From a49391b915a107a65322a575dd2b25a0d09883bf Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@nordu.net>
Date: Tue, 2 Jun 2020 14:08:23 +0200
Subject: [PATCH] Changed script nagios check for checking countires in eIDAS

---
 .../plugins/check_eidas_country_count.sh      | 56 ++++++++++++++++---
 1 file changed, 48 insertions(+), 8 deletions(-)

diff --git a/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh b/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh
index e267e59a..80be47d6 100755
--- a/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh
+++ b/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh
@@ -1,33 +1,73 @@
 #!/bin/bash
 
+set +x
+
 . /usr/lib/nagios/plugins/utils.sh
 
 abs() { 
     [[ $[ $@ ] -lt 0 ]] && echo "$[ ($@) * -1 ]" || echo "$[ $@ ]"
 }
 
-count=$(wget -qO- https://$1/role/idp.xml | xmllint --format - | grep eidas:NodeCountry | wc -l)
+tmpx=$(mktemp)
+
+finish() {
+   rm -f $tmpx
+}
+trap finish EXIT
+
+cat>$tmpx<<EOF
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+                xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                xmlns:exsl="http://exslt.org/common"
+                extension-element-prefixes="exsl"
+                xmlns:xi="http://www.w3.org/2001/XInclude"
+                xmlns:eidas="http://eidas.europa.eu/saml-extensions"
+                xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">
+  <xsl:output method="text" indent="yes" encoding="UTF-8"/>
+  <xsl:template match="md:EntitiesDescriptor"><xsl:apply-templates select="//eidas:NodeCountry"/></xsl:template>
+  <xsl:template match="eidas:NodeCountry">
+    <xsl:value-of select="text()"/><xsl:text> </xsl:text>
+  </xsl:template>
+  <xsl:template match="*"></xsl:template>
+</xsl:stylesheet>
+EOF
+
+missing() {
+   m=""
+   for x in $1; do
+      echo $2 | grep -q $x || m="$m $x"
+   done
+   echo $m
+}
+
+list=$(wget -qO- https://$1/role/idp.xml | xsltproc $tmpx -)
 if [ $? -ne 0 ]; then
    echo "CRITICAL - Service FAIL"
    echo $status
    exit $STATE_CRITICAL
 fi
 
-count_expected=$2
+list_expected=$2
+list_missing=$(missing "$list_expected" "$list")
+count=$(echo $list_missing | wc -w)
 count_diff_warn=$3
 count_diff_crit=$4
 
-d=$(abs $count - $count_expected)
-if [ $d -ge $count_diff_crit ]; then
-   echo "CRITICAL - country count is $count expected $count_expected"
+if [ $count -ge $count_diff_crit ]; then
+   echo "CRITICAL - $count countries missing: $list_missing"
    echo $status
    exit $STATE_CRITICAL
-elif [ $d -ge $count_diff_warn ]; then
-   echo "WARNING - country count is $count expected $count_expected"
+elif [ $count -ge $count_diff_warn ]; then
+   echo "WARNING - $count countries missing: $list_missing"
    echo $status
    exit $STATE_WARNING
 else
-   echo "OK - Service healthy ($count countries)"
+   echo "OK - Service healthy"
    echo $status
    exit $STATE_OK
 fi