#!/bin/sh

set -e

for cert in /var/lib/ocserv/certs/*.crt ; do
        # get email
        email="$(openssl x509 -noout -email -in "${cert}")"
        if [ -z "${email}" ] ; then
                # if emailAddress is not specified in certificate, assume CN is the email
                email="$(openssl x509 -noout -subject -in "${cert}" | sed 's/^.* CN = \([^,]*\).*$/\1/')"
        fi
        if [ -z "${email}" ] ; then
                # bail if we still don’t have an email to send to
                continue
        fi

        # get number of days the certificate will remain valid for
        end="$(openssl x509 -noout -dateopt iso_8601 -enddate -in "${cert}" | cut -d '=' -f 2)"
        validity="$(( ($(date -d "${end}" +%s) - $(date +%s)) / 86400 ))"

        # send notice 14 and 7 days before expiry
        if [ "${validity}" -eq 14 ] || [ "${validity}" -eq 7 ] ; then
                /usr/sbin/sendmail -t <<EOF
To: ${email}
Bcc: root
Date: $(date -R)
Subject: Potek certifikata za FRI VPN

Spoštovani,

čez ${validity} dni bo potekel FRI VPN certifikat za ${email}. Če dostop še potrebujete, kontaktirajte RC FRI za podaljšanje.

Lep pozdrav,
RC FRI

///

Hello,

in ${validity} days the FRI VPN certificate for ${email} will expire. If you still need access, contact RC FRI for renewal.

Best regards,
RC FRI
EOF
        fi
done