From 157da703b7687a31e0f1cfe74f6cb1044bdde69a Mon Sep 17 00:00:00 2001 From: Alex Kelly Date: Mon, 4 Oct 2021 09:58:43 -0400 Subject: [PATCH] feat: add ability to output just the sans in a space separated list tests: add test for --san-only --- checkcert/checkcert.py | 12 +++++++++++- tests/test_checkcert.py | 6 ++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/checkcert/checkcert.py b/checkcert/checkcert.py index 8ebc2ea..55e69a0 100644 --- a/checkcert/checkcert.py +++ b/checkcert/checkcert.py @@ -109,8 +109,14 @@ def get_host_list_tuple(hosts: list) -> List[Tuple[str, int]]: @click.option( "--valid/--no-valid", default=True, help="Show True/False for cert validity" ) +@click.option( + "--san-only", + "-o", + is_flag=True, + help="Output only the SAN names to use in passing to certbot for example", +) @click.argument("hosts", nargs=-1) -def main(san, dump, color, filename, valid, hosts): +def main(san, dump, color, filename, valid, san_only, hosts): """Return information about certificates given including their validity""" # setup the list of tuples # handle a domain given with a : in it to specify the port @@ -127,6 +133,10 @@ def main(san, dump, color, filename, valid, hosts): if dump: print(get_x509_text(hostinfo.cert).decode()) else: + if san_only: + san_names = " ".join(get_alt_names(hostinfo.cert)) + print(san_names) + break output_string += ( f"{hostinfo.hostname} " f"({hostinfo.peername[0]}:{hostinfo.peername[1]})\n" diff --git a/tests/test_checkcert.py b/tests/test_checkcert.py index c1af858..de51e41 100644 --- a/tests/test_checkcert.py +++ b/tests/test_checkcert.py @@ -48,6 +48,12 @@ def test_san(): assert response.exit_code == 0 +def test_san_only(): + """verify --san outputs correctly""" + response = runner.invoke(cert_main, ["www.franklin.edu", "--san-only"]) + assert response.exit_code == 0 + + def test_bad_cert(): """verify an expired certificate works""" response = runner.invoke(cert_main, ["support.bluequill.com", "--san"])