#!/bin/bash
readonly DOMAIN=$1
readonly PROTOCOL=${2:-https}
readonly TIMEOUT=10 # max seconds to wait

result=0

function usage {
	echo 'usage: <DOMAIN> [ https | 443 | smtps | 587 | pop3 | 993 | imap | 995 | ALL ]'
	exit 1
}

function check_ssl {
	local protocol=$1
	case $protocol in
	SMTPS)
		local extra="-starttls smtp -showcerts"
		;;
	esac

	echo -n "$protocol "

	certificate_info=$(echo | timeout $TIMEOUT openssl s_client $extra -connect $DOMAIN:$2 2>/dev/null)

	issuer=$(echo "$certificate_info" | openssl x509 -noout -text 2>/dev/null | grep Issuer: | cut -d: -f2)
	date=$(echo "$certificate_info" | openssl x509 -noout -enddate 2>/dev/null | cut -d'=' -f2)
	date_s=$(date -d "${date}" +%s)
	now_s=$(date -d now +%s)
	date_diff=$(((date_s - now_s) / 86400))

	if [[ -z $date ]]; then
		echo -n "does not respond "
		echo -ne "\033[31;1m"
		echo FAILURE
		((result += 1))
	elif [[ $date_diff -gt 20 ]]; then
		echo -n "issuer:$issuer "
		echo -n "will expire in $date_diff days "
		echo -ne "\033[32;1m"
		echo ok
	elif [[ $date_diff -gt 0 ]]; then
		echo -n "issuer:$issuer "
		echo -n "will expire in $date_diff days "
		echo -ne "\033[31;1m"
		echo WARNING
		((result += 1))
	else
		echo -n "issuer:$issuer "
		echo -n "has already expired $date_diff ago "
		echo -ne "\033[31;1m"
		echo FAILURE
		((result += 1))
	fi
	echo -ne "\033[0m"
}

#MAIN
[[ -z "$DOMAIN" ]] && usage
case $PROTOCOL in
https | 443)
	check_ssl HTTPS 443
	;;
smtps | 587)
	check_ssl SMTPS 587
	;;
pop3 | 995)
	check_ssl POP3 995
	;;
imap | 993)
	check_ssl IMAP 993
	;;
all | ALL)
	check_ssl HTTPS 443
	check_ssl SMTPS 587
	check_ssl POP3 995
	check_ssl IMAP 993
	;;
*)
	usage
	;;
esac

exit "$result"