#!/usr/bin/env bash

err() {
	printf '%s\n' "$*" >&2
}

msg() {
	printf '%s\n' "$*"
}

set_default() {
	declare -n _vref=$1

	if ! [[ "$_vref" ]]; then
		_vref=$2
	fi
}

gen_san_string() {
	declare d
	declare -a argv

	argv=( "$@" )

	printf '[SAN]\nsubjectAltName='

	for d in "${argv[@]}"; do
		printf 'DNS:%s' "$d"
		if ! [[ "$d" == "${argv[-1]}" ]]; then
			printf ','
		fi
	done
}

main() {
	declare cfg_dir
	declare -a domains le_args

	while (( $# )); do
		case $1 in
			-c)
				cfg_dir=$2
				shift;;

			-t)
				checkend_seconds=$2
				shift;;

			-d)
				domains+=( "$2" )
				shift;;

			--)
				shift
				break;;

			*) break;;
		esac

		shift
	done

	set_default cfg_dir "$HOME/.acme"
	set_default checkend_seconds 259200

	certname=$1

	if ! [[ "$certname" ]]; then
		err "Please tell me what to do!"
		return 1
	fi

	if [[ -f "$cfg_dir/domains/$certname/renew.fail" ]]; then
		err "Fail flag exists: $cfg_dir/domains/$certname/renew.fail, not attempting renew."
		return 2
	fi

	if ! openssl x509 -checkend "$checkend_seconds" < "$cfg_dir/domains/$certname/certificate.pem"; then
		if ! (( "${#domains[@]}" )); then
			if [[ -f "$cfg_dir/domains/$certname/renew.cfg" ]]; then
				source "$cfg_dir/domains/$certname/renew.cfg"
			else
				domains=( "$certname" )
			fi
		fi

		for d in "${domains[@]}"; do
			le_args+=( '-d' "$d" )
		done

		if ! le "${le_args[@]}"; then
			> "$cfg_dir/domains/$certname/renew.fail"
		fi
	fi
}

main "$@"