#!/usr/bin/env python3

import os as _os
import json as _json
import argparse as _argparse


def file_read(path):
	handle = open(path, "r")
	content = handle.read()
	handle.close()
	return content
	

def main():
	## args
	argument_parser = _argparse.ArgumentParser()
	argument_parser.add_argument(
		"-c",
		"--conf-path",
		type = str,
		dest = "conf_path",
		metavar = "<conf-path>",
		default = "./tls-renew-conf.json",
	)
	argument_parser.add_argument(
		type = str,
		dest = "domain_base",
		metavar = "<domain-base>",
	)
	argument_parser.add_argument(
		type = str,
		dest = "domain_path",
		metavar = "<domain-path>",
	)
	argument_parser.add_argument(
		"-t",
		"--target-directory",
		dest = "target_directory",
		type = str,
		metavar = "<target-directory>",
		default = "/etc/ssl",
	)
	argument_parser.add_argument(
		"-x",
		"--challenge-prefix",
		dest = "challenge_prefix",
		type = str,
		metavar = "<challenge-prefix>",
		default = "_acme-challenge",
		help = "which subdomain to use for ACME challanges",
	)
	argument_parser.add_argument(
		"-w",
		"--delay",
		dest = "delay",
		type = float,
		default = 60.0,
		metavar = "<delay>",
		help = "seconds to wait at end of certbot auth hook",
	)
	args = argument_parser.parse_args()
	
	
	## vars
	conf = _json.loads(file_read(args.conf_path))
	domain = (args.domain_base + args.domain.path)
	
	## exec
	command_hook_parts = [
		("/usr/local/bin/inwx"),
		("--username='%s'" % conf["inwx_account"]["username"]),
		("--password='%s'" % conf["inwx_account"]["password"]),
		("--challenge-prefix='%s'" % args.challenge_prefix),
		("--delay=%.4f" % args.delay),
		("save"),
		(args.domain_base),
		("_acme-challenge.%s" % args.domain.path),
		("TXT"),
		("'\${CERTBOT_VALIDATION}'"),
	]
	command_hook = " ".join(command_hook_parts)
	
	command_certbot_parts = [
		("certbot"),
		("--email='%s'" % conf["acme_account"]["email"]),
		("--work-dir='%s'" % conf["misc"]["working_directory"]),
		("--preferred-challenges='dns'"),
		("--non-interactive"),
		("--key-path='%s'" % _os.path.join(args.target_directory, "private", "%s.pem" % domain)),
		("--cert-path='%s'" % _os.path.join(args.target_directory, "certs", "%s.pem" % domain)),
		("--chain-path='%s'" % _os.path.join(args.target_directory, "chains", "%s.pem" % domain)),
		("--fullchain-path='%s'" % _os.path.join(args.target_directory, "fullchains", "%s.pem" % domain)),
		("--domain='%s'" % domain),
		("--manual-auth-hook='%s'" % command_hook),
		("renew"),
	]
	command_certbot = " ".join(command_certbot_parts)
	
	_os.system(command_certbot)
	

main()