#!/usr/bin/env python3

import sys, os, platform, subprocess, re, argparse

# only support linux / Debian, Ubuntu / nginx, apache2
platform_system_support = ['Linux']
platform_version_support = ['DEBIAN', 'UBUNTU']
server_support = ['NGINX', "APACHE2"]

re_domain = r'^(?=.{1,253}$)(?!.*\.\..*)(?!\..*)([a-zA-Z0-9-]{,63}\.){,127}[a-zA-Z0-9-]{1,63}$'

def check_server_version() -> str:

	a = subprocess.call("sudo apache2 -v", shell=True)
	if not a:
		return "APACHE2"

	n = subprocess.call("sudo nginx -v", shell=True)
	if not n:
		return "NGINX"

	return None

def check_distribution_version() -> str:

	dist = platform.version().lower()

	if 'debian' in dist:
		return "DEBIAN"

	if 'ubuntu' in dist:
		return "UBUNTU"

	return None

def sanity_check_system():

	# check platform
	if platform.system() not in platform_system_support:
		sys.exit(f"Platform {platform.system()} not supported. Aborting...")

	dist = check_distribution_version()
	if not dist:
		sys.exit("OS distribution not supported. Aborting...")

	sv = check_server_version()
	if not sv:
		sys.exit("Server distribution not supported. Aborting...")

	if dist in platform_version_support and sv == "APACHE2":
		# check apache2 (ubuntu or debian)
		u = os.path.exists('/etc/apache2/sites-available/')
		if not u:
			sys.exit(f"Apache2 ({dist}) not installed on your system. Aborting...")

	if dist in platform_version_support and sv in server_support:
		# check apache2 (ubuntu or debian)
		u = os.path.exists(f'/etc/{sv.lower()}/sites-available/')
		if not u:
			sys.exit(f"{sv} ({dist}) not installed on your system. Aborting...")

	return sv, dist

def cert_add(domains, sv: str, dist: str):

	dms = []
	for d in domains:
		if re.match(re_domain, d) is None:
			print("Invalid domain name: " + d + " -> pass")
			continue
		dms.append(d)

	if sv == "APACHE2":
		certbot_args = ['sudo', 'certbot', '--apache', 'certonly', '-d']

	if sv == "NGINX":
		certbot_args = ['sudo', 'certbot', '--nginx', 'certonly', '-d']

	certbot_args.extend(dms)

	subprocess.call(certbot_args)

def cert_remove(domain):
	subprocess.call(['sudo', 'cerbot', 'delete', '--cert-name', domain])

if __name__ == "__main__":

	p = argparse.ArgumentParser(description='cerbot helper')
	p.add_argument('domain', metavar="domain", help="vhost domain(s)", nargs="+")
	g = p.add_mutually_exclusive_group()
	g.add_argument('-a', '--add', action='store_true', help="adds cert for given domain(s)")
	g.add_argument('-r', '--remove', action='store_true', help="removes cert for given domain(s)")

	args = p.parse_args()

	sv, dist = sanity_check_system()

	if args.add:
		cert_add(args.domain, sv, dist)
	elif args.remove:
		cert_remove(args.domain)

	print('done.')