#!/bin/bash
# +------------------------------------------------------------------+
# |             ____ _               _        __  __ _  __           |
# |            / ___| |__   ___  ___| | __   |  \/  | |/ /           |
# |           | |   | '_ \ / _ \/ __| |/ /   | |\/| | ' /            |
# |           | |___| | | |  __/ (__|   <    | |  | | . \            |
# |            \____|_| |_|\___|\___|_|\_\___|_|  |_|_|\_\           |
# |                                                                  |
# | Copyright Mathias Kettner 2014             mk@mathias-kettner.de |
# +------------------------------------------------------------------+
#
# This file is part of Check_MK.
# The official homepage is at http://mathias-kettner.de/check_mk.
#
# check_mk is free software;  you can redistribute it and/or modify it
# under the  terms of the  GNU General Public License  as published by
# the Free Software Foundation in version 2.  check_mk is  distributed
# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
# tails. You should have  received  a copy of the  GNU  General Public
# License along with GNU Make; see the file  COPYING.  If  not,  write
# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
# Boston, MA 02110-1301 USA.

# This agent uses the program "jarsigner" to read ssl certificate
# information of jar files and outputs the information to stdout
# for the Check_MK check.
# We assume that all files in the jar archive are signed with the
# same certificate. So we only deal with the last signed file here.

JAVA_HOME=/home/oracle/bin/jdk_latest_version
JAR_PATH=/home/oracle/fmw/11gR2/as_1/forms/java/*.jar

# Let user override these defaults in a configuration file
if [ -e $MK_CONFDIR/jar_signature.cfg ] ; then
    . $MK_CONFDIR/jar_signature.cfg
fi

PATH=$JAVA_HOME/bin:$PATH

echo "<<<jar_signature>>>"
for JAR in $JAR_PATH; do
    if [ -e "$JAR" ] ; then # avoid entry for '*.jar'
        echo "[[[${JAR##*/}]]]"
        OUTPUT=$(jarsigner -verify -verbose -certs "$JAR")
        LINE=$(echo "$OUTPUT" | grep -n ^s | tail -n1 | cut -d: -f1)
        echo "$(echo "$OUTPUT" | tail -n +$LINE)"
        echo
    fi
done

