From c9c16410d224f20c1417936b684a44be4c429815 Mon Sep 17 00:00:00 2001 From: Matteo Valentini Date: Mon, 2 Sep 2024 17:51:56 +0200 Subject: [PATCH] --- .../upload-certificate/23export_certificates | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 imageroot/actions/upload-certificate/23export_certificates diff --git a/imageroot/actions/upload-certificate/23export_certificates b/imageroot/actions/upload-certificate/23export_certificates new file mode 100644 index 0000000..af484f9 --- /dev/null +++ b/imageroot/actions/upload-certificate/23export_certificates @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 + +# +# Copyright (C) 2024 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +import os +import json +import agent +import sys +from base64 import b64decode + + +module_id = os.environ['MODULE_ID'] +node_id = os.environ['NODE_ID'] + +data = json.load(sys.stdin) + +# read and decode the base64 certificate and key from json payload +cert = b64decode(data["certFile"]).decode() +key = b64decode(data["keyFile"]).decode() + +# read the common name from the certificate +with subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', '/dev/stdin', '-nameopt', 'sep_multiline', '-nameopt', 'utf8'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, text=True) as openssl: + print(cert, file=openssl.stdin) + subject, _ = openssl.communicate() + domain = subject.split("\n")[0].split("CN=")[1] + +# save the certificate and key in redis +rdb = agent.redis_connect(privileged=True) +rkey = f'module/{module_id}/certificate/{domain}' +rdb.hset(rkey, mapping={"cert": cert, "key": key, "custom": True}) + +# signal the certificate-updated event +event_key = f'module/{module_id}/event/certificate-updated' +print(f'Publishing event {event_key}') +event = {"rkey": rkey, "node": node_id, "module": module_id, "domain": domain, "custom": True} +rdb.publish(event_key, json.dumps(event))