#!/usr/bin/env python3

import dbm
import sys
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
import hashlib

if len(sys.argv) < 2:
    print(f'{sys.argv[0]}: missing common name')
    sys.exit(1)

try:
    cert = x509.load_pem_x509_certificate(sys.stdin.buffer.read(), default_backend())
except:
    print(f'{sys.argv[0]}: invalid certificate')
    sys.exit(1)

with dbm.open('server/config/clients/fingerprints', 'c') as db:
    db[hashlib.sha256(cert.public_key().public_bytes(encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo)).digest()] = sys.argv[1]
    db.close()