harshavardhana
commented
3 months ago To print to screen you need to do this, don't copy paste it adapt it for the sidekick.
func fingerprintCert(cert *tls.Certificate) ([]byte, bool) {
if cert == nil && len(cert.Certificate) != 1 {
return nil, false
}
h := sha256.Sum256(cert.Certificate[0])
return h[:], true
}
func fingerprintKey(cert *tls.Certificate) ([]byte, bool) {
if cert == nil || len(cert.Certificate) != 1 {
return nil, false
}
var (
publicKeyDER []byte
err error
)
switch privateKey := cert.PrivateKey.(type) {
default:
return nil, false
case *ecdsa.PrivateKey:
publicKeyDER, err = x509.MarshalPKIXPublicKey(privateKey.Public())
case *rsa.PrivateKey:
publicKeyDER, err = x509.MarshalPKIXPublicKey(privateKey.Public())
}
if err != nil {
return nil, false
}
h := sha256.Sum256(publicKeyDER)
return h[:], true
}func printTLSFingerprints() {
if globalTLSCerts != nil {
cert, _ := globalTLSCerts.GetCertificate(nil)
if cert != nil && len(cert.Certificate) == 1 {
if fingerprint, ok := fingerprintCert(cert); ok {
logger.StartupMessage(colorBlue("\nCertificate: ") + fmt.Sprintf("% X", fingerprint[:len(fingerprint)/2]))
logger.StartupMessage(" % X", fingerprint[len(fingerprint)/2:])
}
if fingerprint, ok := fingerprintKey(cert); ok {
logger.StartupMessage(colorBlue("\nPublic Key: ") + base64.StdEncoding.EncodeToString(fingerprint))
}
}
}
}Open an endpoint like /v1/health provide this at /v1/certificates and let the users get the public certificate of the server as a downloadable file as public.crt via Content-Disposition settings.
feat: support auto tls