2021-11-03 20:28:40 +00:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
import argparse,json
|
|
|
|
|
|
|
|
parser = argparse.ArgumentParser(description='Traefik acme.json key and cert extractor utility.')
|
|
|
|
parser.add_argument('filepath', metavar='<filepath>', help='Path to acme.json')
|
|
|
|
parser.add_argument('fqdn', metavar='<FQDN>', help="FQDN to match in a certificates 'main' or 'sans' field")
|
|
|
|
|
|
|
|
# Only one of these options can be used at a time, `const` is the key value that will be queried:
|
|
|
|
key_or_cert = parser.add_mutually_exclusive_group(required=True)
|
|
|
|
key_or_cert.add_argument('--key', dest='requested', action='store_const', const='key', help='Output the key data to stdout')
|
|
|
|
key_or_cert.add_argument('--cert', dest='requested', action='store_const', const='certificate', help='Output the cert data to stdout')
|
|
|
|
|
|
|
|
args = parser.parse_args()
|
|
|
|
|
|
|
|
def has_fqdn(domains, fqdn):
|
|
|
|
main = domains.get('main', '')
|
|
|
|
sans = domains.get('sans', [])
|
|
|
|
return main == fqdn or fqdn in sans
|
|
|
|
|
|
|
|
# Searches the acme.json data for the target FQDN,
|
|
|
|
# upon a match returns the requested key or cert:
|
|
|
|
def retrieve_data():
|
|
|
|
with open(args.filepath) as json_file:
|
|
|
|
acme_data = json.load(json_file)
|
|
|
|
for key, value in acme_data.items():
|
|
|
|
try:
|
|
|
|
certs = value['Certificates'] or []
|
|
|
|
for cert in certs:
|
|
|
|
if has_fqdn(cert['domain'], args.fqdn):
|
|
|
|
return cert[args.requested]
|
|
|
|
# One of the expected keys is missing.. return an empty result
|
|
|
|
# Certificates: [{domain: [main, sans], key, certificate}]
|
|
|
|
except KeyError:
|
|
|
|
return None
|
|
|
|
|
|
|
|
# No match == 'None', we convert to empty string for
|
2022-02-21 10:56:57 +00:00
|
|
|
# existing error handling:
|
2021-11-03 20:28:40 +00:00
|
|
|
result = retrieve_data() or ''
|
|
|
|
print(result)
|