From f526f3d28db2e9c2a1316059d72c66ee705ba49b Mon Sep 17 00:00:00 2001
From: Matteo Valentini <matteo.valentini@nethesis.it>
Date: Mon, 2 Sep 2024 17:51:56 +0200
Subject: [PATCH]

---
 .../upload-certificate/23export_certificates  | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100755 imageroot/actions/upload-certificate/23export_certificates

diff --git a/imageroot/actions/upload-certificate/23export_certificates b/imageroot/actions/upload-certificate/23export_certificates
new file mode 100755
index 0000000..c12c84c
--- /dev/null
+++ b/imageroot/actions/upload-certificate/23export_certificates
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2024 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import os
+import json
+import agent
+import sys
+import subprocess
+from base64 import b64decode
+
+
+module_id = os.environ['MODULE_ID']
+node_id = os.environ['NODE_ID']
+
+data = json.load(sys.stdin)
+
+# read and decode the base64 certificate and key from json payload
+cert = b64decode(data["certFile"]).decode()
+key = b64decode(data["keyFile"]).decode()
+
+# read the common name from the certificate
+with subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', '/dev/stdin', '-nameopt', 'sep_multiline', '-nameopt', 'utf8'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, text=True) as openssl:
+    print(cert, file=openssl.stdin)
+    subject, _ = openssl.communicate()
+    domain = subject.split("\n")[0].split("CN=")[1]
+
+# save the certificate and key in redis
+rdb = agent.redis_connect(privileged=True)
+rkey = f'module/{module_id}/certificate/{domain}'
+rdb.hset(rkey, mapping={"cert": cert, "key": key, "custom": True})
+
+# signal the certificate-updated event
+event_key = f'module/{module_id}/event/certificate-updated'
+print(f'Publishing event {event_key}')
+event = {"rkey": rkey, "node": node_id, "module": module_id, "domain": domain, "custom": True}
+rdb.publish(event_key, json.dumps(event))