#!/bin/bash
. /usr/lib/eole/diagnose.sh

EchoGras "*** Services Proxy"
# FIXME: squid tourne en 127.0.0.1
#TestService "proxy" $container_ip_proxy:8080
TestPid "Service proxy" squid

DAEMON="e2guardian"

TestProxy() {
    COMMENT=$1
    IP=$2
    len=$((len_pf-7))
	PROXY2PORT=$(CreoleGet proxy2_port '')
	if [[ -n ${PROXY2PORT} ]]
	then
        printf ".  %${len_pf}s => " "Nb de proxy [${COMMENT}]"
		EchoGras "2"
	fi
    # Utilise le serveur de mise à jour car exclut de l'authentification du proxy (voir #10130)
    for dnsname in $(CreoleGet serveur_maj); do
        printf ".  %${len_pf}s => " "web via proxy1 - $IP"
        CreoleRun "http_proxy=http://$IP:3128/ wget -q -t2 --connect-timeout=3 --read-timeout=3 --spider http://$dnsname/eole" proxy
        RET=$?
        if [ $RET -eq 0 ]; then
            EchoVert "Ok"
            break
        else
            EchoRouge "Erreur"
        fi
    done
	if [[ -n ${PROXY2PORT} ]]
	then
		for dnsname in $(CreoleGet serveur_maj); do
			printf ".  %${len_pf}s => " "web via proxy2 - $IP"
			CreoleRun "http_proxy=http://$IP:${PROXY2PORT}/ wget -q -t2 --connect-timeout=3 --read-timeout=3 --spider http://$dnsname/eole" proxy
			RET=$?
			if [ $RET -eq 0 ]; then
				EchoVert "Ok"
				break
			else
				EchoRouge "Erreur"
			fi
		done
	fi
}

FLTACTIF=$(CreoleGet activer_filtrage_proxy non )
nombre_interfaces=$(CreoleGet nombre_interfaces)
container_ip_proxy=$(CreoleGet container_ip_proxy)
container_actif=$(CreoleGet mode_conteneur_actif)
instance_1_activate=0
instance_2_activate=0
instance_3_activate=0

if [ $nombre_interfaces -eq 1 ];then
	if [ "$container_actif" = "oui" ];then
		## mode conteneur ##
		TestProxy $(CreoleGet nom_machine) $(CreoleGet adresse_ip_eth0_proxy_link)
	else
		## mode non conteneur ##
		TestProxy $(CreoleGet nom_machine) $(CreoleGet adresse_ip_eth0)
	fi
	if [ "$container_actif" = "oui" ];then
		## mode conteneur ##
		IP=$(CreoleGet adresse_ip_eth0_proxy_link)
	else
		## mode non conteneur ##
		IP=$(CreoleGet adresse_ip_eth0)
	fi
	if [[ ${FLTACTIF} == "oui" ]]
	then
		if [ "$(CreoleGet dansguardian_eth0)" = "1" ]; then
			instance_1_activate=$IP
		elif [ "$(CreoleGet dansguardian_eth0)" = "2" ]; then
			instance_2_activate=$IP
		fi
	fi
else
	for numint in `seq 1 $[nombre_interfaces-1]`; do
		if [ "$container_actif" = "oui" ];then
			## mode conteneur ##
			IP=$(CreoleGet adresse_ip_eth${numint}_proxy_link)
		else
			## mode non conteneur ##
			IP=$(CreoleGet adresse_ip_eth$numint)
		fi
		if [[ ${FLTACTIF} == "oui" ]]
		then
			if [ "$(CreoleGet dansguardian_eth$numint)" = "1" ]; then
				instance_1_activate=$IP
			elif [ "$(CreoleGet dansguardian_eth$numint)" = "2" ]; then
				instance_2_activate=$IP
			fi
		fi
		nom_zone_eth=$(CreoleGet nom_zone_eth$numint)
		TestProxy "$(CreoleGet nom_machine_eth$numint)" $IP
		if [ "$container_actif" = "non" ];then
			if [ "$(CreoleGet alias_eth$numint)" = "oui" ]; then
				numalias=0
				for ip in $(CreoleGet alias_ip_eth$numint); do
					numalias=$((numalias+1))
					int="$(CreoleGet nom_zone_eth$numint):$numalias"
					TestProxy "$int" $ip
				done
			fi
			if [ "$(CreoleGet vlan_eth$numint)" = "oui" ]; then
				VLAN_ID=($(CreoleGet vlan_id_eth${numint}))
				VLAN_IP=($(CreoleGet vlan_ip_eth${numint}))
				NB_VLAN=${#VLAN_ID[*]}
				for ((id=0; id < $NB_VLAN; id+=1))
				do
					int="$nom_zone_eth.${VLAN_ID[id]}"
					TestProxy "$int" "${VLAN_IP[id]}"
				done
			fi
		fi
	done
fi

if [ "$(CreoleGet activer_squid_mitm)" = "oui" ]; then
    container_path_proxy=$(CreoleGet container_path_proxy)
    echo
    EchoGras "*** Validité du certificat racine du proxy (/etc/eole/squid_CA.crt)"
    TestCerts "$container_path_proxy/etc/squid/signingCA.crt" 10 "certificat expiré" "$container_path_proxy/etc/squid/signingCA.key" "$container_path_proxy/etc/squid/signingCA.key"
    printf ".  %${len_pf}s => " "Empreinte"
    openssl x509 -sha256 -fingerprint -noout -in /etc/eole/squid_CA.crt
fi

echo
exit 0
