#!/bin/bash

VERSION='Xymon check-ldap-cert script: version 1.0'
# clientlaunch.d/check-ldap-cert.cfg
#[cert]
#    ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
#    CMD $XYMONCLIENTHOME/ext/check-ldap-cert.bash
#    LOGFILE $XYMONCLIENTHOME/logs/check-ldap-cert.log
#    INTERVAL 5m

# This script checks the expiration of the TLS cert.
# It must read the ldap conf file and the location of the 
# ldap conf file must be updated.
CONF='/usr/local/openldap/etc/ldap.conf'

#DEBUG# echo "bb=[$BB]"
#DEBUG# echo "bbdisp=[$BBDISP]"
NL="

"
DASHES="<hr>"
DASH="<hr width='25%' align='left'>"

COLOR="clear"
COLUMN="cert"
MSG=""
# 60 seconds * 60 minutes * 24 hours * 90 days
((YELLOW = 60 * 60 * 24 * 90))
# 60 seconds * 60 minutes * 24 hours * 30 days
((RED = 60 * 60 * 24 * 30))
DATE=$(date)
dateSeconds=$(date -d "${DATE}" '+%s')
FILE=$(cat ${CONF} | grep -v '^#' | grep -i tls_cacertfile | awk '{print $2}')
expDate=$(openssl x509 -in ${FILE} -text -noout | grep 'Not After' | sed 's/Not After ://' | tr -s " ")
expSeconds=$(date -d "${expDate}" '+%s')
((differ = expSeconds - dateSeconds))
if (( RED > differ))
 then
   COLOR='red'
 else
   if (( YELLOW > differ))
    then
      COLOR='yellow'
    else
      COLOR='green'
    fi
 fi
text=$(openssl x509 -in ${FILE} -text -noout)
MSG="<br><br>Certificate expires: ${expDate}${DASHES}${text}"

#DEBUG# echo "$BB $BBDISP \"status $MACHINE.$COLUMN $COLOR ${DATE} $MSG\""
$BB $BBDISP "status $MACHINE.$COLUMN $COLOR ${DATE} $MSG ${DASHES}${VERSION}"
#DEBUG# tmp="$?"
#DEBUG# echo "error code: $tmp"