", in[i])) - } - s += sSb153.String() - - return strings.Trim(s, ":") +func dumpHex(in []byte, mode lib.HexEncodeMode) string { + return lib.HexEncode(in, mode) } type subjectPublicKeyInfo struct { @@ -163,10 +155,14 @@ type subjectPublicKeyInfo struct { func main() { var help, shouldMatch bool + var displayModeString string + flag.StringVar(&displayModeString, "d", "lower", "hex encoding mode") flag.BoolVar(&help, "h", false, "print a help message and exit") flag.BoolVar(&shouldMatch, "m", false, "all SKIs should match") flag.Parse() + displayMode := lib.ParseHexEncodeMode(displayModeString) + if help { usage(os.Stdout) os.Exit(0) @@ -184,7 +180,7 @@ func main() { } pubHash := sha1.Sum(subPKI.SubjectPublicKey.Bytes) // #nosec G401 this is the standard - pubHashString := dumpHex(pubHash[:]) + pubHashString := dumpHex(pubHash[:], displayMode) if ski == "" { ski = pubHashString } diff --git a/go.mod b/go.mod index 8da6034..4d32198 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/benbjohnson/clock v1.3.5 github.com/davecgh/go-spew v1.1.1 github.com/google/certificate-transparency-go v1.0.21 + rsc.io/qr v0.2.0 ) require ( @@ -22,5 +23,4 @@ require ( github.com/kr/pretty v0.1.0 // indirect github.com/pkg/errors v0.9.1 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect - rsc.io/qr v0.2.0 // indirect )