From 6dbeb0d66359723bd2a0446597de5616e77e583f Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Thu, 23 Jun 2016 22:17:02 -0400
Subject: [PATCH] le-renew: switch to cryptography module

---
 .bin/le-renew | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/.bin/le-renew b/.bin/le-renew
index f5728d4..6c2354c 100755
--- a/.bin/le-renew
+++ b/.bin/le-renew
@@ -1,6 +1,5 @@
-#!/usr/bin/python2
-# We need to force py2 until M2Crypto is ported:
-# https://gitlab.com/m2crypto/m2crypto/issues/114
+#!/usr/bin/python
+#-*- coding:utf-8 -*-
 # pylint: disable=invalid-name
 
 """Renew Let's Encrypt certs!
@@ -18,6 +17,8 @@ try:
     import configparser
 except ImportError:
     import ConfigParser as configparser
+import cryptography.hazmat.backends
+from cryptography import x509
 try:
     from cStringIO import StringIO
 except ImportError:
@@ -25,9 +26,7 @@ except ImportError:
 import datetime
 import logging
 import logging.handlers
-import M2Crypto
 import os
-import pytz
 import subprocess
 import sys
 
@@ -74,9 +73,10 @@ def setup_logging(debug=False, syslog=None):
 
 def load_cert(path):
     """Load the cert at |path|"""
-    with open(path) as f:
+    with open(path, 'rb') as f:
         data = f.read()
-        return M2Crypto.X509.load_cert_string(data)
+        return x509.load_pem_x509_certificate(
+            data, cryptography.hazmat.backends.default_backend())
 
 
 def load_live_cert(domain):
@@ -112,9 +112,7 @@ def process_domain(domain, dry_run=False):
     cert_path = os.path.realpath(conf.get('globals', 'cert'))
 
     cert = load_cert(cert_path)
-    stamp = cert.get_not_after()
-    now = pytz.timezone('UTC').localize(datetime.datetime.now())
-    delta = stamp.get_datetime() - now
+    delta = cert.not_valid_after - datetime.datetime.utcnow()
     logging.info('%s: expires in %2s days', domain, delta.days)
 
     cmd = [
@@ -123,9 +121,13 @@ def process_domain(domain, dry_run=False):
         '--webroot-path', webroot_path,
         '-d', domain,
     ]
-    san = cert.get_ext('subjectAltName').get_value()
-    domains = [x.strip()[4:] for x in san.split(',')]
-    domains.remove(domain)
+    domains = []
+    try:
+        san = cert.extensions.get_extension_for_oid(
+            x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+        domains = san.value.get_values_for_type(x509.DNSName)
+    except x509.ExtensionNotFound:
+        pass
     for d in domains:
         cmd += ['-d', d]
     if delta.days < 30:
-- 
2.39.5