##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2004. 
# See http://www.eu-egee.org/partners/ for details on the copyright 
# holders.  
#
# Licensed under the Apache License, Version 2.0 (the "License"); 
# you may not use this file except in compliance with the License. 
# You may obtain a copy of the License at 
#
#    http://www.apache.org/licenses/LICENSE-2.0 
#
# Unless required by applicable law or agreed to in writing, software 
# distributed under the License is distributed on an "AS IS" BASIS, 
# WITHOUT WARRANTIES OR CONDITIONS 
# OF ANY KIND, either express or implied. 
# See the License for the specific language governing permissions and 
# limitations under the License.
##############################################################################
#
# NAME :        config_host_certs
#
# DESCRIPTION : This function configures the host certificates.
#
# AUTHORS :     Gergely.Debreczeni@cern.ch
#
# NOTES :      
#
# YAIM MODULE:  glite-yaim-core
#                 
##############################################################################

config_host_certs_check(){

 requires $1 X509_HOST_KEY X509_HOST_CERT
 return $?

}

config_host_certs(){

####@ Sets proper permission on host certificates

if [ -f ${X509_HOST_KEY} ]; then
    chmod 400 ${X509_HOST_KEY}
else 
    yaimlog ERROR "X509_HOST_KEY file in ${X509_HOST_KEY} not found !"
    yestr ${YEX_NOSUCHFILE}
    yaimlog ERROR "${YERRORSTR}"
    exit ${YEX_NOSUCHFILE}
fi
if  [ -f ${X509_HOST_CERT} ]; then
    chmod 644 ${X509_HOST_CERT}
else
    yaimlog ERROR "X509_HOST_CERT file in ${X509_HOST_CERT} not found !"
    yestr ${YEX_NOSUCHFILE}
    yaimlog ERROR "${YERRORSTR}"
    exit ${YEX_NOSUCHFILE}
fi


####@ Check host certificate is not expired

openssl x509 -checkend 0 -in ${X509_HOST_CERT} > /dev/null 2>&1
if [ $? -eq 1 ]; then
   openssl x509 -text -in ${X509_HOST_CERT}
   yaimlog ABORT "Hostcert has expired!"
   exit 1
fi

return 0

}
