#! /usr/bin/env runjs

var TimeUnit = java.util.concurrent.TimeUnit;
var DirWalkTool = Packages.me.hatter.tools.commons.file.DirWalkTool;
var DirWalker = Packages.me.hatter.tools.commons.file.DirWalkTool.DirWalker;
var X509CertUtil = Packages.me.hatter.tools.commons.security.cert.X509CertUtil;

var OKGREEN = '\033[92m';
var WARNING = '\033[93m';
var FAIL = '\033[91m';
var UNDERLINE = '\033[4m';
var ENDC = '\033[0m';

var main = () => {
    if ($ARGS == null || $ARGS.length == 0) {
        println('scancert.js - Scan cert.')
        println();
        println('ERROR: NO arguments assigned!');
        println('scancert.js <dir | file.pem>');
        return;
    }
    var scanCount = 0;
    var warnings = [];
    var fails = [];
    var minDayLeft = null;
    var maxDayLeft = null;
    var scanFile = (is, file) => {
        var bytes = $$.io().bytesAndClose(is);
        if (bytes.toString().contains('BEGIN CERTIFICATE')) {
            scanCount++;
            println('[INFO] Cert pem file found: ' + file);
            // is cert pem file
            var certs = X509CertUtil.orderX509CertificateList(X509CertUtil.parseX509CertificateList(bytes.getBytes()));
            if (certs.size() < 1) {
                println('[ERROR] Cannot find any cert.');
            } else {
                var todayMillis = $$.date().millis();
                var leafCert = certs.get(0);
                var notAfter = leafCert.getNotAfter();
                var altNames = leafCert.getSubjectAlternativeNames();

                var colorStart = OKGREEN;
                var colorEnd = ENDC;
                if (notAfter.getTime() < (todayMillis + TimeUnit.DAYS.toMillis(10))) {
                    colorStart = FAIL;
                    fails.push(file);
                } else if (notAfter.getTime() < (todayMillis + TimeUnit.DAYS.toMillis(30))) {
                    colorStart = WARNING;
                    warnings.push(file);
                }
                var dayLeft = parseInt((notAfter.getTime() - todayMillis) / TimeUnit.DAYS.toMillis(1));
                minDayLeft = (minDayLeft == null)? dayLeft: Math.min(minDayLeft, dayLeft);
                maxDayLeft = (maxDayLeft == null)? dayLeft: Math.max(maxDayLeft, dayLeft);
                println(colorStart
                      + 'Expires: '+ $$.date().fmt('yyyy-MM-dd').format(notAfter)
                      + ' (' + dayLeft + ' days)'
                      + colorEnd
                      + ', DNS Name(s): ' + $ARRAY(altNames).map((n) => { return n.get(1) }).join(', '));
            }
        }
    };

    var f = $$.file($ARGS[0]);
    if (!f.exists()) {
        println('File or Directory not exists: ' + f);
        return;
    }
    if (f.isFile()) {
        scanFile($$.rFile(f).rStream().stream(), f);
    } else {
        var dir = f;
        println('[INFO] Scan .pem file(s): ' + dir);
        var walkTool = new DirWalkTool(dir);

        walkTool.walk(new DirWalker({
            "accept": (file) => {
                if (file.isDirectory()) {
                    return true;
                }
                if (file.getName().endsWith('.pem')) {
                    return true;
                }
            }, 
            "readInputStream": (is, file) => {
                scanFile(is, file);
            }
        }));
    }
    println();
    println('Scaned file: ' + scanCount);
    if (warnings.length > 0) {
        print(WARNING);
        println('WARNINGS:');
        warnings.forEach((f) => {
            println(f);
        });
        print(ENDC);
    }
    if (fails.length > 0) {
        print(FAIL);
        println('FAILS:');
        fails.forEach((f) => {
            println(f);
        });
        print(ENDC);
    }
    if ((warnings.length == 0) && (fails.length == 0)) {
        println(OKGREEN + 'No waning or fail found.' + ENDC)
    }
    if ((minDayLeft != null) && (maxDayLeft != null)) {
        println('Day left, min: ' + minDayLeft + ', max: ' + maxDayLeft);
    }
};

main();