#!/bin/bash
#
# letsencrypt-tools
# https://git.stack-source.com/msb/letsencrypt-tools
# Copyright (c) 2022 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
# must be root
if [ "$USER" != "root" ]; then
  exec sudo -u root $0 $@
fi

help()
{
  thisfilename=$(basename -- "$0")
  echo "$thisfilename"
  echo "Get Let's Encrypt certificate info."
  echo ""
  echo "Usage: $thisfilename [-d <domain>] [-c] [-h]"
  echo ""
  echo "  -h          Print this help."
  echo "  -d <domain> Domain (hostname) to get certificate info for."
  echo "  -c          CVS - Output in cvs format, instead of tabbed table."
  exit
}

# set options
while getopts "hd:c" opt; do
  case "${opt}" in
    h )
      help
      exit;;
    d ) # domain name (hostname) to get cert for
      domain=${OPTARG,,}
      ;;
    c ) # cvs - output in cvs format
      cvs=true
      ;;
    \? )
      echo "Invalid option: $OPTARG" 1>&2
      exit;;
    : )
      echo "Invalid option: $OPTARG requires an argument" 1>&2
      exit;;
  esac
done

# create newline var
NL=$'\n'

if [[ -n $domain ]]; then
  if [[ -f /etc/ssl/letsencrypt/$domain.pem ]]; then
    certificateArray=($domain.pem)
  else
    echo "ERROR: Certificate for $domain not found"
    exit 1
  fi
else
  if [[ -d /etc/ssl/letsencrypt/ ]]; then
    certificateArray=(`ls -1 /etc/ssl/letsencrypt/`)
  else
    echo "ERROR: Certificate directory /etc/ssl/letsencrypt/ does not exist"
    exit 1
  fi
fi

# certificate common start end alternative
output="certificate,common,start,end,alternative"

for certificate in "${certificateArray[@]}"
do
  common=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "Subject: CN ="|cut -d = -f 2|xargs)
  start=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "Not Before:"|cut -d : -f 2-|xargs)
  end=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "Not After"|cut -d : -f 2-|xargs)
  alternative=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "DNS:"|sed 's|DNS:||g'|sed 's|,||g'|xargs)
  output="$output${NL}$certificate,$common,$start,$end,$alternative"
done
if [[ $output != "certificate,common,start,end,alternative" ]]; then
  if [[ $cvs ]]; then
    echo "$output"
  else
    echo "$output" | column -t -s ,
  fi
fi