#!/bin/sh
# @description display a summary of agent information
# @man Outputs detailed information about the agent configuration, especially
# @man what defines the node (hostname, uuid and key hash) and its
# @man policy server.
# @man +
# @man *Options*:
# @man +
# @man *-v*: run the agent in verbose mode, prints detailed information

. "${BASEDIR}/../lib/common.sh"
. "${BASEDIR}/../lib/cfengine_parsing.sh"

VERBOSE=false

while getopts "v" opt; do
  case $opt in
    v)
      VERBOSE=true
      ;;
  esac
done

if [ -f "${SERVER_HASH_FILE}" ] && [ -f "${CFE_SERVER_HASH_FILE}" ]
then
  PINNING="full"
elif [ -f "${SERVER_HASH_FILE}" ]
then
  PINNING="only HTTPS"
elif [ -f "${CFE_SERVER_HASH_FILE}" ]
then
  PINNING="only CFEngine"
else
  PINNING="none"
fi

CERT_CRE=$(date --date="$(openssl x509 -startdate -noout -in ${RUDDER_DIR}/etc/ssl/agent.cert | cut -d= -f 2)" +"${DATE_FORMAT}")
[ $? -ne 0 ] && CERT_CRE="Not configured"
CERT_EXP=$(date --date="$(openssl x509 -enddate -noout -in ${RUDDER_DIR}/etc/ssl/agent.cert | cut -d= -f 2)" +"${DATE_FORMAT}")
[ $? -ne 0 ] && CERT_EXP="Not configured"
CERT_FINGERPRINT=$(openssl x509 -in ${RUDDER_DIR}/etc/ssl/agent.cert -noout -fingerprint -sha1 | cut -d= -f2)
[ $? -ne 0 ] && CERT_FINGERPRINT="Not configured"
KEY_HASH=$(${RUDDER_DIR}/bin/cf-key -p /var/rudder/cfengine-community/ppkeys/localhost.pub)
[ $? -ne 0 ] && KEY_HASH="Not configured"
KEY_HASH_SHA=$(openssl rsa -in /var/rudder/cfengine-community/ppkeys/localhost.priv -outform der -pubout 2>/dev/null | openssl dgst -sha256 -binary | openssl enc -base64)
[ $? -ne 0 ] && KEY_HASH_SHA="Not configured"


if grep -q ":" "${RUDDER_VAR}/cfengine-community/policy_server.dat"; then
  PORT=$(cut -d: -s -f2 "${RUDDER_VAR}/cfengine-community/policy_server.dat")
  POLICY=$(cut -d: -s -f1 "${RUDDER_VAR}/cfengine-community/policy_server.dat")
else
  PORT="5309"
  POLICY=$(cat "${RUDDER_VAR}/cfengine-community/policy_server.dat")
fi
[ $? -ne 0 ] && POLICY="Not yet configured"

HTTPS_PORT=$(rudder_json_value 'HTTPS_POLICY_DISTRIBUTION_PORT')

POLICY_FETCHED=$(modification_time ${RUDDER_VAR}/cfengine-community/last_successful_inputs_update 2> /dev/null)
[ $? -ne 0 ] && POLICY_FETCHED="Not updated" || POLICY_FETCHED=$(echo "${POLICY_FETCHED}" | cut -d'.' -f1)

INVENTORY_SENT=$(modification_time ${RUDDER_VAR}/tmp/inventory_sent 2> /dev/null)
[ $? -ne 0 ] && INVENTORY_SENT="Not sent" || INVENTORY_SENT=$(echo "${INVENTORY_SENT}" | cut -d'.' -f1)

VERSION=`${RUDDER_BIN} agent version | sed 's/Rudder agent //'`

if ! [ -e ${RUDDER_DIR}/etc/disable-agent ]; then
  if ps cax | grep -q cf-execd; then
    splays=$(/opt/rudder/bin/rudder-perl /opt/rudder/share/lib/get-splay.pl)
    if [ "${splays}" != "" ];then
      RUN_TIME=$(date -d "+${splays% *} seconds" +"${DATE_FORMAT}")
      INVENTORY_TIME=$(date -d "$(LANG=C date -I) +${splays#* } seconds" +"${DATE_FORMAT}")
    fi
  fi
fi

if type systemctl > /dev/null; then
  if ! systemctl -q is-active "rudder-cf-execd"; then
    echo ""
    echo "Warning: the 'rudder-cf-execd' service is stopped so the agent is"
    echo "         not scheduled automatically. Enable it with:"
    echo ""
    echo "           systemctl enable rudder-cf-execd"
  fi
  if [ "$(systemctl is-enabled rudder-cf-execd)" = "masked" ]; then
    echo ""
    echo "Warning: the 'rudder-cf-execd' service is masked the agent is"
    echo "         not scheduled automatically and invisible . Unmask it with:"
    echo ""
    echo "           systemctl unmask rudder-cf-execd"
  fi
fi

printf "\n${WHITE}General${NORMAL}\n"
echo "           Hostname: $(get_hostname)"
echo "               UUID: ${UUID}"
echo "      Policy server: ${POLICY}"
if [ "${HTTPS_PORT}" != "443" ]; then
  echo "         HTTPS port: ${HTTPS_PORT}"
fi
if [ "${PORT}" != "5309" ]; then
  echo "      CFEngine port: ${PORT}"
fi

if [ -n "${RUDDER_NODE_KIND}" ]
then
  echo "               Role: ${RUDDER_NODE_KIND}"
fi
echo "            Version: ${VERSION}"

printf "\n${WHITE}Policies${NORMAL}\n"

if [ -e ${RUDDER_DIR}/etc/disable-agent ]; then
  echo "             Status: disabled since $(modification_time ${RUDDER_DIR}/etc/disable-agent)"
else
  echo "             Status: enabled"
fi
if [ -n "${RUDDER_REPORT_MODE}" ]
then
  echo "        Report mode: ${RUDDER_REPORT_MODE}"
fi
echo "       Run interval: ${AGENT_RUN_INTERVAL} min"
if [ -n "${RUN_TIME}" ]
then
  echo "           Next run: ${RUN_TIME}"
fi
if [ -n "${INVENTORY_TIME}" ]
then
  echo "     Inventory time: ${INVENTORY_TIME}"
fi
if [ -e ${RUDDER_DIR}/etc/force-audit-agent ]; then
  echo "  Forced audit mode: since $(modification_time ${RUDDER_DIR}/etc/force-audit-agent)"
else
  echo "  Forced audit mode: no"
fi
if [ -n "${RUDDER_NODE_CONFIG_ID}" ]
then
  echo "   Configuration id: ${RUDDER_NODE_CONFIG_ID}"
fi
echo "     Policy updated: ${POLICY_FETCHED}"
echo "     Inventory sent: ${INVENTORY_SENT}"

printf "\n${WHITE}Key/Certificate${NORMAL}\n"
if is_https_only; then
echo "         HTTPS only: enabled"
fi
if is_cert_validated; then
echo "  Certificate check: enabled"
fi
if ! is_https_only; then
echo "           Key hash: ${KEY_HASH}"
fi
echo "           Key hash: sha256//${KEY_HASH_SHA}"
echo "  Cert. fingerprint: ${CERT_FINGERPRINT}"
echo "        Key pinning: ${PINNING}"
echo "     Cert. creation: ${CERT_CRE}"
echo "   Cert. expiration: ${CERT_EXP}"
[ "${VERBOSE}" = "true" ] && echo "        Certificate:" && cat ${RUDDER_DIR}/etc/ssl/agent.cert

echo ""

# Display system classes in verbose mode
if [ "${VERBOSE}" = "true" ]; then
  printf "\n${WHITE}Defined system conditions${NORMAL}\n"
  "${RUDDER_DIR}/bin/cf-promises" --show-classes | grep "hardclass" | awk '{ print "  " $1 }'
fi
