5 from pathlib import Path
11 parser = argparse.ArgumentParser()
12 parser.add_argument('-c', '--check', help='check a .dom settings export file on stdin', action='store_true')
13 parser.add_argument('-s', '--split', help='split certificates and private keys from stdin', action='store_true')
14 parser.add_argument('-p', '--prefix', help='output filename prefix when doing --split', type=Path, default='./')
15 args = parser.parse_args()
21 for line in sys.stdin.readlines():
22 if line.find('BEGIN CERTIFICATE') != -1:
24 elif line.find('END CERTIFICATE') != -1:
30 elif line.find('BEGIN RSA PRIVATE KEY') != -1:
32 elif line.find('END RSA PRIVATE') != -1:
38 print(f'Expected 3 certificates but found {len(certs)}.', file=sys.stderr)
42 if private_key is None:
43 print('Found no private key', file=sys.stderr)
46 leaf_cert_modulus = None
47 with tempfile.NamedTemporaryFile(mode='w', delete=False) as leaf:
48 print(certs[2], file=leaf)
50 process = subprocess.run(['openssl', 'x509', '-modulus', '-noout', '-in', leaf.name], capture_output=True)
51 leaf_cert_modulus = process.stdout
53 leaf_key_modulus = None
54 with tempfile.NamedTemporaryFile('w', delete=False) as key:
55 print(private_key, file=key)
57 process = subprocess.run(['openssl', 'rsa', '-modulus', '-noout', '-in', key.name], capture_output=True, check=True)
58 leaf_key_modulus = process.stdout
60 if leaf_cert_modulus != leaf_key_modulus:
61 print('Leaf certificate and private key don''t match.', file=sys.stderr)
64 print('Leaf certificates and private key match.')
68 for index, cert in enumerate(certs):
69 with open(f'{args.prefix.name}cert_{index}.pem', 'w') as output:
70 print(cert, file=output)
73 with open(f'{args.prefix.name}private_key.pem', 'w') as output:
74 print(private_key, file=output)