#!/bin/bash

gracedays=14

csv=1
if [ $# -eq 1 ]; then
	csv=0
fi

function printdata()
{
	DATA=$1
	SUBJ=$2
	NOCSV=$3

	if [ "$csv" == "1" ]; then
		if [ -z "$NOCSV" ]; then
			if [ -z "$DATA" -a -z "$SUBJ" ]; then
				echo
			else
				echo -n "${DATA};"
			fi
		fi
	else
		if [ -n "$SUBJ" ]; then
			SUBJ="${SUBJ}: "
		fi
		echo "${SUBJ}${DATA}"
	fi

}


allcerts=`find ./ -regex "\(.*cert.*\.pem\|.*\.crt\)\$" -type f -or -regex "\(.*cert.*\.pem\|.*\.crt\)\$" -type l`

for cert in $allcerts; do

	certdata=`openssl x509 -text -noout -in $cert 2>/dev/null`

	if [ -n "$certdata" ]; then

		printdata "$cert" "Filename"

		enddate=`echo "$certdata" |grep "Not After :" |sed -e 's#^.*Not After : ##'`

		ssldate=`date -d "${enddate}" '+%s'`
		nowdate=`date '+%s'`
		datediff="$((${ssldate}-${nowdate}))"

		if test "${datediff}" -lt "$((${gracedays}*24*3600))"; then
			printdata "EXPIRED" "Status"
		elif test "${datediff}" -lt "$((30*24*3600))"; then
			printdata "SOON" "Status"
		else
			printdata "ACTIVE" "Status"
		fi

		if [ "$csv" == "1" ]; then
			pdate=`echo -n "$enddate" |tr ' ' '.'`
		else
			pdate=$enddate
		fi

		printdata "$pdate" "Expires"

		subj=`echo "$certdata" |grep "Subject:" |sed -e 's#^.*Subject:.*CN[\t ]*=[\t ]*\([^\/]*\).*\$#\1#'`
		printdata "$subj" "Subject"

		altnames=`echo "$certdata" |grep "DNS:"`
		altnamelist=""
		for altname in $altnames; do
			alt=`echo "$altname" | sed -e 's#.*DNS:\([^\,]*\).*\$#\1#' |tr "\n" ","`
			altnamelist="$altnamelist$alt"
		done
		printdata "$altnamelist" "Altnames"

		ca_v=`echo "$certdata" |grep "Issuer:" |sed -e 's#^.*Issuer: ##'`
		if [ "$csv" == "1" ]; then
			ca=`echo $ca_v | sed -e 's#.*O[\t ]*=[\t ]*\([^\,]*\).*#\1#' | tr ' ' '.' `
		else
			ca=$ca_v
		fi
		printdata "$ca" "CA"

		printdata
	fi

done