#/bin/bash

G_INSPECT_MMLPATH="/opt/huawei/snas/script/inspect_mml"
. $G_INSPECT_MMLPATH/CheckItems
TMPPATH=$(dirname $0)
CurInspectNum="501"
CurInspectFun=`GetInspectType $CurInspectNum`
LOGPATH="/tmp/tmp${CurInspectFun}"
RESULTFILE="/tmp/tmpResult${CurInspectFun}"
>$RESULTFILE
isPass=0
source /opt/huawei/snas/script/inspect_mml/certUpdateLib.sh

function main()
{
    local outtimeFlag=""
    local defaultCert=""
    local key=""
    local cert=""
    local tmpFile="/tmp/tmpResultCheckAllCertificate"
    GetAndSaveCertStatus  #CheckAllCertificate
    if [ $? -ne 0 ]; then
        isPass=1
        echo "INFO:Failed to get certs status."
        return
    fi
    while read line; do
        if [ "$line" = "" ] ;then
            continue
        fi

        outtimeFlag=$(echo "$line" | awk -F'|' '{print $3}' | awk -F':' '{print $2}')
        defaultCert=$(echo "$line" | awk -F'|' '{print $7}' | awk -F':' '{print $2}')
        if [ "${defaultCert}" = "NO" -a "${outtimeFlag}" = "YES" ]; then
            certName=$(echo "$line" | awk -F'|' '{print $1}' | awk -F':' '{print $2}')
            cert=`GetCertType ${certName}`
            echo "INFO:${cert} ${certName} is soon outTime but not default cert. So did not update." >>$RESULTFILE
            continue
        fi
        if [ "${defaultCert}" = "YES" -a "${outtimeFlag}" = "YES" ]; then
            if [ ! -f /opt/inspect/Certificate.tar.gz ];then
                isPass=1                
                echo "INFO:NO file Certificate.tar.gz" >>$RESULTFILE
                break
            fi
            certName=$(echo "$line" | awk -F'|' '{print $1}' | awk -F':' '{print $2}')
            cert=`GetCertType ${certName}`
            if [ "$cert" = "Management" ];then
                key="UGsxMjNAc3RvcmFnZQo="
            elif [ "${cert}" = "DeviceManager" -o "$cert" = "ToolkitHttps" ]; then
                key="QWRtaW5Ac3RvcmFnZQo="
            fi
            if [ "${cert}" = "DeviceManager" ]; then
                UpdateDeviceManagerCert ${cert} ${key}
                iret=$?
                if [ ${iret} -ne 0 ]; then
                    echo "INFO:Failed to update ${cert} ${certName}" >>$RESULTFILE
                    isPass=1
                else
                    echo "INFO:${cert} ${certName} is updated successfully." >>$RESULTFILE
                fi
                continue
            fi

            sh /opt/huawei/snas/script/inspect_mml/certRmtUpdate.sh updateCert ${cert} ${key}
            iret=$?
            if [ ${iret} -ne 0 ]; then
                isPass=1
                echo "INFO:Failed to update ${cert}." >>$RESULTFILE
                sh /opt/huawei/snas/script/inspect_mml/certRmtUpdate.sh restoreCert ${cert} ${key}
                iret=$?
                if [ ${iret} -ne 0 ]; then
                    echo "INFO:Failed to restore ${cert}." >>$RESULTFILE
                fi
                continue
            fi
            echo "INFO:${cert} ${certName} is updated successfully." >>$RESULTFILE
        fi
    done < ${tmpFile}
    [ "$(cat ${tmpFile}|grep IsSoonOutTime:YES)" = "" ] && echo "INFO: All pemFile is OK." >>$RESULTFILE
    rm ${tmpFile}
    [ -f /var/log/Certificate.tar.gz ] && rm /var/log/Certificate.tar.gz
    sed -i "s/huawei/product/g" $RESULTFILE

}

main 
echo "${CurInspectFun}_Pass $isPass" >>$RESULTFILE
LOG "${CurInspectFun}_Pass $isPass"