#!/bin/bash

if [ "$DEBUG" ]; then
  set -x
fi
 

for sslhost in $*; do
  color=""
  tlsv1=""
  tlsv1_1=""
  tlsv1_2=""
  tlsv1_3=""
  status_msg='OK'
  vers_msg=''
  color='green'
  vers_color='green'

  chk=`expr "$sslhost" : '\([^:]*\):.*'`
  if [ ! "$chk" ]; then
    sslhost="$sslhost:443"
  fi
  servername=`expr "$sslhost" : '\(.*\):.*'`
  sslout=`echo | timeout 3 openssl s_client -servername ${servername} -connect ${sslhost} 2>/dev/null | openssl x509 -noout -subject -issuer -dates -fingerprint`
  if echo | timeout 3 openssl s_client -servername ${servername} -connect ${sslhost} -tls1_1 >/dev/null 2>&1; then
    tlsv1_1=1
    vers_msg="${vers_msg}TLSv1.1 "
    vers_color='orange'
  fi
  if echo | timeout 3 openssl s_client -servername ${servername} -connect ${sslhost} -tls1 >/dev/null 2>&1; then
    tlsv1=1
    vers_msg="${vers_msg}TLSv1 "
    vers_color='red'
  fi
  if echo | timeout 3 openssl s_client -servername ${servername} -connect ${sslhost} -tls1_2 >/dev/null 2>&1; then
    tlsv1_2=1
    vers_msg="${vers_msg}TLSv1.2 "
  fi
  if echo | timeout 3 openssl s_client -servername ${servername} -connect ${sslhost} -tls1_3 >/dev/null 2>&1; then
    tlsv1_3=1
    vers_msg="${vers_msg}TLSv1.3 "
  fi
  subject=`echo "${sslout}" | sed -n 's/.*subject=[ ]*\(.*\)/\1/p'`
  issuer=`echo "${sslout}" | sed -n 's/.*issuer=[ ]*\(.*\)/\1/p'`
  notbefore=`echo "${sslout}" | sed -n 's/.*notBefore=[ ]*\(.*\)/\1/p'`
  notafter=`echo "${sslout}" | sed -n 's/.*notAfter=[ ]*\(.*\)/\1/p'`
  fingerprint=`echo "${sslout}" | sed -n 's/.*Fingerprint=[ ]*\(.*\)/\1/p'`
  if [ "${notafter}" ]; then
    notbefore=`date +%Y-%m-%dT%H:%M:%S -d"${notbefore}"`
    notafter=`date +%Y-%m-%dT%H:%M:%S -d"${notafter}"`
    na_secs=`date +%s -d"${notafter}"`
    cur_secs=`date +%s`
    diff_secs=`expr $na_secs - $cur_secs`
    if [ $diff_secs -lt 0 ]; then
      status_msg='EXPIRED'
      color='red'
    elif [ $diff_secs -lt 2628000 ]; then
      status_msg='CRITICAL'
      color='red'
    elif [ $diff_secs -lt 5256000 ]; then
      status_msg='WARNING'
      color='orange'
    fi
  else
    notafter="9999-01-01T00:00:00"
    notbefore="9999-01-01T00:00:00"
    status_msg='DOWN'
    vers_msg='DOWN'
    color=''
    vers_color=''
  fi
  vers_msg=`echo "${vers_msg}" | sed 's/[ ]*$//'`
  echo "%${color}%${status_msg}%%	%${vers_color}%${vers_msg}%%	${sslhost}	${subject}	${issuer}	${notafter}	${notbefore}" 
done | sort -t'	' -k1,1r -k6,6r