From cfd626dc6c067a6465e962f3eeaa182cda994dba Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Thu, 2 Oct 2014 12:11:24 -0700
Subject: leap cert update will now warn if commercial certs will expire soon.

---
 lib/leap_cli/commands/ca.rb | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 46e3494..66dfd7c 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -36,6 +36,7 @@ module LeapCli; module Commands
 
         nodes = manager.filter!(args)
         nodes.each_node do |node|
+          warn_if_commercial_cert_will_soon_expire(node)
           if !node.x509.use
             remove_file!([:node_x509_key, node.name])
             remove_file!([:node_x509_cert, node.name])
@@ -191,7 +192,7 @@ module LeapCli; module Commands
       return true
     else
       cert = load_certificate_file([:node_x509_cert, node.name])
-      if cert.not_after < months_from_yesterday(1)
+      if cert.not_after < months_from_yesterday(2)
         log :updating, "cert for node '#{node.name}' because it will expire soon"
         return true
       end
@@ -222,6 +223,18 @@ module LeapCli; module Commands
     return false
   end
 
+  def warn_if_commercial_cert_will_soon_expire(node)
+    dns_names_for_node(node).each do |domain|
+      if file_exists?([:commercial_cert, domain])
+        cert = load_certificate_file([:commercial_cert, domain])
+        if cert.not_after < months_from_yesterday(2)
+          log :warning, "the commercial certificate '#{Path.relative_path([:commercial_cert, domain])}' will expire soon. "+
+            "You should renew it with `leap cert csr --domain #{domain}`."
+        end
+      end
+    end
+  end
+
   def generate_cert_for_node(node)
     return if node.x509.use == false
 
-- 
cgit v1.2.3