update

2025-12-20 06:12:03 +01:00
parent 2cc0bf8f8e
commit 19d3ba4fa3
10 changed files with 513 additions and 93 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,12 @@
 # Required
 OPNSENSE_API_KEY=your_api_key_here
 OPNSENSE_API_SECRET=your_api_secret_here
 OPNSENSE_HOST=https://your-opnsense.local
 # Optional
 OUTPUT_DIRECTORY=./certs
 # Optional: file permissions (Linux only)
 # FILE_OWNER=root
 # FILE_GROUP=root
 # FILE_MODE=0600
--- a/.gitignore
+++ b/.gitignore
@@ -160,3 +160,5 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 config.yaml
 certs
--- a/.python-version
+++ b/.python-version
@@ -0,0 +1 @@
 3.13
--- a/README.md
+++ b/README.md
@@ -1,2 +1,230 @@
-# opnsense_cert_exporter
+# OPNsense Certificate Exporter
 A Python tool to export SSL/TLS certificates and private keys from OPNsense firewalls via the API.
 ## Features
 - Search and export certificates from OPNsense Trust store
 - Exports both certificate (`cert.pem`) and private key (`privkey.pem`)
 - Change detection: only writes files if content has changed
 - Environment-based configuration (supports `.env` files)
 - Optional systemd journal logging
 - Optional file permission settings (Linux only)
 ## Prerequisites
 - Python 3.13+
 - [uv](https://docs.astral.sh/uv/) (recommended) or pip
 - OPNsense firewall with API access enabled
 - API key and secret with access to Trust/Certificates
 ## Installation
 ### Using uv (recommended)
 ```bash
 git clone https://git.project-insanity.de/gmarth/opnsense_cert_exporter.git
 cd opnsense-cert-exporter
 uv sync
 ```
 ### Using pip
 ```bash
 git clone https://git.project-insanity.de/gmarth/opnsense_cert_exporter.git
 cd opnsense-cert-exporter
 pip install -r requirements.txt
 ```
 ### Optional: systemd journal logging
 To enable native systemd journal logging (Linux only):
 ```bash
 # Install system dependency first
 sudo apt install libsystemd-dev pkg-config  # Debian/Ubuntu
 sudo dnf install systemd-devel pkg-config   # Fedora/RHEL
 # Then install the optional Python dependency
 uv sync --extra systemd
 ```
 ## Configuration
 1. Copy the example environment file:
 ```bash
 cp .env.example .env
 ```
 2. Edit `.env` with your settings:
 ```bash
 # Required
 OPNSENSE_API_KEY=your_api_key_here
 OPNSENSE_API_SECRET=your_api_secret_here
 OPNSENSE_HOST=https://your-opnsense.local
 # Optional
 OUTPUT_DIRECTORY=./certs
 # Optional: file permissions (Linux only)
 # FILE_OWNER=root
 # FILE_GROUP=root
 # FILE_MODE=0600
 ```
 ### Configuration Options
 | Environment Variable | Required | Description |
 |---------------------|----------|-------------|
 | `OPNSENSE_API_KEY` | Yes | OPNsense API key |
 | `OPNSENSE_API_SECRET` | Yes | OPNsense API secret |
 | `OPNSENSE_HOST` | Yes | OPNsense URL (e.g., `https://192.168.1.1`) |
 | `OUTPUT_DIRECTORY` | No | Directory to save exported certificates (default: `./certs`) |
 | `FILE_OWNER` | No | Set file owner (Linux only) |
 | `FILE_GROUP` | No | Set file group (Linux only) |
 | `FILE_MODE` | No | Set file permissions in octal (e.g., `0600`) |
 ### Setting up OPNsense API Access
 For security, create a dedicated user with minimal privileges for certificate export.
 #### 1. Create a Group with Certificate Manager Access
 1. Log in to your OPNsense web interface
 2. Go to **System > Access > Groups**
 3. Click **+** to add a new group
 4. Configure the group:
   - **Group name:** `cert-exporter`
   - **Description:** `Certificate export API access`
   - **Restrict access to networks (optional):** Limit API access to specific networks (e.g., `192.168.1.0/24` or a single host `192.168.1.100/32`)
 5. Click **Save**
 6. Click the **Edit** (pencil icon) on the newly created group
 7. Under **Assigned Privileges**, click **Edit**
 8. Select only **System: Certificate Manager** from the list
 9. Click **Save**
 > **Security tip:** Restricting access to the network where your export script runs adds an extra layer of security. Even if the API credentials are compromised, they cannot be used from unauthorized networks.
 #### 2. Create a Dedicated API User
 1. Go to **System > Access > Users**
 2. Click **+** to add a new user
 3. Configure the user:
   - **Username:** `cert-exporter`
   - **Password:** Set a strong password (not used for API access, but required)
   - **Group Memberships:** Select `cert-exporter`
 4. Click **Save**
 #### 3. Generate an API Key
 1. Edit the `cert-exporter` user
 2. Scroll down to **API keys** and click the **+** button
 3. Download the generated key file containing the key and secret
 4. Store the credentials securely - they cannot be retrieved later
 ## Usage
 ### Using uv
 ```bash
 uv run python main.py <certificate_name>
 ```
 ### Using Python directly
 ```bash
 python main.py <certificate_name>
 ```
 ### Examples
 ```bash
 # Export a single certificate
 uv run python main.py mail.example.com
 # Export multiple certificates
 uv run python main.py mail.example.com
 uv run python main.py vpn.example.com
 uv run python main.py wildcard.example.com
 ```
 The tool will:
 1. Search for the certificate matching the provided name
 2. Check if the certificate has changed since last export
 3. Export the certificate to `<output_directory>/<certificate_name>/cert.pem`
 4. Export the private key to `<output_directory>/<certificate_name>/privkey.pem`
 5. Log whether the certificate was updated or unchanged
 ### Viewing logs
 With systemd journal logging enabled:
 ```bash
 journalctl -t opnsense-cert-exporter
 journalctl -t opnsense-cert-exporter --since "1 hour ago"
 journalctl -t opnsense-cert-exporter -f  # follow
 ```
 ## Setting up a Cronjob for Periodic Exports
 To automatically export certificates on a schedule, set up a cron job:
 ### 1. Open the crontab editor
 ```bash
 crontab -e
 ```
 ### 2. Add a cron entry
 The `.env` file is automatically loaded from the script directory, so no need to `cd` first.
 **Daily at midnight:**
 ```cron
 0 0 * * * /usr/local/bin/uv run python /opt/opnsense-cert-exporter/main.py mail.example.com
 ```
 **Export multiple certificates:**
 ```cron
 0 0 * * * /usr/local/bin/uv run python /opt/opnsense-cert-exporter/main.py mail.example.com
 0 0 * * * /usr/local/bin/uv run python /opt/opnsense-cert-exporter/main.py vpn.example.com
 ```
 **Weekly on Sunday at 2 AM:**
 ```cron
 0 2 * * 0 /usr/local/bin/uv run python /opt/opnsense-cert-exporter/main.py mail.example.com
 ```
 ### 3. Example with service reload
 ```cron
 # Export certificate daily at midnight and reload nginx if changed
 0 0 * * * /usr/local/bin/uv run python /opt/opnsense-cert-exporter/main.py mail.example.com && systemctl reload nginx
 ```
 ### Cron Format Reference
 ```
 ┌───────────── minute (0-59)
 │ ┌───────────── hour (0-23)
 │ │ ┌───────────── day of month (1-31)
 │ │ │ ┌───────────── month (1-12)
 │ │ │ │ ┌───────────── day of week (0-6, Sunday=0)
 │ │ │ │ │
 * * * * * command
 ```
 ### Tips
 - Use absolute paths for the `uv` binary and `main.py` script
 - The `.env` file is loaded from the script directory automatically
 - With systemd journal logging, output automatically goes to the journal
 - Test the command manually before adding to cron
 - Consider adding a service reload command (e.g., `systemctl reload nginx`) after export
 - Ensure the cron user has appropriate permissions to write to the output directory
 ## License
 MIT
--- a/config.yaml.example
+++ b/config.yaml.example
@@ -1,13 +0,0 @@
 api_key: "your_opnsense_api_key"
 api_secret: "your_opnsense_api_secret"
 host: "https://your-opnsense.local"
 certificate_search: "example.com"
 output_directory: "./certs"
 output_filename: "cert.cert"
 export_format: "crt" # crt or prv
 # optional set file permissions (unix only)
 # file_owner: "root"
 # file_group: "root"
 # file_mode: "0600"
--- a/export_cert.py
+++ b/export_cert.py
@@ -1,78 +0,0 @@
 import requests
 import yaml
 import os
 import sys
 from requests.auth import HTTPBasicAuth
 import platform
 def load_config(config_path):
    with open(config_path, 'r') as f:
        return yaml.safe_load(f)
 def search_certificates(config):
    url = f"{config['host']}/api/trust/cert/search"
    payload = {
        "searchPhrase": config['certificate_search']
    }
    response = requests.post(url, json=payload, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
    response.raise_for_status()
    return response.json().get("rows", [])
 def export_certificate(config, uuid):
    url = f"{config['host']}/api/trust/cert/generate_file/{uuid}/{config['export_format']}"
    response = requests.post(url, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
    response.raise_for_status()
    return response.json().get("payload")
 def save_certificate(config, cert_data, filename, output_dir):
    os.makedirs(output_dir, exist_ok=True)
    filepath = os.path.join(output_dir, filename)
    with open(filepath, 'w') as f:
        f.write(cert_data)
    if platform.system().lower() == "linux":
        try:
            import pwd
            import grp
            if 'file_mode' in config:
                os.chmod(filepath, int(config['file_mode'], 8))
            if 'file_owner' in config or 'file_group' in config:
                uid = pwd.getpwnam(config.get('file_owner', pwd.getpwuid(os.getuid()).pw_name)).pw_uid
                gid = grp.getgrnam(config.get('file_group', grp.getgrgid(os.getgid()).gr_name)).gr_gid
                os.chown(filepath, uid, gid)
        except Exception as e:
            print(f"[WARN] Error setting permissions: {e}")
    print(f"Certificate saved.")
 def main():
    if len(sys.argv) != 2:
        print("Usage: python export_cert.py <config.yaml>")
        sys.exit(1)
    ### Load Config ###
    config = load_config(sys.argv[1])
    ### check cert options ###
    if config['export_format'] not in ['crt', 'prv']:
        print(f"Invalid export format. Possible options are crt or prv.")
        sys.exit(1)
    ### Search Certificates ###
    certificates = search_certificates(config)
    if len(certificates) > 1:
        print(f"Search results in more then one certificate. Please adjust your search to only return a single one.")
        sys.exit(1)
    if len(certificates) == 0:
        print(f"No certificate found with search phrase: {config['certificate_search']}")
        sys.exit(1)
    certificate_uuid = certificates[0]['uuid']
    ### Get Certificate by uuid ###
    certificate_data = export_certificate(config, certificate_uuid)
    save_certificate(config, certificate_data, 'cert.crt', config['output_directory'])
 if __name__ == "__main__":
    main()
--- a/main.py
+++ b/main.py
@@ -0,0 +1,126 @@
 import requests
 import os
 import sys
 import logging
 from requests.auth import HTTPBasicAuth
 import platform
 from dotenv import load_dotenv
 # Load .env file from script directory
 script_dir = os.path.dirname(os.path.abspath(__file__))
 load_dotenv(os.path.join(script_dir, '.env'))
 # Setup logging with systemd journal support (falls back to stdout)
 try:
    from systemd.journal import JournalHandler
    handler = JournalHandler(SYSLOG_IDENTIFIER='opnsense-cert-exporter')
 except ImportError:
    handler = logging.StreamHandler()
    handler.setFormatter(logging.Formatter('%(levelname)s: %(message)s'))
 log = logging.getLogger('opnsense-cert-exporter')
 log.addHandler(handler)
 log.setLevel(logging.INFO)
 def get_config():
    """Load configuration from environment variables."""
    required = ['OPNSENSE_API_KEY', 'OPNSENSE_API_SECRET', 'OPNSENSE_HOST']
    missing = [var for var in required if not os.environ.get(var)]
    if missing:
        log.error(f"Missing required environment variables: {', '.join(missing)}")
        sys.exit(1)
    return {
        'api_key': os.environ['OPNSENSE_API_KEY'],
        'api_secret': os.environ['OPNSENSE_API_SECRET'],
        'host': os.environ['OPNSENSE_HOST'],
        'output_directory': os.environ.get('OUTPUT_DIRECTORY', './certs'),
        'file_owner': os.environ.get('FILE_OWNER'),
        'file_group': os.environ.get('FILE_GROUP'),
        'file_mode': os.environ.get('FILE_MODE'),
    }
 def search_certificates(config, search_phrase):
    url = f"{config['host']}/api/trust/cert/search"
    payload = {"searchPhrase": search_phrase}
    response = requests.post(url, json=payload, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
    response.raise_for_status()
    return response.json().get("rows", [])
 def export_certificate(config, uuid, format):
    url = f"{config['host']}/api/trust/cert/generate_file/{uuid}/{format}"
    response = requests.post(url, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
    response.raise_for_status()
    return response.json().get("payload")
 def save_certificate(config, cert_data, filename, output_dir):
    """Save certificate to file if content has changed. Returns True if file was updated."""
    os.makedirs(output_dir, exist_ok=True)
    filepath = os.path.join(output_dir, filename)
    # Check if content has changed
    if os.path.exists(filepath):
        with open(filepath, 'r') as f:
            if f.read() == cert_data:
                return False
    with open(filepath, 'w') as f:
        f.write(cert_data)
    if platform.system().lower() == "linux":
        try:
            import pwd
            import grp
            if config['file_mode']:
                os.chmod(filepath, int(config['file_mode'], 8))
            if config['file_owner'] or config['file_group']:
                uid = pwd.getpwnam(config['file_owner'] or pwd.getpwuid(os.getuid()).pw_name).pw_uid
                gid = grp.getgrnam(config['file_group'] or grp.getgrgid(os.getgid()).gr_name).gr_gid
                os.chown(filepath, uid, gid)
        except Exception as e:
            log.warning(f"Error setting permissions: {e}")
    return True
 def main():
    if len(sys.argv) != 2:
        log.error("Usage: python main.py <certificate_name>")
        sys.exit(1)
    cert_name = sys.argv[1]
    config = get_config()
    ### Search Certificates ###
    certificates = search_certificates(config, cert_name)
    if len(certificates) > 1:
        log.error("Search returned more than one certificate. Please adjust your search to only return a single one.")
        sys.exit(1)
    if len(certificates) == 0:
        log.error(f"No certificate found with search phrase: {cert_name}")
        sys.exit(1)
    certificate_uuid = certificates[0]['uuid']
    output_dir = os.path.join(config['output_directory'], cert_name)
    ### Export certificate and private key ###
    certificate_data = export_certificate(config, certificate_uuid, 'crt')
    cert_updated = save_certificate(config, certificate_data, 'cert.pem', output_dir)
    private_key_data = export_certificate(config, certificate_uuid, 'prv')
    key_updated = save_certificate(config, private_key_data, 'privkey.pem', output_dir)
    if cert_updated or key_updated:
        log.info(f"Certificate updated: {output_dir}")
    else:
        log.info(f"Certificate unchanged: {output_dir}")
 if __name__ == "__main__":
    main()
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -0,0 +1,14 @@
 [project]
 name = "opnsense-cert-exporter"
 version = "0.1.0"
 description = "Add your description here"
 readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
    "certifi>=2025.11.12",
    "python-dotenv>=1.0.0",
    "requests>=2.32.5",
 ]
 [project.optional-dependencies]
 systemd = ["systemd-python>=235"]
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,9 @@
 certifi==2025.4.26
 charset-normalizer==3.4.2
 idna==3.10
-PyYAML==6.0.2
+python-dotenv==1.0.1
 requests==2.32.3
 urllib3==2.4.0
 # Optional: for native systemd journal logging
 # systemd-python>=235
--- a/uv.lock
+++ b/uv.lock
@@ -0,0 +1,125 @@
 version = 1
 revision = 3
 requires-python = ">=3.13"
 [[package]]
 name = "certifi"
 version = "2025.11.12"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/a2/8c/58f469717fa48465e4a50c014a0400602d3c437d7c0c468e17ada824da3a/certifi-2025.11.12.tar.gz", hash = "sha256:d8ab5478f2ecd78af242878415affce761ca6bc54a22a27e026d7c25357c3316", size = 160538, upload-time = "2025-11-12T02:54:51.517Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/70/7d/9bc192684cea499815ff478dfcdc13835ddf401365057044fb721ec6bddb/certifi-2025.11.12-py3-none-any.whl", hash = "sha256:97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b", size = 159438, upload-time = "2025-11-12T02:54:49.735Z" },
 ]
 [[package]]
 name = "charset-normalizer"
 version = "3.4.4"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/13/69/33ddede1939fdd074bce5434295f38fae7136463422fe4fd3e0e89b98062/charset_normalizer-3.4.4.tar.gz", hash = "sha256:94537985111c35f28720e43603b8e7b43a6ecfb2ce1d3058bbe955b73404e21a", size = 129418, upload-time = "2025-10-14T04:42:32.879Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/97/45/4b3a1239bbacd321068ea6e7ac28875b03ab8bc0aa0966452db17cd36714/charset_normalizer-3.4.4-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:e1f185f86a6f3403aa2420e815904c67b2f9ebc443f045edd0de921108345794", size = 208091, upload-time = "2025-10-14T04:41:13.346Z" },
    { url = "https://files.pythonhosted.org/packages/7d/62/73a6d7450829655a35bb88a88fca7d736f9882a27eacdca2c6d505b57e2e/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6b39f987ae8ccdf0d2642338faf2abb1862340facc796048b604ef14919e55ed", size = 147936, upload-time = "2025-10-14T04:41:14.461Z" },
    { url = "https://files.pythonhosted.org/packages/89/c5/adb8c8b3d6625bef6d88b251bbb0d95f8205831b987631ab0c8bb5d937c2/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:3162d5d8ce1bb98dd51af660f2121c55d0fa541b46dff7bb9b9f86ea1d87de72", size = 144180, upload-time = "2025-10-14T04:41:15.588Z" },
    { url = "https://files.pythonhosted.org/packages/91/ed/9706e4070682d1cc219050b6048bfd293ccf67b3d4f5a4f39207453d4b99/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:81d5eb2a312700f4ecaa977a8235b634ce853200e828fbadf3a9c50bab278328", size = 161346, upload-time = "2025-10-14T04:41:16.738Z" },
    { url = "https://files.pythonhosted.org/packages/d5/0d/031f0d95e4972901a2f6f09ef055751805ff541511dc1252ba3ca1f80cf5/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:5bd2293095d766545ec1a8f612559f6b40abc0eb18bb2f5d1171872d34036ede", size = 158874, upload-time = "2025-10-14T04:41:17.923Z" },
    { url = "https://files.pythonhosted.org/packages/f5/83/6ab5883f57c9c801ce5e5677242328aa45592be8a00644310a008d04f922/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a8a8b89589086a25749f471e6a900d3f662d1d3b6e2e59dcecf787b1cc3a1894", size = 153076, upload-time = "2025-10-14T04:41:19.106Z" },
    { url = "https://files.pythonhosted.org/packages/75/1e/5ff781ddf5260e387d6419959ee89ef13878229732732ee73cdae01800f2/charset_normalizer-3.4.4-cp313-cp313-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:bc7637e2f80d8530ee4a78e878bce464f70087ce73cf7c1caf142416923b98f1", size = 150601, upload-time = "2025-10-14T04:41:20.245Z" },
    { url = "https://files.pythonhosted.org/packages/d7/57/71be810965493d3510a6ca79b90c19e48696fb1ff964da319334b12677f0/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:f8bf04158c6b607d747e93949aa60618b61312fe647a6369f88ce2ff16043490", size = 150376, upload-time = "2025-10-14T04:41:21.398Z" },
    { url = "https://files.pythonhosted.org/packages/e5/d5/c3d057a78c181d007014feb7e9f2e65905a6c4ef182c0ddf0de2924edd65/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_armv7l.whl", hash = "sha256:554af85e960429cf30784dd47447d5125aaa3b99a6f0683589dbd27e2f45da44", size = 144825, upload-time = "2025-10-14T04:41:22.583Z" },
    { url = "https://files.pythonhosted.org/packages/e6/8c/d0406294828d4976f275ffbe66f00266c4b3136b7506941d87c00cab5272/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:74018750915ee7ad843a774364e13a3db91682f26142baddf775342c3f5b1133", size = 162583, upload-time = "2025-10-14T04:41:23.754Z" },
    { url = "https://files.pythonhosted.org/packages/d7/24/e2aa1f18c8f15c4c0e932d9287b8609dd30ad56dbe41d926bd846e22fb8d/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_riscv64.whl", hash = "sha256:c0463276121fdee9c49b98908b3a89c39be45d86d1dbaa22957e38f6321d4ce3", size = 150366, upload-time = "2025-10-14T04:41:25.27Z" },
    { url = "https://files.pythonhosted.org/packages/e4/5b/1e6160c7739aad1e2df054300cc618b06bf784a7a164b0f238360721ab86/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:362d61fd13843997c1c446760ef36f240cf81d3ebf74ac62652aebaf7838561e", size = 160300, upload-time = "2025-10-14T04:41:26.725Z" },
    { url = "https://files.pythonhosted.org/packages/7a/10/f882167cd207fbdd743e55534d5d9620e095089d176d55cb22d5322f2afd/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:9a26f18905b8dd5d685d6d07b0cdf98a79f3c7a918906af7cc143ea2e164c8bc", size = 154465, upload-time = "2025-10-14T04:41:28.322Z" },
    { url = "https://files.pythonhosted.org/packages/89/66/c7a9e1b7429be72123441bfdbaf2bc13faab3f90b933f664db506dea5915/charset_normalizer-3.4.4-cp313-cp313-win32.whl", hash = "sha256:9b35f4c90079ff2e2edc5b26c0c77925e5d2d255c42c74fdb70fb49b172726ac", size = 99404, upload-time = "2025-10-14T04:41:29.95Z" },
    { url = "https://files.pythonhosted.org/packages/c4/26/b9924fa27db384bdcd97ab83b4f0a8058d96ad9626ead570674d5e737d90/charset_normalizer-3.4.4-cp313-cp313-win_amd64.whl", hash = "sha256:b435cba5f4f750aa6c0a0d92c541fb79f69a387c91e61f1795227e4ed9cece14", size = 107092, upload-time = "2025-10-14T04:41:31.188Z" },
    { url = "https://files.pythonhosted.org/packages/af/8f/3ed4bfa0c0c72a7ca17f0380cd9e4dd842b09f664e780c13cff1dcf2ef1b/charset_normalizer-3.4.4-cp313-cp313-win_arm64.whl", hash = "sha256:542d2cee80be6f80247095cc36c418f7bddd14f4a6de45af91dfad36d817bba2", size = 100408, upload-time = "2025-10-14T04:41:32.624Z" },
    { url = "https://files.pythonhosted.org/packages/2a/35/7051599bd493e62411d6ede36fd5af83a38f37c4767b92884df7301db25d/charset_normalizer-3.4.4-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:da3326d9e65ef63a817ecbcc0df6e94463713b754fe293eaa03da99befb9a5bd", size = 207746, upload-time = "2025-10-14T04:41:33.773Z" },
    { url = "https://files.pythonhosted.org/packages/10/9a/97c8d48ef10d6cd4fcead2415523221624bf58bcf68a802721a6bc807c8f/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8af65f14dc14a79b924524b1e7fffe304517b2bff5a58bf64f30b98bbc5079eb", size = 147889, upload-time = "2025-10-14T04:41:34.897Z" },
    { url = "https://files.pythonhosted.org/packages/10/bf/979224a919a1b606c82bd2c5fa49b5c6d5727aa47b4312bb27b1734f53cd/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:74664978bb272435107de04e36db5a9735e78232b85b77d45cfb38f758efd33e", size = 143641, upload-time = "2025-10-14T04:41:36.116Z" },
    { url = "https://files.pythonhosted.org/packages/ba/33/0ad65587441fc730dc7bd90e9716b30b4702dc7b617e6ba4997dc8651495/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:752944c7ffbfdd10c074dc58ec2d5a8a4cd9493b314d367c14d24c17684ddd14", size = 160779, upload-time = "2025-10-14T04:41:37.229Z" },
    { url = "https://files.pythonhosted.org/packages/67/ed/331d6b249259ee71ddea93f6f2f0a56cfebd46938bde6fcc6f7b9a3d0e09/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:d1f13550535ad8cff21b8d757a3257963e951d96e20ec82ab44bc64aeb62a191", size = 159035, upload-time = "2025-10-14T04:41:38.368Z" },
    { url = "https://files.pythonhosted.org/packages/67/ff/f6b948ca32e4f2a4576aa129d8bed61f2e0543bf9f5f2b7fc3758ed005c9/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ecaae4149d99b1c9e7b88bb03e3221956f68fd6d50be2ef061b2381b61d20838", size = 152542, upload-time = "2025-10-14T04:41:39.862Z" },
    { url = "https://files.pythonhosted.org/packages/16/85/276033dcbcc369eb176594de22728541a925b2632f9716428c851b149e83/charset_normalizer-3.4.4-cp314-cp314-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:cb6254dc36b47a990e59e1068afacdcd02958bdcce30bb50cc1700a8b9d624a6", size = 149524, upload-time = "2025-10-14T04:41:41.319Z" },
    { url = "https://files.pythonhosted.org/packages/9e/f2/6a2a1f722b6aba37050e626530a46a68f74e63683947a8acff92569f979a/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:c8ae8a0f02f57a6e61203a31428fa1d677cbe50c93622b4149d5c0f319c1d19e", size = 150395, upload-time = "2025-10-14T04:41:42.539Z" },
    { url = "https://files.pythonhosted.org/packages/60/bb/2186cb2f2bbaea6338cad15ce23a67f9b0672929744381e28b0592676824/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_armv7l.whl", hash = "sha256:47cc91b2f4dd2833fddaedd2893006b0106129d4b94fdb6af1f4ce5a9965577c", size = 143680, upload-time = "2025-10-14T04:41:43.661Z" },
    { url = "https://files.pythonhosted.org/packages/7d/a5/bf6f13b772fbb2a90360eb620d52ed8f796f3c5caee8398c3b2eb7b1c60d/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:82004af6c302b5d3ab2cfc4cc5f29db16123b1a8417f2e25f9066f91d4411090", size = 162045, upload-time = "2025-10-14T04:41:44.821Z" },
    { url = "https://files.pythonhosted.org/packages/df/c5/d1be898bf0dc3ef9030c3825e5d3b83f2c528d207d246cbabe245966808d/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_riscv64.whl", hash = "sha256:2b7d8f6c26245217bd2ad053761201e9f9680f8ce52f0fcd8d0755aeae5b2152", size = 149687, upload-time = "2025-10-14T04:41:46.442Z" },
    { url = "https://files.pythonhosted.org/packages/a5/42/90c1f7b9341eef50c8a1cb3f098ac43b0508413f33affd762855f67a410e/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:799a7a5e4fb2d5898c60b640fd4981d6a25f1c11790935a44ce38c54e985f828", size = 160014, upload-time = "2025-10-14T04:41:47.631Z" },
    { url = "https://files.pythonhosted.org/packages/76/be/4d3ee471e8145d12795ab655ece37baed0929462a86e72372fd25859047c/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:99ae2cffebb06e6c22bdc25801d7b30f503cc87dbd283479e7b606f70aff57ec", size = 154044, upload-time = "2025-10-14T04:41:48.81Z" },
    { url = "https://files.pythonhosted.org/packages/b0/6f/8f7af07237c34a1defe7defc565a9bc1807762f672c0fde711a4b22bf9c0/charset_normalizer-3.4.4-cp314-cp314-win32.whl", hash = "sha256:f9d332f8c2a2fcbffe1378594431458ddbef721c1769d78e2cbc06280d8155f9", size = 99940, upload-time = "2025-10-14T04:41:49.946Z" },
    { url = "https://files.pythonhosted.org/packages/4b/51/8ade005e5ca5b0d80fb4aff72a3775b325bdc3d27408c8113811a7cbe640/charset_normalizer-3.4.4-cp314-cp314-win_amd64.whl", hash = "sha256:8a6562c3700cce886c5be75ade4a5db4214fda19fede41d9792d100288d8f94c", size = 107104, upload-time = "2025-10-14T04:41:51.051Z" },
    { url = "https://files.pythonhosted.org/packages/da/5f/6b8f83a55bb8278772c5ae54a577f3099025f9ade59d0136ac24a0df4bde/charset_normalizer-3.4.4-cp314-cp314-win_arm64.whl", hash = "sha256:de00632ca48df9daf77a2c65a484531649261ec9f25489917f09e455cb09ddb2", size = 100743, upload-time = "2025-10-14T04:41:52.122Z" },
    { url = "https://files.pythonhosted.org/packages/0a/4c/925909008ed5a988ccbb72dcc897407e5d6d3bd72410d69e051fc0c14647/charset_normalizer-3.4.4-py3-none-any.whl", hash = "sha256:7a32c560861a02ff789ad905a2fe94e3f840803362c84fecf1851cb4cf3dc37f", size = 53402, upload-time = "2025-10-14T04:42:31.76Z" },
 ]
 [[package]]
 name = "idna"
 version = "3.11"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/6f/6d/0703ccc57f3a7233505399edb88de3cbd678da106337b9fcde432b65ed60/idna-3.11.tar.gz", hash = "sha256:795dafcc9c04ed0c1fb032c2aa73654d8e8c5023a7df64a53f39190ada629902", size = 194582, upload-time = "2025-10-12T14:55:20.501Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/0e/61/66938bbb5fc52dbdf84594873d5b51fb1f7c7794e9c0f5bd885f30bc507b/idna-3.11-py3-none-any.whl", hash = "sha256:771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea", size = 71008, upload-time = "2025-10-12T14:55:18.883Z" },
 ]
 [[package]]
 name = "opnsense-cert-exporter"
 version = "0.1.0"
 source = { virtual = "." }
 dependencies = [
    { name = "certifi" },
    { name = "python-dotenv" },
    { name = "requests" },
 ]
 [package.optional-dependencies]
 systemd = [
    { name = "systemd-python" },
 ]
 [package.metadata]
 requires-dist = [
    { name = "certifi", specifier = ">=2025.11.12" },
    { name = "python-dotenv", specifier = ">=1.0.0" },
    { name = "requests", specifier = ">=2.32.5" },
    { name = "systemd-python", marker = "extra == 'systemd'", specifier = ">=235" },
 ]
 provides-extras = ["systemd"]
 [[package]]
 name = "python-dotenv"
 version = "1.2.1"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/f0/26/19cadc79a718c5edbec86fd4919a6b6d3f681039a2f6d66d14be94e75fb9/python_dotenv-1.2.1.tar.gz", hash = "sha256:42667e897e16ab0d66954af0e60a9caa94f0fd4ecf3aaf6d2d260eec1aa36ad6", size = 44221, upload-time = "2025-10-26T15:12:10.434Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/14/1b/a298b06749107c305e1fe0f814c6c74aea7b2f1e10989cb30f544a1b3253/python_dotenv-1.2.1-py3-none-any.whl", hash = "sha256:b81ee9561e9ca4004139c6cbba3a238c32b03e4894671e181b671e8cb8425d61", size = 21230, upload-time = "2025-10-26T15:12:09.109Z" },
 ]
 [[package]]
 name = "requests"
 version = "2.32.5"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "certifi" },
    { name = "charset-normalizer" },
    { name = "idna" },
    { name = "urllib3" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" },
 ]
 [[package]]
 name = "systemd-python"
 version = "235"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/10/9e/ab4458e00367223bda2dd7ccf0849a72235ee3e29b36dce732685d9b7ad9/systemd-python-235.tar.gz", hash = "sha256:4e57f39797fd5d9e2d22b8806a252d7c0106c936039d1e71c8c6b8008e695c0a", size = 61677, upload-time = "2023-02-11T13:42:16.588Z" }
 [[package]]
 name = "urllib3"
 version = "2.5.0"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/15/22/9ee70a2574a4f4599c47dd506532914ce044817c7752a79b6a51286319bc/urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760", size = 393185, upload-time = "2025-06-18T14:07:41.644Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", size = 129795, upload-time = "2025-06-18T14:07:40.39Z" },
 ]