snapshot

mtik_cert_pusher/pkcs12_export.py

@@ -0,0 +1,46 @@
+#!python3
+# dlitz 2025
+
+import fcntl
+import re
+import subprocess
+from contextlib import ExitStack, contextmanager
+
+from .ssl_util import SSLUtil
+
+if __name__ == '__main__':
+    from argparse import ArgumentParser
+    from pathlib import Path
+    import getpass
+    import sys
+
+    parser = ArgumentParser(
+        description="push TLS privkey & certificate to MikroTik RouterOS router"
+    )
+    parser.add_argument(
+        "-k", "--privkey", type=Path, required=True, help="private key file"
+    )
+    parser.add_argument("--cert", type=Path, required=True, help="certificate file")
+    parser.add_argument(
+        "--chain", type=Path, help="separate certificate chain file (optional)"
+    )
+    parser.add_argument("-o", "--output", type=Path, help="output file")
+    args = parser.parse_args()
+
+    privkey_data = args.privkey.read_text()
+    cert_data = args.cert.read_text()
+    chain_data = args.chain.read_text() if args.chain is not None else None
+
+    key_passphrase = getpass.getpass("set the passphrase:")
+
+    pkcs12_data = SSLUtil().export_pkcs12(
+        privkey_data=privkey_data,
+        cert_data=cert_data,
+        chain_data=chain_data,
+        passphrase=key_passphrase,
+    )
+
+    if args.output:
+        args.output.write_bytes(pkcs12_data)
+    else:
+        sys.stdout.buffer.write(pkcs12_data)