From 7b6b2981b051febd3e2c64dd8d9fedc1e34108f2 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@iml.unibe.ch>
Date: Fri, 12 Feb 2021 10:04:00 +0100
Subject: [PATCH] added parameter selftest

---
 cm.sh     | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 readme.md |  7 +++++
 2 files changed, 94 insertions(+), 6 deletions(-)

diff --git a/cm.sh b/cm.sh
index 8461cdf..b9b4eb3 100755
--- a/cm.sh
+++ b/cm.sh
@@ -14,6 +14,7 @@
 # ----------------------------------------------------------------------
 # 2021-02-02  <axel.hahn@iml.unibe.ch>  first lines
 # 2021-02-10  <axel.hahn@iml.unibe.ch>  compare hashes, logging
+# 2021-02-12  <axel.hahn@iml.unibe.ch>  added self test
 # ======================================================================
 
 
@@ -23,10 +24,11 @@
 #
 # ----------------------------------------------------------------------
 
-selfdir="$( dirname $0 )"
-touchfile="${selfdir}/log/lastchange.txt"
-# logfile="${selfdir}/log/certmanager-$( date +"%Y%m%d" ).log"
-logfile="${selfdir}/log/certmanager.log"
+touchfile="./log/lastchange.txt"
+logfile="./log/certmanager.log"
+
+csrfile="./templates/csr.txt"
+
 line="_______________________________________________________________________________"
 
 showdebug=1
@@ -163,7 +165,7 @@ function _gencsr(){
 	rm -f $CM_filecnf $CM_filekey $CM_filecsr
 	mkdir -p "${CM_dircsr}" 2>/dev/null
 
-	cat ./templates/csr.txt \
+	cat $csrfile \
 		| sed "s#__FQDN__#$CM_fqdn#g"  		\
 		| sed "s#__ALTNAMES__#$altdns#g"	\
 		> $CM_filecnf || exit 1
@@ -343,6 +345,79 @@ function public_renew-all(){
 
 }
 
+
+# internal function; helper for selftest to handle a single selftest
+# if a given command is successful it shows "OK" or "ERROR" followed
+# by the label inparam 2.
+# The value _iErrors will be incremented by 1 if an error occured.
+# param  string  command to verify
+# param  string  output label
+function _selftestItem(){
+	local _check=$1
+	local _label=$2
+	local _status="OK:"
+
+	eval "$_check"
+	if [ $? -ne 0 ]; then
+		_status="ERROR: the check failed for the test of -"
+		_iErrors=$_iErrors+1
+	fi
+
+	echo "$_status $_label"
+}
+
+#
+# list existing certs
+# no params
+function public_selftest(){
+
+	typeset -i _iErrors=0
+
+	echo
+	echo --- dependencies
+	_selftestItem "which openssl" "opemssl was found"
+	_selftestItem "which curl" "curl was found"
+	echo
+
+	echo --- acme.sh client
+	_selftestItem "ls -ld ${ACME}" "${ACME} exits"
+	_selftestItem "test -x ${ACME}" "${ACME} is executable"
+	echo
+
+	echo --- acme.sh installation \(may fail in future releases of acme.sh\)
+	_selftestItem "ls -ld ~/.acme.sh" "internal acme data were found = [acme.sh --install] was done"
+	_selftestItem "test -w ~/.acme.sh/" "it is writable"
+	echo
+
+	echo --- csr template
+	_selftestItem "ls -ld ${csrfile}"  "csr base template exists"
+	_selftestItem "test -r ${csrfile}" "it is readable"
+	echo
+
+	echo --- output directory for csr and key
+	_selftestItem "ls -ld ${CM_dircsr}"  "data dir for csr exists"
+	_selftestItem "test -w ${CM_dircsr}" "it is writable"
+	echo
+
+	echo --- output dir for centralized place of certificates
+	_selftestItem "ls -ld ${CM_diracme}"  "central output dir for certificate data exists"
+	_selftestItem "test -w ${CM_diracme}" "it is writable"
+	echo
+
+
+	echo --- logs
+	_selftestItem "ls -ld ./log/" "Logdir exists"
+	_selftestItem "test -w" "Logdir is writable"
+	test -f $logfile    &&  _selftestItem  "test -w $logfile" "Logfile $logfile is writable"
+	test -f $touchfile  && _selftestItem "test -w $touchfile" "Logfile $touchfile is writable"
+	echo
+
+	echo --- Errors: $_iErrors
+	test $_iErrors -eq 0 && echo "OK, this looks fine."
+	echo
+	exit $_iErrors
+}
+
 #
 # list existing certs
 # no params
@@ -457,7 +532,13 @@ ACTIONs for ALL certs
         renew-all
                 renew all certificates (fast mode - without --force)
                 and update files in ${CM_diracme}
-                It is useful for a cronjob
+                It is useful for a cronjob.
+
+other ACTIONs
+
+        selftest
+                check of health with current setup and requirements.
+                This command is helpful for initial setups.
 
 EOF
 fi
diff --git a/readme.md b/readme.md
index 14a6b8f..b20c16f 100644
--- a/readme.md
+++ b/readme.md
@@ -17,6 +17,8 @@ source: <https://git-repo.iml.unibe.ch/open-source/iml-certman>
   * templates/csr.txt
     * set location, company and department
 
+Verify setup with ``./cm.sh selftest``
+
 ## Usage
 
 ```text
@@ -74,6 +76,11 @@ ACTIONs for ALL certs
                 renew all certificates (fast mode - without --force)
                 and update files in ./certs
 
+other ACTIONs
+
+        selftest
+                check of health with current setup and requirements.
+                This command is helpful for initial setups.
 
 DEBUG: Using LE STAGE environment ...
 DEBUG: You can test and mess around. Do not use certs in production.
-- 
GitLab