#!/usr/bin/python3
# -*- coding: utf-8 -*-
#
# Univention Monitoring
#
# Like what you see? Join us!
# https://www.univention.com/about-us/careers/vacancies/
#
# Copyright 2004-2024 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.

import time

from univention.config_registry import ucr
from univention.monitoring import Alert


class SSLCertificateCheck(Alert):

    def write_metrics(self):
        if ucr['server/role'] not in ('domaincontroller_master', 'domaincontroller_backup'):
            return

        today = int(time.time()) // 60 // 60 // 24
        rootc = ucr.get_int("ssl/validity/root", -1)
        hostc = ucr.get_int("ssl/validity/host", -1)

        # check root ca or host cert
        certValid = rootc
        certType = "SSL root CA"
        if rootc >= hostc:
            certValid = hostc
            certType = "SSL host certificate"

        if certValid > 0:
            diff = certValid - today
            self.write_metric('univention_ssl_certificate_expiry_seconds', diff * 24 * 60 * 60)
            self.log.debug("%s expires in %d days" % (certType, diff))
        else:
            self.write_metric('univention_ssl_certificate_expiry_seconds', -1, 'unable to determine expire date - ucr variables ssl/validity/host|root are not set')


if __name__ == '__main__':
    SSLCertificateCheck.main()
