#!/usr/bin/python3

from pyasn1_modules import pem, rfc2459
from pyasn1.codec.der import decoder
from pyasn1.type import univ
import sys
import os
import subprocess

def main():
   for root, _, files in os.walk(sys.argv[1]):
      for filename in files:
         if filename == 'cert.pem':
            certname = os.path.join(root, filename)
            altnames = parse_cert(certname)
            for altname in altnames:
               subprocess.Popen(["ldns-dane", "create", "-c", certname,
                                 altname, "443", "3", "1", "1"])
      

   
def parse_cert(fname):
   names = []
   with open(fname) as fhd:
      bits = pem.readPemFromFile(fhd)
      cert = decoder.decode(bits, asn1Spec=rfc2459.Certificate())[0]
      extensions = cert['tbsCertificate']['extensions']
      for extension in extensions:
         if extension['extnID'] != univ.ObjectIdentifier('2.5.29.17'):
            continue

         data = extension['extnValue'].asOctets()
         altnames = decoder.decode(data)[0]
         altnames = decoder.decode(altnames, asn1Spec=rfc2459.SubjectAltName())[0]
         for altname in altnames:
            result = altname['dNSName']
            if result is not None:
               names.append(str(result))

   return names
         

if __name__ == '__main__':
   main()