#!/bin/bash

EXPIRATIONDAYS=14

OUTPUTBUFFER=""
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd -P )"
cd ${DIR}

checkCertificate () {
	OUTPUT=""
	CERTIFICATE=$@

	STARTNOTIFICATIONDATE=$(date +%s)
	EXPIRYNOTIFICATIONDATE=$(($(date +%s) + (86400*${EXPIRATIONDAYS})))

	SUBJECT=$(openssl x509 -in "${CERTIFICATE}" -noout -text | grep "Subject:" | sed 's/^.*CN[ ]*=[ ]*\([^,]*\).*$/\1/')

	STARTDATE=$(openssl x509 -in "${CERTIFICATE}" -noout -text | grep 'Not Before' | awk '{printf "%s %.2d %s %s\n",$3,$4,$6,$5}')
	STARTDATENUMERIC=$(date -d "${STARTDATE}" '+%s');

	EXPIRATIONDATE=$(openssl x509 -in "${CERTIFICATE}" -noout -text | grep 'Not After' | awk '{printf "%s %.2d %s %s\n",$4,$5,$7,$6}')
	EXPIRATIONDATENUMERIC=$(date -d "${EXPIRATIONDATE}" '+%s');

	if [ ${STARTNOTIFICATIONDATE} -lt ${STARTDATENUMERIC} ]
	then
		WARNING=true
		OUTPUT="\tOn ${STARTDATE}, the Certificate for \"${SUBJECT}\" will become valid\n"
	fi

	if [ ${EXPIRYNOTIFICATIONDATE} -gt ${EXPIRATIONDATENUMERIC} ]
	then
		WARNING=true
		OUTPUT="\tOn ${EXPIRATIONDATE}, the Certificate for \"${SUBJECT}\" will expire\n"
	fi
}

for DIRECTORY in ./*/
do
	DIRECTORY=${DIRECTORY%*/}
	DIRECTORY=${DIRECTORY:2}

	if [ "${DIRECTORY}" != "openssl" ]; then
		TEMPORARYBUFFER=""
		cd "${DIRECTORY}"

		for CERTIFICATE in ./*.crt
		do
			WARNING=false
			if [[ -f "${CERTIFICATE}" ]]
			then
				checkCertificate ${CERTIFICATE}
				if [ "${WARNING}" = true ]; then
					TEMPORARYBUFFER+=${OUTPUT}
				fi
			fi
		done

		if [ ! -z "${TEMPORARYBUFFER}" ]; then
			OUTPUTBUFFER+="${DIRECTORY}:\n"
			OUTPUTBUFFER+=${TEMPORARYBUFFER}
		fi

		cd - > /dev/null
	fi
done

echo -e ${OUTPUTBUFFER}