#!/bin/sh

# 2012, Alexander von Gluck for NetIQ UNIX Technical Support
# You can run this on remote systems via 'ssh user@my.unixsystem.com < sslupdate-73302.sh'

echo "ii Unofficial NetIQ UNIX Agent SSL certificate update tool"
echo "ii Version 1.0a. 2012, NetIQ UNIX technical support"
echo "ii Based on Hotfix 73302 / 7.1.0.39 / p71p39"
echo "ii More information at http://netiq.com/netiqkb73302"
echo

# Find Agent installation path
if [ ! -e /etc/vigilent.conf ]
then
	echo "!! Couldn't find /etc/vigilent.conf, is NetIQ UNIX Agent installed?"
	exit 1
fi
# I had sed 's,/*[^/]\+/*$,,' here to strip off the last path depth, however it didn't work
# on HP-UX's version of sed.
AGENT_DIR=`cat /etc/vigilent.conf | grep home | sed 's/home\=//g'`/..
echo "++ Found NetIQ UNIX Agent at $AGENT_DIR"

VSAU_DIR=$AGENT_DIR/vsau
if [ ! -e $VSAU_DIR ]
then
	echo "!! Couldn't find VigilEnt bin directory at $VSAU_DIR"
	exit 1
fi

# Find ssl certificate
CERT=$VSAU_DIR/bin/vssca.crt

if [ ! -e $CERT ]
then
	echo "!! Couldn't find SSL certificate at $CERT!"
fi

grep "AJOGQ+HvM0XiTJtX5ah0JA3xtdWaWeqp6GqtA6phk2RVgLIuAeDu/zENP7vqogex" $CERT > /dev/null
if [ $? -eq 0 ]
then
	echo "++ Certificate update was already applied! Great success!"
	exit 0
fi

# Verify we can modify certificate
touch $CERT
if [ $? -ne 0 ]
then
	echo "!! Permissions issue updating certificate!"
	echo "ii Please ensure you run this as root or a user who"
	echo "ii can modify $VSAU_DIR/bin/"
fi
touch $CERT.backup
if [ $? -ne 0 ]
then
	echo "!! Permissions issue writing to $VSAU_DIR/bin/!"
	echo "ii Please ensure you run this as root or a user who"
	echo "ii can modify $VSAU_DIR/bin/"
fi

# Backup old certificate
echo "++ Backup old SSL cerficiate to $VSAU_DIR/bin/vssca.crt.backup"
mv -f $CERT $CERT.backup

echo "-----BEGIN CERTIFICATE-----
MIICvTCCAiYCCQCBz7iasgrGJDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
VVMxDjAMBgNVBAgTBVRleGFzMRAwDgYDVQQHEwdIb3VzdG9uMSgwJgYDVQQKEx9Q
ZW50YVNhZmUgU2VjdXJpdHkgVGVjaG5vbG9naWVzMSEwHwYDVQQLExhSZXNlYXJj
aCBhbmQgRGV2ZWxvcG1lbnQxJDAiBgNVBAMTG1ZpZ2lsRW50IFNlY3VyaXR5IFNl
cnZlciBDQTAeFw0xMTExMTgxNzQ1MDNaFw0zMTExMTMxNzQ1MDNaMIGiMQswCQYD
VQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxEDAOBgNVBAcTB0hvdXN0b24xKDAmBgNV
BAoTH1BlbnRhU2FmZSBTZWN1cml0eSBUZWNobm9sb2dpZXMxITAfBgNVBAsTGFJl
c2VhcmNoIGFuZCBEZXZlbG9wbWVudDEkMCIGA1UEAxMbVmlnaWxFbnQgU2VjdXJp
dHkgU2VydmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChXI1ZAUl4
2vr9vMbbQnEI+T/OwVJDoRDN21nKFxKHxZ7uKu7YhikG96G94PGC5/DJVSfRXBuN
RDUDdEPqu+mSD103j4fQRJo7mntb+b9PbXQyhRvsD6TQ6rjLYUE4k1SAiNaVfjA4
iXC1BUG/KB2syBxKPOAJQ/Zr56Kn/VK/0QIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AJOGQ+HvM0XiTJtX5ah0JA3xtdWaWeqp6GqtA6phk2RVgLIuAeDu/zENP7vqogex
V7kRpHOaSI+7cQeaJ0vtdfQMh/EO5t/PwifTq0Xk15iWvUVzIxLBDkKhfrJGDElM
UKqA2H5o5sGm74wO+ntSCHYRdJ4u477W5O9YrGRaqXtQ
-----END CERTIFICATE-----
" > $CERT

if [ ! -e $CERT ]
then
        echo "!! SSL certificate update failed!"
        exit 1
fi

grep "AJOGQ+HvM0XiTJtX5ah0JA3xtdWaWeqp6GqtA6phk2RVgLIuAeDu/zENP7vqogex" $CERT > /dev/null
if [ $? -eq 0 ]
then
	echo "++ Certificate update was successful!"
	exit 0
fi

echo "!! Certificate update failed!"
exit 1