#!/usr/bin/eperl -w
###
#
# Copyright (c) Ensim Corporation 2000, 2001   All Rights Reserved.
#
# This software is furnished under a license and may be used and copied
# only  in  accordance  with  the  terms  of such  license and with the
# inclusion of the above copyright notice. This software or any other
# copies thereof may not be provided or otherwise made available to any
# other person. No title to and ownership of the software is hereby
# transferred.
#
# The information in this software is subject to change without notice
# and  should  not be  construed  as  a commitment by Ensim Corporation.
# Ensim assumes no responsibility for the use or  reliability  of its
# software on equipment which is not supplied by Ensim.
#
# Exit codes (on failure error message goes to stderr):
#  0 - success
#  1 - failure
# 
# Boolean arguments on the command line are given as 0 or 1. All the
# command line arguments are encoded to avoid problems with escapes.
#
# All functions defined here either return an error message if an
# error occured and "" if everything went well or allways return a
# valid value, but exit (with code 1) printing an error message if an
# error occurs. This second type of functions have _e appended to
# their name. Functions are allowed to print results onto stdout, but
# errors are printed only in the main program.
#
###


use strict;
use File::Basename;

use constant SSL_DIR => "/etc/httpd/conf/virtual/";
use constant SSL_KEY_FILE  => "/etc/httpd/conf/ssl.key/server.key";
use constant SSL_CERT_FILE => "/etc/httpd/conf/ssl.crt/server.crt";

use lib ($ENV{'OCW_SVCPATH'} || "/usr/lib/opcenter")."/virtualhosting";
use lib ($ENV{'OCW_SVCPATH'} || "/usr/lib/opcenter")."/apache";

use VHConst;
use SSL;

sub getSSLSites () {
    # Arvind 3.7.0 There are no more .ssl files for each domain.
    # We are clubbing it all together in the virtual/siteX file.
    #my @siteList = glob SSL_DIR . "*.ssl";
    my @siteList = glob SSL_DIR . "*";

    map { $_ = basename $_ ; $_ =~ s/^(.*)\.ssl$/$1/g; } @siteList;

    return \@siteList;
}

sub verifySSLFiles ($$) {
    my $keyFile = shift;
    my $certFile = shift;
    
    if (SSL::VerifyKeyFile($keyFile)) {
	return;
    }

    if (SSL::VerifyCertFile($certFile)) {
	return;
    }

    if (SSL::VerifyMatchKeyCert($keyFile, $certFile)) {
	return;
    }

    return 1;
}


sub getDomainMap () {
  my %domainMap = ();
  return %domainMap if not (open (SITELOOKUP,"/usr/local/bin/sitelookup -a site_handle,domain |"));
  my @domainList = <SITELOOKUP>;
  close (SITELOOKUP);
  foreach my $line (@domainList) {
    chomp $line;
    my ($sitehandle,$domain) = split(/\,/,$line);
    $domainMap{$sitehandle} = $domain;
  }
  return \%domainMap;
}

sub OLD_getDomainMap () {
    my @dirList = glob "/home/virtual/*";
    my %domainMap = ();

    foreach my $dir (@dirList) {
	next if (! -l $dir );
	
	my $domain = basename $dir;
	
	# filter out admin
	next if $domain =~ /^admin\d+$/;
	
	# read the link
	my $linkTarget = readlink $dir;
	next if (! defined $linkTarget);
	
	$domainMap{basename dirname $linkTarget} = $domain;
    }

    return \%domainMap;
}


my $quick_chk = 0;
my $opt = shift;

if($opt) {
    if($opt eq '-q') {
        $quick_chk = 1;
    } else {
        die "Usage: GetSSLDomains [-q]"
    }
}

# get a list of sites with SSL enabled
my $siteListRef = getSSLSites;
my @sslOkList = ();

if (scalar @{$siteListRef}) {
    # load ipmapping file into hash
    my $siteMapRef = getDomainMap;

    foreach my $site (@{$siteListRef}) {
        my $keyfile = "/home/virtual/$site/fst" . SSL_KEY_FILE;
        my $crtfile = "/home/virtual/$site/fst" . SSL_CERT_FILE;
        if ($quick_chk && -s $keyfile && -s $crtfile) {
	    push (@sslOkList, $siteMapRef->{$site});
        }
	elsif (verifySSLFiles($keyfile, $crtfile)) {
	    # add ip addr to ok list
	    push (@sslOkList, $siteMapRef->{$site});
	}
    }
}

# we need to verify SSL of the WP box as well
if ($quick_chk && -s SSL_KEY_FILE && -s SSL_CERT_FILE) {
    push (@sslOkList, "default");
}
elsif (verifySSLFiles(SSL_KEY_FILE, SSL_CERT_FILE)) {
    push (@sslOkList, "default");
}

foreach (@sslOkList) {
    print "-DSSL.$_\n";
}




