1
0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-07 18:25:25 +01:00

Merge pull request #1 from davidklaftenegger/master

Add minor functionality and code comments
This commit is contained in:
Markus 2016-01-10 16:04:52 +01:00
parent c494fc3ba7
commit c0d88779ca

View File

@ -6,7 +6,6 @@
import datetime import datetime
import dateutil
import dateutil.parser import dateutil.parser
import dateutil.relativedelta import dateutil.relativedelta
import os import os
@ -20,6 +19,10 @@ ACME_CONF=ACME_DIR + "acme.conf"
ACME_CONFD=ACME_DIR + "domains.d/" ACME_CONFD=ACME_DIR + "domains.d/"
# @brief check whether existing certificate is still valid or expiring soon
# @param domain string containing the domain name
# @param settings the domain's configuration options
# @return True if certificate is still valid for a while, False otherwise
def cert_isValid(domain, settings): def cert_isValid(domain, settings):
crt_file = ACME_DIR + domain + ".crt" crt_file = ACME_DIR + domain + ".crt"
if not os.path.isfile(crt_file): if not os.path.isfile(crt_file):
@ -40,15 +43,20 @@ def cert_isValid(domain, settings):
else: else:
raise "No notAfter date found, something seems wrong!" raise "No notAfter date found, something seems wrong!"
if valid_from > datetime.datetime.now(): now = datetime.datetime.now()
if valid_from > now:
raise "A Certificate seems to be from the future, something seems wrong!" raise "A Certificate seems to be from the future, something seems wrong!"
if valid_to < datetime.datetime.now() + dateutil.relativedelta.relativedelta(days=+15): expiry_limit = now + dateutil.relativedelta.relativedelta(days=+15)
if valid_to < expiry_limit:
return False return False
return True return True
# @brief fetch new certificate from letsencrypt
# @param domain string containing the domain name
# @param settings the domain's configuration options
def cert_get(domain, settings): def cert_get(domain, settings):
key_file = ACME_DIR + "server.key" key_file = ACME_DIR + "server.key"
@ -64,6 +72,17 @@ def cert_get(domain, settings):
# TODO restart/reload service(s) # TODO restart/reload service(s)
# @brief augment configuration with defaults
# @param domainconfig the domain configuration
# @param defaults the default configuration
# @return the augmented configuration
def complete_config(domainconfig, defaults):
for name, value in defaults.iteritems():
if name not in domainconfig:
domainconfig[name] = value
return domainconfig
if __name__ == "__main__": if __name__ == "__main__":
# load global configuration # load global configuration
if os.path.isfile(ACME_CONF): if os.path.isfile(ACME_CONF):
@ -73,6 +92,8 @@ if __name__ == "__main__":
config = {} config = {}
if 'domains' not in config: if 'domains' not in config:
config['domains'] = {} config['domains'] = {}
if 'defaults' not in config:
config['defaults'] = {}
# load domain configuration # load domain configuration
for config_file in os.listdir(ACME_CONFD): for config_file in os.listdir(ACME_CONFD):
@ -84,6 +105,7 @@ if __name__ == "__main__":
# TODO fill up configuration with defaults # TODO fill up configuration with defaults
# check certificate validity and obtain/renew certificates if needed # check certificate validity and obtain/renew certificates if needed
for domain in config['domains']: for domain, domaincfg in config['domains'].iteritems():
if not cert_isValid(domain, config['domains'][domain]): cfg = complete_config(domaincfg, config['defaults'])
cert_get(domain, config['domains'][domain]) if not cert_isValid(domain, cfg):
cert_get(domain, cfg)