From 4e91db0ae8897f6bc0f4750760bd2be36e455147 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 6 Nov 2019 13:36:02 +0100
Subject: [PATCH] cert: add fingerprint helper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

for usage in pve-cluster's certificate cache.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/PVE/Certificate.pm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/PVE/Certificate.pm b/src/PVE/Certificate.pm
index 5ab920f..2421f3f 100644
--- a/src/PVE/Certificate.pm
+++ b/src/PVE/Certificate.pm
@@ -216,6 +216,20 @@ sub convert_asn1_to_epoch {
     return Date::Parse::str2time($iso_time);
 }
 
+sub get_certificate_fingerprint {
+    my ($cert_path) = @_;
+
+    my $cert = $read_certificate->($cert_path);
+
+    my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
+    Net::SSLeay::X509_free($cert);
+
+    die "unable to get fingerprint for '$cert_path' - got empty value\n"
+	if !defined($fp) || $fp eq '';
+
+    return $fp;
+}
+
 sub get_certificate_info {
     my ($cert_path) = @_;