#!/usr/bin/php
<?php

/**
 * EXPERIMENTAL : auth/cleanup certbot script
 * using AlternC 3.x.11 API for Domain Names 
 */

/* the config file located in /etc/letsencrypt/alternc-plugin.conf 
   is a json file that contains the following :
   {
     "suffix": { "server": "https://alternc.server.com/", "token": "sohdifeejoCafii9Aeph0Jah4naithoC" },
     "othersuffix: { ... }
   }
   where suffix is a domain suffix like example.com or sub.domain.fr ... 
   This plugin will use the AlternC 'server' API with the 'token' to set / unset domain names as requested by CertBot
   The longer suffix is always preferred (to get *.sub.example.com we will use sub.example.com over example.com)
*/
$conffile="/etc/letsencrypt/alternc-plugin.conf";

$conf=@json_decode(file_get_contents($conffile),true);
if (!is_array($conf) || !count($conf)) {
    echo "FATAL: cannot read $conffile or json incorrect. See certbot-auth source code for more information\n";
    exit(1);
}
    
$certbot=strtolower(getenv("CERTBOT_DOMAIN"));
$sub="";
$value=getenv("CERTBOT_VALIDATION");
if (!$certbot || !$value) {
    echo "FATAL: environment variable missing: CERTBOT_DOMAIN | CERTBOT_VALIDATION\n";
    exit(1);
}

// Search for the matching suffix information
$domain=""; $server=""; $token=""; $length=0;
foreach($conf as $suffix => $data) {
    if ($certbot==$suffix || substr($certbot,-strlen($suffix)-1)==(".".$suffix)) { // ^matching or \.matching
        if (strlen($suffix)>$length) {
            $length=strlen($suffix);
            $domain=$suffix; $server=$data["server"]; $token=$data["token"];
        }
    }
}
if (!$domain) {
    echo "FATAL: the domain $certbot is NOT available through AlternC api. Please check your configuration file\n";
    exit(1);
}
// now let's split what is domain and what is SUB :)
if ($domain==$certbot) {
    $sub="";
} else {
    $sub=".".substr($certbot,0,-strlen($domain)-1);
}

// API call, list subdomains:
$s=file_get_contents($server."/api/rest/domain/get?token=".$token."&dom=".$domain);
if (!($result=json_decode($s,true)) || !is_array($result["content"])) {
    echo "FATAL: error while calling get API on $server, returned string\n$s\n";
    exit(1);
}
$id=0;

foreach($result["content"]["sub"] as $onesub) {
    if ($onesub["name"]=="_acme-challenge".$sub && strtolower($onesub["type"])=="txt" && $onesub["dest"]==$value) {
        $id=$onesub["id"];
        break;
    }
}
if (!$id) {
    echo "ERROR: found nothing to cleanup, maybe a mistake ? \n";
    exit(0);
}

echo "removing subdomain on AlternC server $server, id $id\n";
$s=file_get_contents($server."/api/rest/subdomain/del_by_id?token=".$token."&dom=".$domain."&id=".$id);
if (!$result=@json_decode($s,true) || $result["content"]!=true) {
    echo "FATAL: error while calling del_by_id API on $server, returned string\n$s\n";
    exit(1);
}

exit(0);