#!/bin/bash
readonly DOMAIN=$1
readonly PROTOCOL=${2:-https}
readonly TIMEOUT=10 # max seconds to wait

result=0

function usage {
	echo 'usage: <DOMAIN> [ https | 443 | smtps | 587 | pop3 | 993 | imap | 995 | ALL ]'
	exit -1
}

function check_ssl {
	local protocol=$1
	case $protocol in
		SMTPS ) 
			local extra="-starttls smtp -showcerts"
			;;
	esac
	
	echo -n "$protocol "


	certificate_info=$(echo | timeout $TIMEOUT openssl s_client $extra -connect $DOMAIN:$2 2>/dev/null)

	issuer=$(echo "$certificate_info" | openssl x509 -noout -text 2>/dev/null | grep Issuer: | cut -d: -f2)
	date=$( echo "$certificate_info" | openssl x509 -noout -enddate  2>/dev/null | cut -d'=' -f2)
	date_s=$(date -d "${date}" +%s)
	now_s=$(date -d now +%s)
	date_diff=$(( (date_s - now_s) / 86400 ))

	if [[ -z $date ]]; then
		echo -n "does not respond "
		echo -ne "\033[31;1m"
		echo FAILURE
		(( result += 1 ))
	elif [[ $date_diff -gt 20 ]]; then
		echo -n "issuer:$issuer "
		echo -n "will expire in $date_diff days "
		echo -ne "\033[32;1m"
		echo ok
	elif [[ $date_diff -gt 0 ]];then
		echo -n "issuer:$issuer "
		echo -n "will expire in $date_diff days "
		echo -ne "\033[31;1m"
		echo WARNING
		(( result += 1 ))
	else
		echo -n "issuer:$issuer "
		echo -n "has already expired $date_diff ago "
		echo -ne "\033[31;1m"
		echo FAILURE
		(( result += 1 ))
	fi
	echo -ne "\033[0m"
}

#MAIN
[[ -z "$DOMAIN" ]] && usage
case $PROTOCOL in
    https | 443 )
        check_ssl HTTPS 443;;
    smtps | 587 )
        check_ssl SMTPS 587;;
    pop3 | 995 )
        check_ssl POP3 995;;
    imap | 993 )
        check_ssl IMAP 993;;
	all | ALL )
		check_ssl HTTPS 443
		check_ssl SMTPS 587
		check_ssl POP3 995
		check_ssl IMAP 993
		;;
    *)
        usage
        ;;
esac

exit "$result"