package main

import (
	"crypto/x509"
	"encoding/pem"
	"flag"
	"os"
	"time"

	log "github.com/sirupsen/logrus"
)

func main() {
	fDays := flag.Int("d", 20, "number of days to alert on")
	fDebug := flag.Bool("D", false, "debug mode")

	flag.Parse()

	if *fDebug {
		log.SetLevel(log.DebugLevel)
	}

	for _, file := range flag.Args() {
		var certs []*x509.Certificate

		buf, err := os.ReadFile(file)
		if err != nil {
			log.Errorf("%q could not be read: %s", file, err)
			continue
		}

		more := true
		for more {
			block, rest := pem.Decode(buf)
			log.Debugf("%q : %s", file, block.Type)

			cert, err := x509.ParseCertificate(block.Bytes)
			if err != nil {
				log.Errorf("%q cert could not be parsed: %s", file, err)
				continue
			}
			certs = append(certs, cert)

			if len(rest) == 0 {
				more = false
			}
			// reset the buffer if there is more
			buf = rest
		}

		for _, cert := range certs {
			if len(cert.DNSNames) == 0 {
				continue
			}

			hours := time.Duration(*fDays * -24)
			alertTime := cert.NotAfter.Add(hours * time.Hour)
			today := time.Now()
			if today.After(alertTime) {
				log.Warnf("%q : TIME TO RENEW CERTIFICATE (expires in less than %d days)", file, *fDays)
				log.Infof("%q : %v", file, cert.NotAfter)
				log.Infof("%q : %v", file, cert.DNSNames)
			} else {
				log.Debugf("%q : %v", file, cert.NotAfter)
				log.Debugf("%q : %v", file, cert.DNSNames)
			}
		}
	}

}