#!/bin/bash

#set -e

PUB_CERTS_DIR="/srv/CA/pki/issued"

# 1 day in seconds 86400
# 7 days in seconds: 604800
# 30 days in seconds: 2592000
DAYS="{{ easy_rsa_alert_on_cert_seconds_before_expire }}"
RETVAL=

# Email settings
_sub=" will expire within $DAYS seconds (30 days):"
_from="{{ easy_rsa_alert_on_cert_from }}"
_to="{{ easy_rsa_alert_on_cert_to }}"
_openssl="/usr/bin/openssl"

for cert in "$PUB_CERTS_DIR/"*.crt ; do
    #echo -n "$cert: "
    #$_openssl x509 -enddate -noout -in "$cert"  -checkend "$DAYS" | grep -q 'notAfter'
    expiry_date=$( $_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" )
    RETVAL=$?
    #echo "RETVAL: $RETVAL"

    # Send email
    if [ $RETVAL -ne 0 ] ; then
        echo "$cert ${_sub} $expiry_date"
{% if easy_rsa_alert_on_cert_expiration %}
        mail -s "$cert $_sub" -r "$_from" "$_to" <<< "Warning: The TLS/SSL certificate ($cert) will expire soon on $HOSTNAME [$(date)]: $expiry_date"
#            # See https://www.cyberciti.biz/mobile-devices/android/how-to-push-send-message-to-ios-and-android-from-linux-cli/ #
#            source ~/bin/cli_app.sh
#            push_to_mobile "$0" "$_sub. See $_to email for detailed log. -- $HOSTNAME " >/dev/null
{% endif %}
    fi
done

exit 0