#!/bin/bash

. /usr/lib/eole/diagnose.sh

TestValidCerts(){
    delay=1296000 # 15 days
    issuer=""
    enddate=""
    expire=27
    valid=""

    cert_file=${1}
    cert_chain=${2}

    if [ -f ${cert_file} ]
    then
        IFS_BACK=${IFS}
        IFS=$'\n'
        cert_info=$(openssl x509 -noout -issuer -enddate -in ${cert_file})
        for info in ${cert_info}
        do
            case "${info}" in
                issuer*)
                    issuer="$(echo ${info#*=}| awk -F '=' '{print $NF}')"
                    ;;

                notAfter*)
                    enddate="${info#*=}"
                    enddate=$(date -d "${enddate%%=*}")
                ;;
            esac
        done
        IFS=${IFS_BACK}

        check_expire=$(openssl x509 -checkend $delay -noout -enddate -in ${cert_file})
        expire=${?}

        if [ -n ${cert_chain} ]
        then
            check_valid=$(openssl verify -CApath /etc/ssl/certs/ -untrusted ${cert_chain} ${cert_file})
            valid=${?}
        fi
    else
        echo "Le fichier de certificat \"${cert_file}\" n'existe pas !"
        exit 3
    fi

    if [ ${expire} -ne 0 ]
    then
        printf ". %${len_pf}s => %s" "Expiration" "$(EchoRouge 'dans moins de 15 jours.')"
    else
        printf ". %${len_pf}s => %s" "Expiration" "$(EchoVert 'dans plus de 15 jours.')"
    fi

    printf ". %${len_pf}s => %s" "Date de fin" "$(EchoGras "${enddate}")"
    printf ". %${len_pf}s => %s" "CA" "$(EchoGras "${issuer}")"

    if [ -n ${valid} ]
    then
        msg=""
        if [ ${valid} -eq 0 ]
        then
            msg=$(EchoVert "valide")
        else
            msg=$(EchoRouge "invalide (Vérifier la chaine de certification)")
        fi
        printf ". %${len_pf}s => %s" "Certificat " "${msg}"
    fi
    
    printf ".  %${len_pf}s => " "DNS reconnus"
                    openssl x509 -in ${server_cert} -noout -text \
                        | sed -n -e '/X509v3 Subject Alternative Name/{n;p;}' \
                        | sed -e 's/^ *//' -e 's/DNS://g' -e 's/,//g' \
                              -e 's/IP Address:[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+//g'
                    return 0
}

EOLE_DIR="/usr/share/eole/creole"
patchfiles="${EOLE_DIR}/patch/*.patch ${EOLE_DIR}/patch/variante/*.patch"
if [ `ls $patchfiles 2>/dev/null|wc -l` -gt 0 ];then
	EchoGras "*** Patches"
	printf ".  %${len_pf}s => " "patches"
	/usr/share/creole/testpatches.py
    echo
fi

cert_type=$(CreoleGet cert_type)
server_cert=$(CreoleGet server_cert)
server_pem=$(CreoleGet server_pem)

set_title=0
if [ ${cert_type} = "autosigné" ]
then
    EchoGras "*** Validité du certificat"
    if [ $server_cert != "/etc/ssl/certs/eole.crt" ]
    then
        TestCerts $server_cert 10 "certificat expiré"
    fi
    TestCerts /etc/ssl/certs/eole.crt 10 "certificat expiré"

    [ $set_title = 1 ] && echo
else
    EchoGras "*** Validité du certificat $(basename ${server_cert})"
    TestValidCerts ${server_cert} ${server_pem}
fi

echo
set_title=0
for container in $(CreoleGet --groups);do
    cpath=$(CreoleGet container_path_$container)
    for file in $(ls $cpath/etc/init.d/*.dpkg-dist 2>/dev/null); do
        if [ $set_title = 0 ]; then
            EchoGras "*** Scripts d'init pas à jour"
            set_title=1
        fi
        EchoRouge "-  $(basename ${file%.dpkg-dist}) ($container)"
    done
done
exit 0
