#!/usr/bin/python
from __future__ import print_function
from sys import stderr

import subprocess, time, calendar, os, getopt

def usage():
  print("""Usage: cert-check [options] files ...
	-h,--help	this message
	-q,--quiet	do not print cert files needing (re)newing
	-d n,--days=n	days before expiration to renew (default 7)
Succeeds only if all certs exist and are more than <days> from expiration.""",
        file=stderr)
  return 2

def main(argv):
  days = 7	# days ahead to 
  quiet = False

  try:
    opts,args = getopt.getopt(argv,'hqd:',['days=','quiet','help'])
  except getopt.GetoptError as err:
    # print help information and exit:
    print(err,file=stderr) # prints something like "option -a not recognized"
    return usage()

  for opt,val in opts:
    if opt in ('-h','--help'):
      return usage()
    if opt in ('-q','--quiet'):
      quiet = True
    if opt in ('-d','--days'):
      try:
        days = int(val)
      except:
        return usage()
      
  now = time.time()
  soon = now + days * 24 * 60 * 60
  rc = 0

  for fn in args:
      try:
          size = os.path.getsize(fn)
      except:
          size = 0
      if size == 0:
          if not quiet: print(fn)
          rc += 1
          continue
      proc = subprocess.Popen(
          ["openssl", "x509", "-in", fn, "-noout", "-enddate"],
          stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
      out, err = proc.communicate()
      if proc.returncode != 0:
          raise IOError("{1}: OpenSSL Error: {0}".format(err,fn))
      t = time.strptime(out.decode(),'notAfter=%b %d %H:%M:%S %Y GMT\n')
      t = calendar.timegm(t)
      if soon > t: 
          if not quiet: print(fn)
          rc += 1
  return rc > 0

if __name__ == '__main__':
  import sys
  sys.exit(main(sys.argv[1:]))