#!/usr/bin/env bash

# DESCRIPTION:
#   get certificate info
#
# DEPENDENCIES:
#   - openssl
#
# PARAMETERS:
#   1: "hostname:port | /path/to/cert" - certificate location
#   -e - print of the expired date timestamp
#   -f - print of the fingerprint
#   -r - print of the remaining days
#
# FUNCTIONS:
#
#
# VARIABLES:
#

if ! command -v openssl &> /dev/null; then
  printf "%s\n" "Not found dependencies"

  exit 1
fi

datetime=$(date +%s)
certdest=$1

#
# MAIN:
#

if [ -n "${certdest}" ]; then
  certpath="$(printf "%s" "${certdest}" | cut -d':' -f1)"

  if [ -f "${certpath}" ]; then
    if grep -q 'BEGIN CERTIFICATE' "${certpath}"; then
      certdata=$(openssl x509 -inform pem -in "${certpath}")
    else
      certdata=$(openssl x509 -inform der -in "${certpath}")
    fi

  else
    certport="$(printf "%s" "${certdest}" | cut -d':' -f2 -s)"
    if [ -z "${certport}" ]; then
        certport=443
    fi
    certdata=$( \
      openssl s_client -connect "${certpath}:${certport}" \
        < /dev/null 2>/dev/null \
      )

  fi

  if [ -n "${certdata}" ]; then
    expired=$(date -d \
      "$(printf "%s" "${certdata}" | \
        openssl x509 -noout -enddate | \
        cut -d'=' -f2- \
        )" \
      +%s
      )
    subject=$(printf "%s" "${certdata}" | \
      openssl x509 -noout -subject | \
      cut -d'=' -f3- | cut -d' ' -f2- \
      )
    release=$(printf "%s" "${certdata}" | \
      openssl x509 -noout -startdate | \
      cut -d'=' -f2- \
      )
    fingerp=$(printf "%s" "${certdata}" | \
      openssl x509 -noout -fingerprint | \
      cut -d'=' -f2- \
      )
    remains=0; remains=$(( expired-datetime )); remains=$(( remains/60/60/24 ))

    if [ -z "${2}" ]; then
      printf '%s\n' "certpath: ${certpath}"
      printf '%s\n' "certport: ${certport}"
      printf '%s\n' "fingerprint: ${fingerp}"
      printf '%s\n' "subject name: ${subject}"
      printf '%s\n' "release date: ${release}"
      printf '%s\n' "expired date: ${expired}"
      printf '%s\n' "remains days: ${remains}"
    elif [ "${2}" == "-e" ];then
      printf '%s\n' "${expired}"
    elif [ "${2}" == "-f" ];then
      printf '%s\n' "${fingerp}"
    elif [ "${2}" == "-r" ];then
      printf '%s\n' "${remains}"
    else
      printf '%s\n' "certdata: ${certdata}"
    fi

  else
    printf "%s\n" "Certificate was not loaded"

    exit 1
  fi

else
  printf "%s\n" "Usage example: ${0} 'name.domain.zone'"
  printf "%s\n" "Usage example: ${0} 'name.domain.zone:port' -r"
  printf "%s\n" "Usage example: ${0} '/path/to/cert' -f"

  exit 1
fi

exit 0