From 363c69c9b80c8389293ed5b05653423f8b72a2b1 Mon Sep 17 00:00:00 2001
From: David Klaftenegger <david.klaftenegger@it.uu.se>
Date: Sun, 10 Jan 2016 15:43:11 +0100
Subject: [PATCH] Add minor functionality and code comments

---
 acertmgr.py | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/acertmgr.py b/acertmgr.py
index 29f6e98..16c69d0 100755
--- a/acertmgr.py
+++ b/acertmgr.py
@@ -6,7 +6,6 @@
 
 
 import datetime
-import dateutil
 import dateutil.parser
 import dateutil.relativedelta
 import os
@@ -20,6 +19,10 @@ ACME_CONF=ACME_DIR + "acme.conf"
 ACME_CONFD=ACME_DIR + "domains.d/"
 
 
+# @brief check whether existing certificate is still valid or expiring soon
+# @param domain string containing the domain name
+# @param settings the domain's configuration options
+# @return True if certificate is still valid for a while, False otherwise
 def cert_isValid(domain, settings):
 	crt_file = ACME_DIR + domain + ".crt"
 	if not os.path.isfile(crt_file):
@@ -40,15 +43,20 @@ def cert_isValid(domain, settings):
 		else:
 			raise "No notAfter date found, something seems wrong!"
 
-		if valid_from > datetime.datetime.now():
+		now = datetime.datetime.now()
+		if valid_from > now:
 			raise "A Certificate seems to be from the future, something seems wrong!"
 
-		if valid_to < datetime.datetime.now() + dateutil.relativedelta.relativedelta(days=+15):
+		expiry_limit = now + dateutil.relativedelta.relativedelta(days=+15)
+		if valid_to < expiry_limit:
 			return False
 
 		return True
 
 
+# @brief fetch new certificate from letsencrypt
+# @param domain string containing the domain name
+# @param settings the domain's configuration options
 def cert_get(domain, settings):
 	key_file = ACME_DIR + "server.key"
 
@@ -64,6 +72,17 @@ def cert_get(domain, settings):
 	# TODO restart/reload service(s)
 
 
+# @brief augment configuration with defaults
+# @param domainconfig the domain configuration
+# @param defaults the default configuration
+# @return the augmented configuration
+def complete_config(domainconfig, defaults):
+	for name, value in defaults.iteritems():
+		if name not in domainconfig:
+			domainconfig[name] = value
+	return domainconfig
+
+
 if __name__ == "__main__":
 	# load global configuration
 	if os.path.isfile(ACME_CONF):
@@ -73,6 +92,8 @@ if __name__ == "__main__":
 		config = {}
 	if 'domains' not in config:
 		config['domains'] = {}
+	if 'defaults' not in config:
+		config['defaults'] = {}
 
 	# load domain configuration
 	for config_file in os.listdir(ACME_CONFD):
@@ -84,6 +105,7 @@ if __name__ == "__main__":
 	# TODO fill up configuration with defaults
 
 	# check certificate validity and obtain/renew certificates if needed
-	for domain in config['domains']:
-		if not cert_isValid(domain, config['domains'][domain]):
-			cert_get(domain, config['domains'][domain])
+	for domain, domaincfg in config['domains'].iteritems():
+		cfg = complete_config(domaincfg, config['defaults'])
+		if not cert_isValid(domain, cfg):
+			cert_get(domain, cfg)