#!/usr/bin/env python3
# -*- coding: utf-8 -*-

#########################################################################
# pyeole.service - manage EOLE services
# Copyright © 2022 Pôle de Compétence EOLE <eole@ac-dijon.fr>
#
# License CeCILL:
#  * in french: http://www.cecill.info/licences/Licence_CeCILL_V2-fr.html
#  * in english http://www.cecill.info/licences/Licence_CeCILL_V2-en.html
#########################################################################
from creole.client import CreoleClient
from os.path import isfile, basename
from pyeole.diagnose import CertValidator
from pyeole.process import system_out
from subprocess import getstatusoutput



if __name__ == "__main__":
    cmd = [". /usr/lib/eole/diagnose.sh", "len_pf_accent=$((len_pf+1))", 'EchoGras "*** Validité des certificats"']
    client = CreoleClient()
    cert_type = client.get_creole('cert_type')
    server_cert = client.get_creole('server_cert')
    server_pem = client.get_creole('server_pem')

    if cert_type == 'autosigné':
        expected_dns = client.get_creole('ssl_subjectaltname')
        expected_dns.append(client.get_creole('ssl_server_name'))
        expected_dns = list(set(expected_dns))
        if server_cert != '/etc/ssl/certs/eole.crt':
            if server_cert.startswith('/etc/ipsec.d/'):
                ca = '/etc/ipsec.d/cacerts/CertifCa.pem'
            else:
                ca = '/etc/ssl/certs/ca.crt'
            cert = CertValidator(server_cert, chain=server_pem, ca=ca, expected_dns=expected_dns)
            cmd += cert.format_diagnostic(strict_dns=True)
        cert = CertValidator('/etc/ssl/certs/eole.crt', chain=server_pem, ca='/etc/ssl/certs/ca.crt', expected_dns=expected_dns)
        cmd += cert.format_diagnostic(strict_dns=True)
    else:
        expected_dns = client.get_creole('ssl_subjectaltname')
        expected_dns.append(client.get_creole('ssl_server_name'))
        expected_dns = list(set(expected_dns))
        cert = CertValidator(server_cert, chain=server_pem, expected_dns=expected_dns)
        cmd += cert.format_diagnostic(strict_dns=True)
        if cert_type == 'letsencrypt':
            confdir = client.get_creole('le_config_dir')
            stdout = system_out(['bash', '-c', 'source /usr/lib/eole/letsencrypt.sh; getExtraDomains'])[1]
            extra_domains = list(filter(None, stdout.strip().split(' ')))
            for dom in extra_domains:
                cert = confdir + '/live/' + dom + '/cert.pem'
                cert = CertValidator(cert, cert_id=dom + '/cert.pem', chain=server_pem, expected_dns=[dom])
                cmd += cert.format_diagnostic(strict_dns=True)
            if isfile("/var/lib/eole/reports/letsencrypt.err"):
                cmd.append('EchoRouge "Erreur à la demande du certificat, des logs sont disponibles'
                           + 'dans le fichier /var/log/eole-letsencrypt.log')

    cmd.append('echo')
    cmd_string = "\n".join(cmd)
    err, ret = getstatusoutput(cmd_string)
    print(ret)
