#!/bin/bash


base_path="/etc/pki/ca-trust/source/anchors/"
tage="10"
#Certificate="$1"

function certcheck(){
	filename="$1"
	#cert_date=$(openssl x509 -enddate -noout -in /etc/pki/ca-trust/source/anchors/20190401-ProxyBw_SRB_EN-Zebel.crt | cut -d "=" -f 2-)
	cert_date=$(openssl x509 -enddate -noout -in $filename | cut -d "=" -f 2-)

	cert_day=$(echo $cert_date | awk '{print $2}')
	cert_month=$(echo $cert_date | awk '{print $1}')
	cert_year=$(echo $cert_date | awk '{print $4}')

	cert_hour=$(printf '%0d' "$(echo $cert_date | awk '{print $3}' | awk -F: '{print $1}')")
	#printf '%0d' "$cert_hour"
	cert_minute=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $2}')
	cert_sec=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $3}')

	#Montatsnamen umrechnen in Zahlen
	case $cert_month in
		"Jan")
			cert_month="01"
		;;
		"Feb")
			cert_month="02"
		;;
		"Mär"|"Mar")
			cert_month="03"
		;;
		"Apr")
			cert_month="04"
		;;
		"Mai"|"May")
			cert_month="05"
		;;
		"Jun")
			cert_month="06"
		;;
		"Jul")
			cert_month="07"
		;;
		"Aug")
			cert_month="08"
		;;
		"Sep")
			cert_month="09"
		;;
		"Okt"|"Oct")
			cert_month="10"
		;;
		"Nov")
			cert_month="11"
		;;
		"Dez"|"Dec")
			cert_month="12"
		;;
		*)
	esac
	
	#Debug
	#echo -e "Day:\t$cert_day\nMonth:\t$cert_month\nYear:\t$cert_year\n"
	#echo -e "Hour:\t$cert_hour\nMinute:\t$cert_minute\nSec:\t$cert_sec\n"
	
	cert_date_in_sec=$(date +%s -d "$cert_year-$cert_month-$cert_day $cert_hour:$cert_minute:$cert_sec")
	now_date_in_sec=$(date +%s)
	
	#Debug
	#echo -e "Certdate:\t$cert_date_in_sec\nNowdate:\t$now_date_in_sec"
	
	#Debug
	#echo -e "$cert_date_in_sec+($tage*24*60*60)"
	
	if [ "$cert_date_in_sec" -ge "$now_date_in_sec" ]
	then
		if [ "$(echo "$cert_date_in_sec+($tage*24*60*60)" | bc)" -ge "$now_date_in_sec" ] 
		then
			#Debug
			#echo "$filename: noch nicht abgelaufen"
			return 0
		else
			#Debug
			#echo "$filename: läuft in weniger als $tage ab"
			return 2
		fi
	else
		#Debug
		#echo "$filename: Cert abgelaufen"
		return 1
	fi
	
	}


#Variableninitialisierung
ok=""
ok_num="0"
ok_var=""
warn=""
warn_num="0"
warn_var=""
error=""
error_num="0"
error_var=""

for cert in $base_path/*
do
	[[ -e "$cert" ]] || break
	#Debug
	#echo $cert
	
	certcheck $cert
	rueckgabe=$?
	
	#Debug
	#echo "Rückgabewert: $rueckgabe"
	cert_short=$(echo "$cert" | awk -F "/" '{print $NF}')

	case "$rueckgabe" in
		0)
			ok="1"
			((ok_num++))
			ok_var="$ok_var $cert_short"
		;;
		1)
			error="1"
			((error_num++))
			error_var="$error_var $cert_short"
		;;
		2)
			warn="1"
			((warn_num++))
			warn_var="$warn_var $cert_short"
		;;
	esac


done

perfdata="$error_num;$warn_num;$ok_num"

#Debug
#echo -e "ok:\t$ok\tok_var:\t$ok_var\nwarn:\t$warn\twarn_var:\t$warn_var\nerror:\t$error\terror_var:\t$error_var"
if [ "$error" = "1" ]
then
	echo "cert_check ERROR: Cert's abgelaufen: $error_var | $perfdata"
	exit 2
elif [ "$warn" = "1" ]
then
	echo "cert_check WARNING: Cert's laufen in < $tage Tag(en) ab: $warn_var | $perfdata"
	exit 1
elif [ "$ok" = "1" ]
then
        echo "cert_check OK: Cert aktuell: $ok_var | $perfdata"
        exit 0
else
	echo "cert_check UNKNOWN | $perfdata"
	exit 3
fi

#certcheck $base_path/$Certificate