]>
git.siccegge.de Git - tooling/letool.git/blob - bin/update
bd99b1440271dae897652c1801b5d90e67e2f10c
2 # -*- coding: utf-8 -*-
3 # (C) Christoph Egger <christoph@christoph-egger.org>
5 from __future__
import print_function
13 from cryptography
import x509
14 from cryptography
.hazmat
.backends
import default_backend
16 sys
.path
.append(os
.path
.expanduser("~"))
17 from sicceggetools
.inventory
import Inventory
18 from sicceggetools
.acme
.settings
import Settings
19 from sicceggetools
.acme
.constants
import SERVICETYPES
20 from sicceggetools
.acme
.client
import Client
22 def find_old_certificates():
23 now
= datetime
.datetime
.now()
25 for stype
in SERVICETYPES
:
27 for cert
in glob
.glob("certs/%s/*/cert.pem" % stype
):
28 with
open(cert
) as pem
:
29 certdata
= x509
.load_pem_x509_certificate(pem
.read(), default_backend())
31 if (certdata
.not_valid_after
- now
) < datetime
.timedelta(days
=30):
32 for attribute
in certdata
.subject
:
33 if attribute
.oid
== x509
.OID_COMMON_NAME
:
34 result
[stype
].append((cert
, attribute
.value
))
42 logging
.getLogger().setLevel(logging
.INFO
)
44 # parser = argparse.ArgumentParser()
45 # parser.add_argument('--servicetype', '-s', type=str)
46 # parser.add_argument('certificate', type=str)
47 # args = parser.parse_args()
49 inventory
= Inventory("config/inventory.yaml")
50 settings
= Settings("config/settings.yaml")
52 oldcerts
= find_old_certificates()
54 for stype
in SERVICETYPES
:
55 for path
, name
in oldcerts
[stype
]:
56 logging
.info("Renewing Certificate: %s", name
)
58 client
= Client(inventory
, settings
);
59 client
.get_certificate(name
, stype
)
60 except Exception as e
:
61 logging
.exception("Couldnt renew")
63 if __name__
== '__main__':