#!/bin/bash

host=$1
port=$2
sni=$3
proto=$4

if [ -z "$sni" ]
then
	servername=$host
else
	servername=$sni
fi

if [ -z "$port" ]
then
	port="443"
fi

if [ -n "$proto" ]
then
	starttls="-starttls $proto"
fi

cert_data=`openssl s_client -servername $servername -host $host -port $port $starttls -prexit </dev/null 2>/dev/null | sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`
if [ -n "$cert_data" ]; then
	Rcert=true
	validate_hostname=`echo "$cert_data" | openssl x509 -checkhost  $servername 2>/dev/null | grep 'does NOT match certificate'`
	if [ -z "$validate_hostname" ]; then
		Rhostname=true
	else
		Rhostname=false
	fi
	end_date=`echo "$cert_data" | openssl x509 -dates -noout 2>/dev/null | sed -n 's/ *notAfter=*//p'`
	if [ -n "$end_date" ]; then
		end_date_seconds=`date '+%s' --date "$end_date"`
		now_seconds=`date '+%s'`
		remaining_days=`echo "($end_date_seconds-$now_seconds)/24/3600" | bc`
		if [ "$remaining_days" -lt 0 ]; then
			Rdays=0
		else
			Rdays=$remaining_days
		fi
	else
		echo '-1'
	fi
	issue_dn=`echo "$cert_data" |  openssl x509 -issuer -noout 2>/dev/null | sed -n 's/ *issuer=*//p'`
	if [ -n "$issue_dn" ]; then
		Rissuer=`echo $issue_dn | sed -n -e 's/, CN = / - /g' -e 's/.*O = //p'`
	else
		Rissuer=""
	fi
else
	Rcert=false
fi

echo "{ \"cert\": ${Rcert}, \"valid_hostname\": ${Rhostname}, \"remaining_days\": ${Rdays}, \"issuer\": \"${Rissuer}\"}"