#!/usr/bin/python
# -*- encoding: utf-8; py-indent-offset: 4 -*-
# +------------------------------------------------------------------+
# |             ____ _               _        __  __ _  __           |
# |            / ___| |__   ___  ___| | __   |  \/  | |/ /           |
# |           | |   | '_ \ / _ \/ __| |/ /   | |\/| | ' /            |
# |           | |___| | | |  __/ (__|   <    | |  | | . \            |
# |            \____|_| |_|\___|\___|_|\_\___|_|  |_|_|\_\           |
# |                                                                  |
# | Copyright Mathias Kettner 2017             mk@mathias-kettner.de |
# +------------------------------------------------------------------+
#
# This file is part of Check_MK.
# The official homepage is at http://mathias-kettner.de/check_mk.
#
# check_mk is free software;  you can redistribute it and/or modify it
# under the  terms of the  GNU General Public License  as published by
# the Free Software Foundation in version 2.  check_mk is  distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
# tails. You should have  received  a copy of the  GNU  General Public
# License along with GNU Make; see the file  COPYING.  If  not,  write
# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
# Boston, MA 02110-1301 USA.


# .1.3.6.1.4.1.9148.3.9.1.10.1.3.65.1 rootca
# .1.3.6.1.4.1.9148.3.9.1.10.1.5.65.1 Jul 25 00:33:17 2003 GMT
# .1.3.6.1.4.1.9148.3.9.1.10.1.6.65.1 Aug 17 05:19:39 2027 GMT
# .1.3.6.1.4.1.9148.3.9.1.10.1.7.65.1 /C=US/O=Avaya Inc./OU=SIP Product Certificate Authority/CN=SIP Product Certificate Authority


factory_settings["acme_certificates_default_levels"] = {
    "expire_lower" : (604800, 2592000), # 1 week, 30 days, suggested by customer
}


def inventory_acme_certificates(info):
    return [ (name, {}) for name, start, expire, issuer in info ]


def check_acme_certificates(item, params, info):
    for name, start, expire, issuer in info:
        if item == name:
            expire_date, expire_tz = expire.rsplit(" ", 1)
            expire_time = time.mktime(time.strptime(expire_date, "%b %d %H:%M:%S %Y"))

            now        = time.time()
            warn, crit = params["expire_lower"]
            state      = 0

            time_diff = expire_time - now
            if expire_time <= now:
                age_info  = "%s ago" % get_age_human_readable(abs(time_diff))
            else:
                age_info  = "%s to go" % get_age_human_readable(time_diff)

            infotext = "Expire: %s (%s)" % (expire, age_info)

            if time_diff >= 0:
                if time_diff < crit:
                    state = 2
                elif time_diff < warn:
                    state = 1
                if state:
                    infotext += " (warn/crit below %s/%s)" % (
                                get_age_human_readable(warn),
                                get_age_human_readable(crit))
            else:
                state     = 2
                infotext += " (expire date in the past)"

            yield state, infotext
            yield 0, "Start: %s, Issuer: %s" % (start, issuer)


check_info['acme_certificates'] = {
    'inventory_function'        : inventory_acme_certificates,
    'check_function'            : check_acme_certificates,
    'service_description'       : 'Certificate %s',
    'snmp_info'                 : ('.1.3.6.1.4.1.9148.3.9.1.10.1', [
                                    "3",    # APSECURITY-MIB::apSecurityCertificateRecordName
                                    "5",    # APSECURITY-MIB::apSecurityCertificateCertStart
                                    "6",    # APSECURITY-MIB::apSecurityCertificateCertExpire
                                    "7",    # APSECURITY-MIB::apSecurityCertificateCertIssuer
                                  ]),
    'snmp_scan_function'        : scan_acme,
    'includes'                  : ['acme.include'],
    'default_levels_variable'   : "acme_certificates_default_levels",
    'group'                     : 'acme_certificates'
}
