--- /dev/null
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# (C) Christoph Egger <christoph@christoph-egger.org>
+
+from __future__ import print_function
+
+import glob
+import datetime
+import logging
+import sys
+import os
+
+from IPython import embed
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+
+sys.path.append(os.path.expanduser("~"))
+from sicceggetools.inventory import Inventory
+from sicceggetools.acme.settings import Settings
+from sicceggetools.acme.constants import SERVICETYPES
+from sicceggetools.acme.client import Client
+
+def find_old_certificates():
+ now = datetime.datetime.now()
+ result = dict()
+ for stype in SERVICETYPES:
+ result[stype] = []
+ for cert in glob.glob("certs/%s/*/cert.pem" % stype):
+ with open(cert) as pem:
+ certdata = x509.load_pem_x509_certificate(pem.read(), default_backend())
+
+ if (certdata.not_valid_after - now) < datetime.timedelta(days=30):
+ for attribute in certdata.subject:
+ if attribute.oid == x509.OID_COMMON_NAME:
+ result[stype].append((cert, attribute.value))
+ break
+
+ return result
+
+
+
+def main():
+ logging.getLogger().setLevel(logging.INFO)
+
+ # parser = argparse.ArgumentParser()
+ # parser.add_argument('--servicetype', '-s', type=str)
+ # parser.add_argument('certificate', type=str)
+ # args = parser.parse_args()
+
+ inventory = Inventory("config/inventory.yaml")
+ settings = Settings("config/settings.yaml")
+
+ oldcerts = find_old_certificates()
+
+ for stype in SERVICETYPES:
+ for path, name in oldcerts[stype]:
+ print(path, name)
+
+ client = Client(inventory, settings);
+ client.get_certificate(name, stype)
+
+
+if __name__ == '__main__':
+ main()