From 39b8d121b4867c667194369f17946be8ebb06e8b Mon Sep 17 00:00:00 2001
From: crupest <crupest@outlook.com>
Date: Sun, 27 Nov 2022 11:43:19 +0800
Subject: Add basic function for checking ssl certs.

---
 tool/modules/nginx.py | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'tool/modules/nginx.py')

diff --git a/tool/modules/nginx.py b/tool/modules/nginx.py
index 08c8e1d..9c51d66 100755
--- a/tool/modules/nginx.py
+++ b/tool/modules/nginx.py
@@ -1,12 +1,15 @@
 #!/usr/bin/env python3
 
 from .template import Template
-from .path import project_abs_path, nginx_template_dir
+from .path import *
 import json
 import jsonschema
 import os
 import os.path
 import shutil
+from cryptography.x509 import *
+from cryptography.x509.oid import ExtensionOID
+
 
 with open(os.path.join(nginx_template_dir, 'server.json')) as f:
     server = json.load(f)
@@ -141,3 +144,25 @@ def nginx_config_dir_check(dir_path: str, domain: str) -> list:
         if basename not in good_files:
             bad_files.append(basename)
     return bad_files
+
+
+def get_cert_path(root_domain):
+    return os.path.join(data_dir, "certbot", "certs", "live", root_domain, "fullchain.pem")
+
+
+def get_cert_domains(cert_path, root_domain):
+
+    if not os.path.exists(cert_path):
+        return None
+
+    if not os.path.isfile(cert_path):
+        return None
+
+    with open(cert_path, 'rb') as f:
+        cert = load_pem_x509_certificate(f.read())
+        ext = cert.extensions.get_extension_for_oid(
+            ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+        domains: list = ext.value.get_values_for_type(DNSName)
+        domains.remove(root_domain)
+        domains = [root_domain, *domains]
+        return domains
-- 
cgit v1.2.3