#!/bin/bash

function test-ssl {
   # $1: descr
   # $2: server:port
   # $3: (optional) StartTLS indicator: [pop3|smtp]

   echo "(certificate"
   echo "-\\n"

   echo "(type"
   echo "-$1"
   echo ")type"

   echo "(server"
   echo "-$2"
   echo ")server"


   if [[ -z $3 ]]; then
      local CERT=`echo | openssl s_client -connect $2 -servername $2 2>/tmp/run-xml.err`
   else
      local CERT=`echo | openssl s_client -connect $2 -servername $2 -starttls $3 2>/tmp/run-xml.err`
   fi

   if [[ "$CERT" =~ '-----BEGIN CERTIFICATE-----' ]]; then
      local OPENSSL=`echo "$CERT" | openssl x509 -noout -issuer -dates -subject`
   else
      echo "Certificate load failed for $2 ($3)" >&2
      cat /tmp/run-xml.err >&2
   fi

   local NOTBEFORE=`echo "$OPENSSL" | grep 'notBefore' | sed "s/^notBefore=\(.*\)$/\1/g"`
   local NOTAFTER=`echo "$OPENSSL" | grep 'notAfter' | sed "s/^notAfter=\(.*\)$/\1/g"`
   local NOTAFTER_SEC=`date -d "$NOTAFTER" +%s`
   local NOW_SEC=`date +%s`
   local DIFF_SEC=$(($NOTAFTER_SEC-$NOW_SEC))
   local ISSUER=`echo "$OPENSSL" | grep "issuer" | sed "s/^issuer=\(.*\)$/\1/g"`
   local SUBJECT=`echo "$OPENSSL" | grep "subject" | sed "s/^subject=\(.*\)$/\1/g"`

   echo "(notbefore"
   echo "-$NOTBEFORE"
   echo ")notbefore"

   echo "(notafter"
   echo "-$NOTAFTER"
   echo ")notafter"

   echo "(notafter_sec"
   echo "-$DIFF_SEC"
   echo ")notafter_sec"

   echo "(issuer"
   echo "-$ISSUER"
   echo ")issuer"

   echo "(subject"
   echo "-$SUBJECT"
   echo ")subject"

   echo "-\\n"
   echo ")certificate"
}


echo "(certificates"
echo "-\\n"

test-ssl 'SMTP transfer' mail.foxinnovations.be:995
test-ssl 'SMTP submission' mail.foxinnovations.be:587 smtp
test-ssl 'POP3' mail.foxinnovations.be:110 pop3
test-ssl 'HTTPS' filmoptv.be:443
test-ssl 'HTTPS' www.filmoptv.be:443
test-ssl 'HTTPS' mon.foxinnovations.be:443

for f in /etc/letsencrypt/live/*; do
   test-ssl 'HTTPS' "$(basename $f):443"
done

echo "-\\n"
echo ")certificates"