Some improvements

[tooling/letool.git] / bin / update

#!/usr/bin/python
# -*- coding: utf-8 -*-
# (C) Christoph Egger <christoph@christoph-egger.org>

from __future__ import print_function

import glob
import datetime
import logging
import sys
import os

from cryptography import x509
from cryptography.hazmat.backends import default_backend

sys.path.append(os.path.expanduser("~"))
from sicceggetools.inventory      import Inventory
from sicceggetools.acme.settings  import Settings
from sicceggetools.acme.constants import SERVICETYPES
from sicceggetools.acme.client    import Client

def find_old_certificates():
    now = datetime.datetime.now()
    result = dict()
    for stype in SERVICETYPES:
        result[stype] = []
        for cert in glob.glob("certs/%s/*/cert.pem" % stype):
            with open(cert) as pem:
                certdata = x509.load_pem_x509_certificate(pem.read(), default_backend())
    
                if (certdata.not_valid_after - now) < datetime.timedelta(days=30):
                    for attribute in certdata.subject:
                        if attribute.oid == x509.OID_COMMON_NAME:
                            result[stype].append((cert, attribute.value))
                            break
    
    return result



def main():
    logging.getLogger().setLevel(logging.INFO)
    
    # parser = argparse.ArgumentParser()
    # parser.add_argument('--servicetype', '-s', type=str)
    # parser.add_argument('certificate', type=str)
    # args = parser.parse_args()

    inventory = Inventory("config/inventory.yaml")
    settings = Settings("config/settings.yaml")

    oldcerts = find_old_certificates()
    
    for stype in SERVICETYPES:
        for path, name in oldcerts[stype]:
            logging.info("Renewing Certificate: %s", name)
            try:
                client = Client(inventory, settings);
                client.get_certificate(name, stype)
            except Exception as e:
                logging.exception("Couldnt renew")

if __name__ == '__main__':
    main()