No commit message

NethServer · Sep 3, 2024 · f526f3d · f526f3d
1 parent b8a1a1e
commit f526f3d
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/imageroot/actions/upload-certificate/23export_certificates b/imageroot/actions/upload-certificate/23export_certificates
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2024 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import os
+import json
+import agent
+import sys
+import subprocess
+from base64 import b64decode
+
+
+module_id = os.environ['MODULE_ID']
+node_id = os.environ['NODE_ID']
+
+data = json.load(sys.stdin)
+
+# read and decode the base64 certificate and key from json payload
+cert = b64decode(data["certFile"]).decode()
+key = b64decode(data["keyFile"]).decode()
+
+# read the common name from the certificate
+with subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', '/dev/stdin', '-nameopt', 'sep_multiline', '-nameopt', 'utf8'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, text=True) as openssl:
+    print(cert, file=openssl.stdin)
+    subject, _ = openssl.communicate()
+    domain = subject.split("\n")[0].split("CN=")[1]
+
+# save the certificate and key in redis
+rdb = agent.redis_connect(privileged=True)
+rkey = f'module/{module_id}/certificate/{domain}'
+rdb.hset(rkey, mapping={"cert": cert, "key": key, "custom": True})
+
+# signal the certificate-updated event
+event_key = f'module/{module_id}/event/certificate-updated'
+print(f'Publishing event {event_key}')
+event = {"rkey": rkey, "node": node_id, "module": module_id, "domain": domain, "custom": True}
+rdb.publish(event_key, json.dumps(event))