#!/usr/bin/env python3

import sys
import os
import central_sdi
from central_sdi import certs

if __name__ == '__main__':
    if len(sys.argv) < 2 or sys.argv[1] != '0':
        exit(0)

    tls_digest = os.environ.get('tls_digest_0')
    if not tls_digest:
        raise ValueError(f'unexpected value for tls_digest_0: {tls_digest}')

    central_sdi.init()
    env = central_sdi.env
    logger = env.logger

    cert = certs.CertManager(cert_cfg=certs.cert_cfg_default(certs.cert_cfg_load())).get_cert_by_fingerprint(tls_digest)
    if cert is None or cert.revoked:
        logger.warning(f'fingerprint={tls_digest} VPN client connection failed - tls verification failed')
        exit(1)
