X-Git-Url: https://git.siccegge.de//index.cgi?p=tooling%2Fletool.git;a=blobdiff_plain;f=bin%2Fupdate;fp=bin%2Fupdate;h=ae6f208811ae118bfdcc0cc3c05b3c1c3d8cb288;hp=0000000000000000000000000000000000000000;hb=51cfaa176a021af7f611f3ffe024bafc99b696d0;hpb=e1de0bea6b56b5245178cedf4610f3d19e20f894

diff --git a/bin/update b/bin/update
new file mode 100755
index 0000000..ae6f208
--- /dev/null
+++ b/bin/update
@@ -0,0 +1,65 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# (C) Christoph Egger <christoph@christoph-egger.org>
+
+from __future__ import print_function
+
+import glob
+import datetime
+import logging
+import sys
+import os
+
+from IPython import embed
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+
+sys.path.append(os.path.expanduser("~"))
+from sicceggetools.inventory      import Inventory
+from sicceggetools.acme.settings  import Settings
+from sicceggetools.acme.constants import SERVICETYPES
+from sicceggetools.acme.client    import Client
+
+def find_old_certificates():
+    now = datetime.datetime.now()
+    result = dict()
+    for stype in SERVICETYPES:
+        result[stype] = []
+        for cert in glob.glob("certs/%s/*/cert.pem" % stype):
+            with open(cert) as pem:
+                certdata = x509.load_pem_x509_certificate(pem.read(), default_backend())
+    
+                if (certdata.not_valid_after - now) < datetime.timedelta(days=30):
+                    for attribute in certdata.subject:
+                        if attribute.oid == x509.OID_COMMON_NAME:
+                            result[stype].append((cert, attribute.value))
+                            break
+    
+    return result
+
+
+
+def main():
+    logging.getLogger().setLevel(logging.INFO)
+    
+    # parser = argparse.ArgumentParser()
+    # parser.add_argument('--servicetype', '-s', type=str)
+    # parser.add_argument('certificate', type=str)
+    # args = parser.parse_args()
+
+    inventory = Inventory("config/inventory.yaml")
+    settings = Settings("config/settings.yaml")
+
+    oldcerts = find_old_certificates()
+    
+    for stype in SERVICETYPES:
+        for path, name in oldcerts[stype]:
+            print(path, name)
+
+            client = Client(inventory, settings);
+            client.get_certificate(name, stype)
+
+
+if __name__ == '__main__':
+    main()