#!/usr/bin/perl
# Generate a cert_override.txt entry for the Zentyal self-signed certificate.
# Copyright (C) 2011-2026 Zentyal S.L. Licensed under GPLv2+.

use strict;
use warnings;

use File::Temp qw(tempfile);
use MIME::Base64;

my $PROFILE = '.mozilla/firefox/ebox.default';
my $ID      = 'zentyal';
my $CERT    = '/var/lib/zentyal/conf/ssl/ssl.cert';

# Convert PEM to DER in a secure temp file
my ($fh, $tmpfile) = tempfile('ssl-der-XXXX', DIR => File::Spec->tmpdir(), UNLINK => 1);
close($fh);

system("openssl x509 -in $CERT -inform PEM -outform DER -out $tmpfile");

my $fp = `sha256sum $tmpfile | cut -d' ' -f1`;
chomp($fp);
$fp = uc($fp);
$fp =~ s/(..)/$1:/g;
chop($fp);

open(my $der_fh, '<:raw', $tmpfile) or die "Cannot read $tmpfile: $!";
my $der = do { local $/; <$der_fh> };
close($der_fh);

my $serial = `certutil -d $PROFILE -L -n "$ID" | grep Serial -A1 | tail -1 | cut -d' ' -f17`;
chomp($serial);

my @der_parts = split('0', $der);
my $issuer = '0' . $der_parts[4] . '0' . $der_parts[5];

my @serial_bytes = map { hex($_) } split(/:/, $serial);
$serial = pack("C" . scalar(@serial_bytes), @serial_bytes);

my $buf = '';
$buf .= pack("N", 0);
$buf .= pack("N", 0);
$buf .= pack("N", scalar(@serial_bytes));
$buf .= pack("N", length($issuer));
$buf .= $serial;
$buf .= $issuer;

my $key = encode_base64($buf);
my @key_bits = ( $key =~ /.{1,64}/gs );
$key = join("\t", @key_bits);

print "localhost:8443\tOID.2.16.840.1.101.3.4.2.1\t$fp\tMU\t$key";
