#! /usr/bin/perl

#
# uses certexp.go from https://thrig.me/src/scripts.git/
#

# check certs of the form
#
# www.lehmann.cx:443
# irc.libera.chat:6697
# xmpp.hmm.st:5223
#
# only direct TLS connects work, STARTTLS does not
#
# typically you would put the program into a cronjob that runs once a day
#
# perl checkcert.pl domains.txt
#

#
# by alexlehm/at/gmail.com
#

use strict;

# warn time is 15 days before expiry
my @time=localtime(time()+15*24*60*60);

my $warntime=sprintf "%04d-%02d-%02d", $time[5]+1900, $time[4]+1, $time[3];

while(<>) {
    chop;

    next if /^#/;

    my $host=$_;

    open(PIPE, "~/certexp/certexp $host|");
    my $notafter="";

    while(<PIPE>) {
        chop;
        if(/^notAfter (.*)/) {
            if($notafter eq "" | $1 le $notafter) {
                $notafter=$1;
            }
        }
    }
    close PIPE;
    if($notafter le $warntime) {
        print "$host $notafter\n";
    }
}