#!/usr/bin/python3

import sys, socket, time, os
from datetime import datetime
from OpenSSL import SSL

verbose = os.environ.get("SSLWATCH_VERBOSE")

class server:
  def __init__(self, host, port):
      self.host = host
      if type(port)==str:
        if port.isdigit():
          port = int(port)
        else:
          port = socket.getservbyname(port)
      ctx = SSL.Context(SSL.SSLv23_METHOD)
      #ctx.set_verify(SSL.VERIFY_NONE, self.callback)
      s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
      s.settimeout(5)
      self.conn = SSL.Connection(ctx, s)
      self.conn.connect((host, port))
      self.conn.setblocking(True)
      self.conn.do_handshake()
      self.cert = self.conn.get_peer_certificate()
  def callback(self, conn, cert, errno, depth, result):
      pass
  def get_not_after(self):
      datestr = self.cert.get_notAfter()[:14]
      return datetime.strptime(datestr, "%Y%m%d%H%M%S")
  def age(self):
      return (self.get_not_after()-datetime.now()).days
  def check_subject(self):
      if self.host != self.cert.get_subject().CN:
        print("CN error: %s != %s" % (self.host, self.cert.get_subject().CN))
  def check_age(self, warn=31):
      if self.age()<warn:
        print("CN error: Certificate expiry in %d days" % self.age())
  def check(self):
      self.check_subject()
      self.check_age()

for hostport in sys.argv[1:]:
  conn = server(*hostport.split(":", 1))
  conn.check()
  if verbose:
    print("CN:", conn.cert.get_subject().CN)
    print("Age:", conn.age())
