From 5a43191ee32e64e28c126ac3c73d1fb400dcb1f6 Mon Sep 17 00:00:00 2001
From: Alexander Thiess <thiess.alexander@googlemail.com>
Date: Wed, 14 May 2025 14:36:04 +0200
Subject: [PATCH] Upload files to "/"

---
 config.yaml.example |  7 +++++
 export_cert.py      | 62 +++++++++++++++++++++++++++++++++++++++++++++
 requirements.txt    |  6 +++++
 3 files changed, 75 insertions(+)
 create mode 100644 config.yaml.example
 create mode 100644 export_cert.py
 create mode 100644 requirements.txt

diff --git a/config.yaml.example b/config.yaml.example
new file mode 100644
index 0000000..0dbf2b2
--- /dev/null
+++ b/config.yaml.example
@@ -0,0 +1,7 @@
+api_key: "your_opnsense_api_key"
+api_secret: "your_opnsense_api_secret"
+host: "https://your-opnsense.local"
+certificate_search: "example.com"
+output_directory: "./certs"
+output_filename: "cert.cert"
+export_format: "crt" # crt or prv
diff --git a/export_cert.py b/export_cert.py
new file mode 100644
index 0000000..7a4545d
--- /dev/null
+++ b/export_cert.py
@@ -0,0 +1,62 @@
+import requests
+import yaml
+import os
+import sys
+from requests.auth import HTTPBasicAuth
+
+def load_config(config_path):
+    with open(config_path, 'r') as f:
+        return yaml.safe_load(f)
+
+def search_certificates(config):
+    url = f"{config['host']}/api/trust/cert/search"
+    payload = {
+        "searchPhrase": config['certificate_search']
+    }
+    response = requests.post(url, json=payload, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
+    response.raise_for_status()
+    return response.json().get("rows", [])
+
+def export_certificate(config, uuid):
+    url = f"{config['host']}/api/trust/cert/generate_file/{uuid}/{config['export_format']}"
+    response = requests.post(url, auth=HTTPBasicAuth(config['api_key'], config['api_secret']))
+    response.raise_for_status()
+    return response.json().get("payload")
+
+def save_certificate(cert_data, filename, output_dir):
+    os.makedirs(output_dir, exist_ok=True)
+    filepath = os.path.join(output_dir, filename)
+    with open(filepath, 'w') as f:
+        f.write(cert_data)
+    print(f"Zertifikat saved.")
+
+def main():
+    if len(sys.argv) != 2:
+        print("Usage: python export_cert.py <config.yaml>")
+        sys.exit(1)
+
+    ### Load Config ###
+    config = load_config(sys.argv[1])
+    
+    ### check cert options ###
+    if config['export_format'] not in ['crt', 'prv']:
+        print(f"Invalid export format. Possible options are crt or prv.")
+        sys.exit(1)
+    
+    ### Search Certificates ###
+    certificates = search_certificates(config)
+    if len(certificates) > 1:
+        print(f"Search results in more then one certificate. Please adjust your search to only return a single one.")
+        sys.exit(1)
+    if len(certificates) == 0:
+        print(f"No certificate found with search phrase: {config['certificate_search']}")
+        sys.exit(1)
+        
+    certificate_uuid = certificates[0]['uuid']
+    
+    ### Get Certificate by uuid ###
+    certificate_data = export_certificate(config, certificate_uuid)
+    save_certificate(certificate_data, 'cert.crt', config['output_directory'])
+
+if __name__ == "__main__":
+    main()
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..13f8339
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,6 @@
+certifi==2025.4.26
+charset-normalizer==3.4.2
+idna==3.10
+PyYAML==6.0.2
+requests==2.32.3
+urllib3==2.4.0