#!/bin/bash
#
# test_keystores
#
# Ablaufdatum von SSL-Zertifikaten von Java keystores prüfen
#
############################################################
WDIR="`dirname $0`"
#
CONF=/etc/uls/keystores.conf
#
unset S DT TMP_PATH
#
while getopts c:d:S? op; do
  case "$op" in
    c) CONF="$OPTARG";;
    d) TMP_PATH="-d $OPTARG";;
    S) S="-S";;
    *) echo "usage: $0 [-d storepath] [-c confpath] [-S] [<date> <time>]"
       exit 1;;
  esac
done
shift $(( $OPTIND - 1 ))
#
if [[ -f /etc/uls/uls.conf ]]; then
  . /etc/uls/uls.conf
fi
#
if [[ $# -lt 2 ]]; then
  DT="`date '+%F %T%:z'`"
else
  DT="$1 $2"
fi
#
if [[ -f "$CONF" ]]; then
  #
  {
  eval ULS_SECTION=$(awk -F ' *= *' '$1 == "ULS_SECTION" {print $2}' $CONF)
  eval JAVA_BASE=$(awk -F ' *= *' '$1 == "JAVA_BASE" {print $2}' $CONF)
  eval KEYTOOL=$(awk -F ' *= *' '$1 == "KEYTOOL" {print $2}' $CONF)
  eval ONLYSANDNSNAMES=$(awk -F ' *= *' '$1 == "ONLYSANDNSNAMES" {print $2}' $CONF)
  export JAVA_BASE KEYTOOL ONLYSANDNSNAMES

  echo "D;$DT;${ULSHOSTNAME:-$(hostname)};$ULS_SECTION;"

  sed -n '/\[keystores\]/,$ s/\(^ *[^#]*\)  *\([^ ][^ ]*\) \(.*\)/\1 \2 \3/p' "$CONF" | while read cafile capwd ulstst; do
    eval f=$cafile
    $KEYTOOL -list -v -storepass "$capwd" -keystore "$f" 2>/dev/null | awk -v sandns="$ONLYSANDNSNAMES" -v tst="$ulstst" -F ': ' '
      $1 == "Alias name" { alias = $2 }
      $1 == "Owner"      { owner = $2 }
      $1 == "Valid from" { cmd = "date -d \""$3"\" \"+%s\""
                           cmd | getline untils
                           close(cmd)
                           expiredate = strftime("%Y-%m-%d %H:%M:%S", untils)
                           expiredays = sprintf("%.0f", (untils - systime())/86400)
                           if( alias && !sandns )
                           { a = alias
                             gensub(":", " ", a)
                             print "V;;;;" tst ":" a ";Alias;" alias ";_"
                             if( owner != "" )
                             { gsub("\"", "\\\"", owner)
                               print "V;;;;;Owner;\"" owner "\";_"
                             }
                             print "V;;;;;Expiredate;" expiredate ";{DT}"
                             print "V;;;;;Expiredays;" expiredays ";d"
                             alias = owner = ""
                           }
                         }
      /^SubjectAlternativeName/ { san = 1
                                  dnsnames = ""
                                }
      /\]/                      { if( san && alias && sandns && dnsnames )
                                  { a = alias
                                    gensub(":", " ", a)
                                    print "V;;;;" tst ":" a ";Alias;" alias ";_"
                                    if( owner != "" )
                                    { gsub("\"", "\\\"", owner)
                                      print "V;;;;;Owner;\"" owner "\";_"
                                    }
                                    print "V;;;;;Expiredate;" expiredate ";{DT}"
                                    print "V;;;;;Expiredays;" expiredays ";d"
                                    print "V;;;;;DNS-Names;\"" dnsnames "\";_"
                                    dnsnames = alias = owner = ""
                                  }
                                  san = 0
                                }
      $1 ~ " *DNSName$"         { dnsnames = dnsnames (dnsnames ? ", " : "") $2 }
      /\*\*\*\*\*\*\*\*/ { alias = owner = "" }'
  done
  } | send_test_tab
fi
