/
handler.go
95 lines (72 loc) · 2.01 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package main
import (
"context"
"crypto/x509"
"encoding/pem"
"errors"
"io"
"io/ioutil"
"log"
"os"
"strings"
"time"
"github.com/aws/aws-lambda-go/lambda"
)
func handler(ctx context.Context, name interface{}) (interface{}, error) {
mailAddress := os.Getenv("CERT_UPDATER_MAIL_ADDRESS")
obtainDomains := strings.Split(os.Getenv("CERT_UPDATER_OBTAIN_DOMAINS"), ",")
certificateStoreBucket := os.Getenv("CERT_UPDATER_CERTIFICATE_BUCKET")
storageClient := NewStorage(certificateStoreBucket)
refreshDomains := []string{}
for _, domain := range obtainDomains {
existCert, err := storageClient.FetchCertificateFile(domain)
if err != nil {
refreshDomains = append(refreshDomains, domain)
log.Printf("[%s] Brand new domain. Certificate will create...\n", domain)
} else {
remain, err := GetCertificateRemainDay(existCert)
if err != nil {
log.Fatalf("[%s] Parsing certificate failed: %s", domain, err)
} else {
if remain <= 30 {
refreshDomains = append(refreshDomains, domain)
log.Printf("[%s] Remain %d days. Certificate will refresh...\n", domain, remain)
} else {
log.Printf("[%s] Remain %d days. Skip...\n", domain, remain)
}
}
}
}
certClient := NewCertificate()
for _, domain := range refreshDomains {
cert, err := certClient.ObtainCertificate(mailAddress, []string{domain})
if err != nil {
log.Fatal("obtain certificate failed: ", err)
}
err = storageClient.StoreCertificateFile(*cert)
if err != nil {
log.Fatal("store certificate failed: ", err)
}
}
return "OK", nil
}
func GetCertificateRemainDay(certReader io.Reader) (int, error) {
b, err := ioutil.ReadAll(certReader)
if err != nil {
return 0, err
}
p, _ := pem.Decode(b)
if p == nil {
return 0, errors.New("Certificate contents is empty or invalid")
}
cert, err := x509.ParseCertificate(p.Bytes)
if err != nil {
return 0, err
}
remain := time.Until(cert.NotAfter)
remainDays := int(remain.Hours() / 24)
return remainDays, nil
}
func main() {
lambda.Start(handler)
}