#!/usr/bin/env python3

import sys as _sys
import os as _os
import json as _json
import pathlib as _pathlib
import argparse as _argparse


def file_read(path):
	handle = open(path, "r")
	content = handle.read()
	handle.close()
	return content
	

def main():
	## args
	argument_parser = _argparse.ArgumentParser()
	argument_parser.add_argument(
		"-c",
		"--conf-path",
		type = str,
		dest = "conf_path",
		metavar = "<conf-path>",
		default = _os.path.join(str(_pathlib.Path.home()), ".tls-get-conf.json"),
	)
	argument_parser.add_argument(
		dest = "domain",
		metavar = "<domain>",
		help = "the domain for which the TLS certificate shall be generated"
	)
	argument_parser.add_argument(
		"-t",
		"--target-directory",
		dest = "target_directory",
		type = str,
		metavar = "<target-directory>",
		default = "/etc/ssl",
	)
	argument_parser.add_argument(
		"-x",
		"--challenge-prefix",
		dest = "challenge_prefix",
		type = str,
		metavar = "<challenge-prefix>",
		default = "_acme-challenge",
		help = "which subdomain to use for ACME challanges",
	)
	argument_parser.add_argument(
		"-w",
		"--delay",
		dest = "delay",
		type = float,
		default = 60.0,
		metavar = "<delay>",
		help = "seconds to wait at end of certbot auth hook",
	)
	argument_parser.add_argument(
		"-q",
		"--dry-run",
		dest = "dry_run",
		action = "store_true",
		default = False,
		help = "whether to only print the command on stdout instead of executing it",
	)
	args = argument_parser.parse_args()
	
	## vars
	conf = _json.loads(file_read(args.conf_path))
	le_dir = "/etc/letsencrypt/live"
	
	## exec
	command_certbot = " ".join(
		[
			"certbot",
			"certonly",
			("--email='%s'" % conf["acme_account"]["email"]),
			# ("--work-dir='%s'" % conf["misc"]["working_directory"]),
			"--preferred-challenges='dns'",
			"--non-interactive",
			"--agree-tos",
			("--domain='%s'" % args.domain),
			"--manual",
			(
				"--manual-auth-hook='%s'"
				% " ".join(
					[
						"/usr/local/bin/inwx",
						("--username=\"%s\"" % conf["inwx_account"]["username"]),
						("--password=\"%s\"" % conf["inwx_account"]["password"]),
						"certbot-hook",
						("--delay=%.4f" % args.delay),
					]
				)
			),
			(
				"--post-hook='%s'"
				% " ".join(
					[
						"/usr/local/bin/inwx",
						("--username=\"%s\"" % conf["inwx_account"]["username"]),
						("--password=\"%s\"" % conf["inwx_account"]["password"]),
						"delete",
						("--domain=\"%s\"" % (args.challenge_prefix + "." + args.domain)),
						("--type=\"TXT\""),
					]
				)
			),
		]
	)
	if (args.dry_run):
		_sys.stdout.write(command_certbot + "\n")
	else:
		_os.system(command_certbot)
		subjects = [
			{"source_name": "privkey", "target_directory": "private"},
			{"source_name": "cert", "target_directory": "certs"},
			{"source_name": "chain", "target_directory": "chains"},
			{"source_name": "fullchain", "target_directory": "fullchains"},
		]
		for subject in subjects:
			_os.system(
				"mkdir --parents %s && cp --dereference %s %s"
				% (
					_os.path.join(args.target_directory, subject["target_directory"]),
					_os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]),
					_os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain),
				)
			)
	

main()