]> git.siccegge.de Git - tooling/letool.git/blob - bin/update
projects / tooling / letool.git / blob
? search:


ae6f208811ae118bfdcc0cc3c05b3c1c3d8cb288
[tooling/letool.git] / bin / update
1 #!/usr/bin/python
2 # -*- coding: utf-8 -*-
3 # (C) Christoph Egger <christoph@christoph-egger.org>
4
5 from __future__ import print_function
6
7 import glob
8 import datetime
9 import logging
10 import sys
11 import os
12
13 from IPython import embed
14
15 from cryptography import x509
16 from cryptography.hazmat.backends import default_backend
17
18 sys.path.append(os.path.expanduser("~"))
19 from sicceggetools.inventory import Inventory
20 from sicceggetools.acme.settings import Settings
21 from sicceggetools.acme.constants import SERVICETYPES
22 from sicceggetools.acme.client import Client
23
24 def find_old_certificates():
25 now = datetime.datetime.now()
26 result = dict()
27 for stype in SERVICETYPES:
28 result[stype] = []
29 for cert in glob.glob("certs/%s/*/cert.pem" % stype):
30 with open(cert) as pem:
31 certdata = x509.load_pem_x509_certificate(pem.read(), default_backend())
32
33 if (certdata.not_valid_after - now) < datetime.timedelta(days=30):
34 for attribute in certdata.subject:
35 if attribute.oid == x509.OID_COMMON_NAME:
36 result[stype].append((cert, attribute.value))
37 break
38
39 return result
40
41
42
43 def main():
44 logging.getLogger().setLevel(logging.INFO)
45
46 # parser = argparse.ArgumentParser()
47 # parser.add_argument('--servicetype', '-s', type=str)
48 # parser.add_argument('certificate', type=str)
49 # args = parser.parse_args()
50
51 inventory = Inventory("config/inventory.yaml")
52 settings = Settings("config/settings.yaml")
53
54 oldcerts = find_old_certificates()
55
56 for stype in SERVICETYPES:
57 for path, name in oldcerts[stype]:
58 print(path, name)
59
60 client = Client(inventory, settings);
61 client.get_certificate(name, stype)
62
63
64 if __name__ == '__main__':
65 main()