#!/usr/bin/env python3
# Copyright 2019 vg
# SPDX-License-Identifier: MIT

'''\
Takes json in stdin to modify a challenge in a zone txt record.

Usage: update-acme-challenge --zones=ZONES

Options:
 --zones=ZONES  json object: {"zone-to-check": "zone-to-modify"}

Json format:
{
    "action": "add|delete",
    "zone": "zone_name_to_modify",
    "challenge": "mandatory only with add action: challenge",
}
'''


import datetime
import docopt
import json
import subprocess
import sys


def nsupdate(zone, challenge):
    content = f'''
        server ::1
        del {zone} TXT
        add {zone} 60 TXT "{challenge}"
        send
    '''
    subprocess.run(['nsupdate'], check=True, input=content, encoding='utf8')


def main():
    args = docopt.docopt(__doc__)

    jsonmap = json.loads(sys.stdin.read())

    zones = json.loads(args['--zones'])
    zone = jsonmap.get('zone', '')
    zone = zone[:-1] if zone.endswith('.') else zone
    if zone not in zones:
        raise ValueError(f'not permitted to modify zone {zone}')

    action = jsonmap.get('action', '')
    if action not in ('add', 'delete'):
        raise ValueError(f'bad value for action content: {action}')

    challenge = jsonmap.get('challenge', '')
    if not all(x.isalnum() or x in '_-' for x in challenge):
        # base64url as in acme spec
        raise ValueError('bad format for challenge content')

    nsupdate(zones[zone], challenge if action == 'add' else '')


main()