#!/usr/bin/env bash

err() {
	printf '%s\n' "$*" >&2
}

msg() {
	printf '%s\n' "$*"
}

set_default() {
	declare -n _vref=$1

	if ! [[ "$_vref" ]]; then
		_vref=$2
	fi
}

usage() {
	while read -r line; do printf '%s\n' "$line"; done <<- EOF
		Usage: le [options] <-d domain> [-d domain] ...
		   Options:
		      -c <dir>        # Configuration directory. Default: \$HOME/.acme
		      -t <sec>        # How many seconds till exipration to consider as soon. Default: 259200 (3 days)
		                      # Can be specified multiple time for multi-domain certs.
		      -h              # Show this message.
	EOF
}

main() {
	declare cfg_dir
	declare -a domains le_args

	while (( $# )); do
		case $1 in
			-c)
				cfg_dir=$2
				shift;;

			-t)
				checkend_seconds=$2
				shift;;

			-h)
				usage
				return 0;;

			--)
				shift
				break;;

			*) break;;
		esac

		shift
	done

	set_default cfg_dir "$HOME/.acme"
	set_default checkend_seconds 259200

	certname=$1

	if ! [[ "$certname" ]]; then
		err "Please tell me what to do!"
		return 1
	fi

	if [[ -f "$cfg_dir/domains/$certname/renew.fail" ]]; then
		err "Fail flag exists: $cfg_dir/domains/$certname/renew.fail, not attempting renew."
		return 2
	fi

	if ! openssl x509 -checkend "$checkend_seconds" < "$cfg_dir/domains/$certname/certificate.pem"; then
		if ! (( "${#domains[@]}" )); then
			if [[ -f "$cfg_dir/domains/$certname/renew.cfg" ]]; then
				source "$cfg_dir/domains/$certname/renew.cfg"
			else
				domains=( "$certname" )
			fi
		fi

		for d in "${domains[@]}"; do
			le_args+=( '-d' "$d" )
		done

		le "${le_args[@]}"

		if (( $? )); then
			> "$cfg_dir/domains/$certname/renew.fail"
		fi
	fi
}

main "$@"