#!/usr/bin/env python3

import sys as _sys
import os as _os
import json as _json
import argparse as _argparse


def file_read(path):
	handle = open(path, "r")
	content = handle.read()
	handle.close()
	return content
	

def main():
	## args
	argument_parser = _argparse.ArgumentParser()
	argument_parser.add_argument(
		"-c",
		"--conf-path",
		type = str,
		dest = "conf_path",
		metavar = "<conf-path>",
		default = _os.path.join(_os.environ["HOME"], ".tls-renew-conf.json"),
	)
	argument_parser.add_argument(
		type = str,
		dest = "domain",
		metavar = "<domain>",
	)
	argument_parser.add_argument(
		"-t",
		"--target-directory",
		dest = "target_directory",
		type = str,
		metavar = "<target-directory>",
		default = "/etc/ssl",
	)
	argument_parser.add_argument(
		"-x",
		"--challenge-prefix",
		dest = "challenge_prefix",
		type = str,
		metavar = "<challenge-prefix>",
		default = "_acme-challenge",
		help = "which subdomain to use for ACME challanges",
	)
	argument_parser.add_argument(
		"-w",
		"--delay",
		dest = "delay",
		type = float,
		default = 60.0,
		metavar = "<delay>",
		help = "seconds to wait at end of certbot auth hook",
	)
	argument_parser.add_argument(
		"-q",
		"--dry-run",
		dest = "dry_run",
		action = "store_true",
		default = False,
		help = "whether to only print the command on stdout instead of executing it",
	)
	args = argument_parser.parse_args()
	
	
	## vars
	conf = _json.loads(file_read(args.conf_path))
	le_dir = "/etc/letsencrypt/live"
	
	## exec
	command_hook_parts = [
		("/usr/local/bin/inwx"),
		("--username=\"%s\"" % conf["inwx_account"]["username"]),
		("--password=\"%s\"" % conf["inwx_account"]["password"]),
		("certbot-hook")
	]
	command_hook = " ".join(command_hook_parts)
	
	command_certbot_parts = [
		("certbot"),
		("certonly"),
		("--email='%s'" % conf["acme_account"]["email"]),
		# ("--work-dir='%s'" % conf["misc"]["working_directory"]),
		("--preferred-challenges='dns'"),
		("--non-interactive"),
		("--agree-tos"),
		("--domain='%s'" % args.domain),
		("--manual"),
		("--manual-auth-hook='%s'" % command_hook),
		# ("--key-path='%s'" % _os.path.join(args.target_directory, "private", "%s.pem" % args.domain)),
		# ("--cert-path='%s'" % _os.path.join(args.target_directory, "certs", "%s.pem" % args.domain)),
		# ("--chain-path='%s'" % _os.path.join(args.target_directory, "chains", "%s.pem" % args.domain)),
		# ("--fullchain-path='%s'" % _os.path.join(args.target_directory, "fullchains", "%s.pem" % args.domain)),
	]
	command_certbot = " ".join(command_certbot_parts)
	
	if (args.dry_run):
		_sys.stdout.write(command_certbot + "\n")
	else:
		_os.system(command_certbot)
		_os.system(
			"mkdir --parents %s && cp --dereference %s %s"
			% (
				_os.path.join(args.target_directory, "private"),
				_os.path.join(le_dir, args.domain, "privkey.pem"),
				_os.path.join(args.target_directory, "private", "%s.pem" % args.domain),
			)
		)
		_os.system(
			"mkdir --parents %s && cp --dereference %s %s"
			% (
				_os.path.join(args.target_directory, "certs"),
				_os.path.join(le_dir, args.domain, "cert.pem"),
				_os.path.join(args.target_directory, "certs", "%s.pem" % args.domain),
			)
		)
		_os.system(
			"mkdir --parents %s && cp --dereference %s %s"
			% (
				_os.path.join(args.target_directory, "chains"),
				_os.path.join(le_dir, args.domain, "chain.pem"),
				_os.path.join(args.target_directory, "chains", "%s.pem" % args.domain),
			)
		)
		_os.system(
			"mkdir --parents %s && cp --dereference %s %s"
			% (
				_os.path.join(args.target_directory, "fullchains"),
				_os.path.join(le_dir, args.domain, "fullchain.pem"),
				_os.path.join(args.target_directory, "fullchains", "%s.pem" % args.domain),
			)
		)
	

main()