#!/bin/bash
set -e -u
# shellcheck source=common.sh
. "${0%/*}/common.sh"

fqdn="$(rnd 10).$(rnd 10)"
name="${fqdn%%.*}"
init

ucr set ssl/host/extensions="${0%/*}/../extensions-example.sh"
gencert "${fqdn}" "${fqdn}"

list_cert_names | grep -F -e "${fqdn}"
[ 01 = "$(has_valid_cert "${fqdn}")" ]
univention-certificate dump -name "${fqdn}"

python3 -c '
from cryptography import x509
from cryptography.x509.oid import ExtensionOID
from sys import argv, exit

with open(argv[1], "rb") as cert_file:
    c = x509.load_pem_x509_certificate(cert_file.read())

e = c.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
a = e.value.get_values_for_type(x509.DNSName)

print("\n".join(a))
exit(0 if set(a) == set(argv[2:]) else 1)
' "${SSLBASE}/${fqdn}/cert.pem" "$name" "$fqdn"

:
