#!/bin/bash

# Checks if any of the *.crt files in a directory on disk will expire soon

# Copyright 2009,2016 Peter Palfrader
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


sn="$0"
if [ "${sn%/*}" = "$sn" ]; then
  CERT_CHECK=dsa-check-cert-expire
else
  CERT_CHECK="${sn%/*}/dsa-check-cert-expire"
fi

if [ "$#" != 1 ] ; then
  echo >&2 "Usage: $0 <directory>"
  exit 1
fi

DIR="$1"

if ! [ -d "$DIR" ]; then
  echo "Not a directory: $DIR"
  exit 1
fi

OK=""
WARN=""
CRIT=""
UNKNOWN=""
cOK=0
cWARN=0
cCRIT=0
cUNKNOWN=0

t=$(tempfile)
trap "rm -f '$t'" EXIT

for i in "$DIR"/*.crt; do
  d="${i%.crt}"
  d="${d##*/}"
  echo -n "$d: " >> "$t"
  "$CERT_CHECK" "$i" >> "$t" 2>&1
  rc=$?
  if [ "$rc" = 0 ]; then
    OK="$OK $d"
    cOK=$(( cOK + 1 ))
  elif [ "$rc" = 1 ]; then
    WARN="$WARN $d"
    cWARN=$(( cWARN + 1 ))
  elif [ "$rc" = 2 ]; then
    CRIT="$CRIT $d"
    cCRIT=$(( cCRIT + 1 ))
  else
    UNKNOWN="$UNKNOWN $d"
    cUNKNOWN=$(( cUNKNOWN + 1 ))
  fi
done

if [ -n "$CRIT" ]; then rc=2;
elif [ -n "$WARN" ]; then rc=1;
elif [ -n "$UNKNOWN" ]; then rc=3;
else rc=0;
fi

[ -n "$CRIT" ] && echo "CRITICAL ($cCRIT):$CRIT, "
[ -n "$WARN" ] && echo "WARN ($cWARN):$WARN, "
[ -n "$UNKNOWN" ] && echo "UNKNOWN ($cUNKNOWN):$UNKNOWN, "
[ -n "$OK" ] && echo "OK ($cOK):$OK."
cat "$t"
exit $rc