From 8962b7a2ff7222775e97c5c4f010e8f60283a6c7 Mon Sep 17 00:00:00 2001
From: vasileios <zigras00@gmail.com>
Date: Fri, 19 Apr 2024 16:20:22 +0200
Subject: [PATCH] [#3725] Added failed certificates to email digest

---
 src/openforms/emails/digest.py                | 30 +++++++++++++++-
 src/openforms/emails/tasks.py                 |  3 ++
 .../emails/templates/emails/admin_digest.html | 34 +++++++++++++++++++
 3 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/src/openforms/emails/digest.py b/src/openforms/emails/digest.py
index f67af0549d..ae08b8b00b 100644
--- a/src/openforms/emails/digest.py
+++ b/src/openforms/emails/digest.py
@@ -1,15 +1,17 @@
 import uuid
 from dataclasses import dataclass
-from datetime import datetime
+from datetime import datetime, timedelta
 from itertools import groupby
 from typing import Iterable
 
 from django.contrib.contenttypes.models import ContentType
 from django.urls import reverse
+from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
 from django_yubin.models import Message
 from furl import furl
+from simple_certmanager.models import Certificate
 
 from openforms.contrib.brk.service import check_brk_config_for_addressNL
 from openforms.logging.models import TimelineLogProxy
@@ -69,6 +71,13 @@ class BrokenConfiguration:
     exception_message: str
 
 
+@dataclass
+class FailedCertificate:
+    label: str
+    expiry_date: datetime | None = None
+    is_valid_pair: bool | None = None
+
+
 def collect_failed_emails(since: datetime) -> Iterable[FailedEmail]:
     logs = TimelineLogProxy.objects.filter(
         timestamp__gt=since,
@@ -179,3 +188,22 @@ def collect_broken_configurations() -> list[BrokenConfiguration]:
         )
 
     return broken_configurations
+
+
+def collect_failed_certificates() -> list[FailedCertificate]:
+    now = timezone.now()
+    interval = now + timedelta(days=14)
+
+    failed_certs = []
+    for cert in Certificate.objects.all():
+        if cert.expiry_date <= interval:
+            failed_certs.append(
+                FailedCertificate(label=cert.label, expiry_date=cert.expiry_date)
+            )
+
+        if not (is_valid := cert.is_valid_key_pair()):
+            failed_certs.append(
+                FailedCertificate(label=cert.label, is_valid_pair=is_valid)
+            )
+
+    return failed_certs
diff --git a/src/openforms/emails/tasks.py b/src/openforms/emails/tasks.py
index 2963fad61c..30eeae2c5a 100644
--- a/src/openforms/emails/tasks.py
+++ b/src/openforms/emails/tasks.py
@@ -11,6 +11,7 @@
 
 from .digest import (
     collect_broken_configurations,
+    collect_failed_certificates,
     collect_failed_emails,
     collect_failed_prefill_plugins,
     collect_failed_registrations,
@@ -27,12 +28,14 @@ def get_context_data(self) -> dict[str, Any]:
         failed_registrations = collect_failed_registrations(self.since)
         failed_prefill_plugins = collect_failed_prefill_plugins(self.since)
         broken_configurations = collect_broken_configurations()
+        failed_certificates = collect_failed_certificates()
 
         return {
             "failed_emails": failed_emails,
             "failed_registrations": failed_registrations,
             "failed_prefill_plugins": failed_prefill_plugins,
             "broken_configurations": broken_configurations,
+            "failed_certificates": failed_certificates,
         }
 
     def render(self) -> str:
diff --git a/src/openforms/emails/templates/emails/admin_digest.html b/src/openforms/emails/templates/emails/admin_digest.html
index 474eee6f89..ba691d985b 100644
--- a/src/openforms/emails/templates/emails/admin_digest.html
+++ b/src/openforms/emails/templates/emails/admin_digest.html
@@ -77,3 +77,37 @@ <h5>{% trans "Configuration problems" %}</h5>
         {% endfor %}
     </ul>
 {% endif %}
+
+{% if failed_certificates %}
+    <h5>{% trans "Certificates with problems" %}</h5>
+    <ul>
+        {% for failed_certificate in failed_certificates %}
+            <li>
+                
+                <p>
+                    <!-- Expiring certificates -->
+                    {% if failed_certificate.expiry_date %}
+                        {% blocktranslate with certificate_label=failed_certificate.label expiry_date=failed_certificate.expiry_date trimmed %}
+                            '{{ certificate_label }}' certificate is about to expire on {{ expiry_date }}
+                        {% endblocktranslate %}
+                    {% else %}    
+                        <!-- No private key provided -->
+                        {% if failed_certificate.is_valid_pair == None %}
+                            {% blocktranslate with certificate_label=failed_certificate.label trimmed %}
+                                No private key for certificate '{{ certificate_label }}' was provided.
+                            {% endblocktranslate %}
+                        {% endif %}
+                        
+                        <!-- Invalid key-pair -->
+                        {% if failed_certificate.is_valid_pair == False %}
+                            {% blocktranslate with certificate_label=failed_certificate.label trimmed %}
+                                The combination of the public key of the certificate and the private key is not valid.
+                                Please look into certificate '{{ certificate_label }}'.
+                            {% endblocktranslate %}
+                        {% endif %}
+                    {% endif %}
+                </p>
+            </li>
+        {% endfor %}
+    </ul>
+{% endif %}