#!/bin/sh
#CheckCertificate 检查存储集群证书
G_INSPECT_MMLPATH="/opt/huawei/snas/script/inspect_mml"
. $G_INSPECT_MMLPATH/CheckItems


CurInspectNum="274"
CurInspectFun=`GetInspectType $CurInspectNum`
LOGPATH="/tmp/tmp${CurInspectFun}"
RESULTFILE="/tmp/tmpResult${CurInspectFun}"
>$RESULTFILE

isPass=0
function decode()
{
    local strdecode=$(echo $@ | base64 -d)
    if [ "X" != "${strdecode}" ];then
        echo ${strdecode}
        strdecode=""
        return 0
    fi
    return 1 
}
function checkPubkeyPair()
{
    local ManagementPassphrase="UGsxMjNAc3RvcmFnZQo="
    local ManagementCertFile="/opt/product/snas/etc/sslcert.pem"
    local ManagementkeyFile="/opt/product/snas/etc/sslkey.pem"
    local certFilePubkey=""
    local keyFilePubkey=""
    if [ "$1" = "Management" ];then
        certFilePubkey=$(openssl x509 -in ${ManagementCertFile} -noout -modulus | openssl sha1)
        keyFilePubkey=$(openssl rsa -in ${ManagementkeyFile} -noout -passin pass:$(decode ${ManagementPassphrase}) -modulus| openssl sha1)
        if [ "${certFilePubkey}" != "${keyFilePubkey}" ] || [[ "${certFilePubkey}" =~ "da39a3ee5e6b4b0d3255bfef95601890afd80709" ]] || [[ "${keyFilePubkey}" =~ "da39a3ee5e6b4b0d3255bfef95601890afd80709" ]];then
            isPass=1
            echo "INFO:The Management passphrase or the certificate file ${ManagementCertFile} does not match the private key file ${ManagementkeyFile}." >>$RESULTFILE
        fi
    fi
    return 0
}

curttime="`date +%s`"
openssl x509 -text -in /opt/huawei/snas/etc/sslcert.pem > $LOGPATH
iRet=$?
if [ $iRet -ne 0 ];then
	isPass=1
	echo "INFO:can not get Certificate time" >>$RESULTFILE
	LOG "iRet=$iRet,isPass=$isPass"
else
	filedate=`cat $LOGPATH |grep "Not After" |awk '{print $4" "$5" "$6" "$7}'`
	CerTime="`date -d "$filedate" +%s`"
	passtime=`expr $CerTime - $curttime`
	if [ $passtime -le 2592000 ];then   #30*24*60*60
		isPass=1
	fi
	strNowTIme=`date +"%Y/%m/%d %H:%M:%S"`
	StrCerTime=`date -d "@$CerTime" +"%Y/%m/%d %H:%M:%S"`
	echo "Now_time:$strNowTIme||Certificate_time:$StrCerTime" >>$RESULTFILE
	LOG "Now_time:$strNowTIme,StrCerTime=$StrCerTime"
    checkPubkeyPair Management
fi

#打印是否巡检通过
echo "${CurInspectFun}_Pass $isPass" >>$RESULTFILE
LOG "${CurInspectFun}_Pass $isPass"
