#!python3
# dlitz 2025

import fcntl
import re
import subprocess
from contextlib import ExitStack, contextmanager

from .ssl_util import SSLUtil

if __name__ == '__main__':
    from argparse import ArgumentParser
    from pathlib import Path
    import getpass
    import sys

    parser = ArgumentParser(
        description="push TLS privkey & certificate to MikroTik RouterOS router"
    )
    parser.add_argument(
        "-k", "--privkey", type=Path, required=True, help="private key file"
    )
    parser.add_argument("--cert", type=Path, required=True, help="certificate file")
    parser.add_argument(
        "--chain", type=Path, help="separate certificate chain file (optional)"
    )
    parser.add_argument("-o", "--output", type=Path, help="output file")
    args = parser.parse_args()

    privkey_data = args.privkey.read_text()
    cert_data = args.cert.read_text()
    chain_data = args.chain.read_text() if args.chain is not None else None

    key_passphrase = getpass.getpass("set the passphrase:")

    pkcs12_data = SSLUtil().export_pkcs12(
        privkey_data=privkey_data,
        cert_data=cert_data,
        chain_data=chain_data,
        passphrase=key_passphrase,
    )

    if args.output:
        args.output.write_bytes(pkcs12_data)
    else:
        sys.stdout.buffer.write(pkcs12_data)