package checkup

import (
	"bytes"
	"crypto/tls"
	"fmt"
	"time"
)

func CertExpiresSoon(hostname, port string, window time.Duration) (*tls.Conn, error) {
	conn, err := tls.Dial("tcp", hostname+":"+port,
		&tls.Config{ServerName: hostname})

	if err != nil {
		return conn, err
	}

	t := time.Now().Add(window)

	cert := conn.ConnectionState().PeerCertificates[0]

	if t.After(cert.NotAfter) {
		return conn, fmt.Errorf("Cert expires soon: %s ( %d days )",
			cert.NotAfter, (cert.NotAfter.Unix()-time.Now().Unix())/(60*60*24))
	}

	return conn, err
}

func CertInfo(conn *tls.Conn) string {
	buf := &bytes.Buffer{}
	cs := conn.ConnectionState()
	certs := cs.PeerCertificates
	for _, cert := range certs {
		fmt.Fprintf(buf, "Permitted: %v\n", cert.DNSNames)
		fmt.Fprintf(buf, "Permitted: %v\n", cert.PermittedDNSDomains)
		fmt.Fprintf(buf, "Not before: %v\n", cert.NotBefore)
		fmt.Fprintf(buf, "Not after: %v\n", cert.NotAfter)
	}
	return string(buf.Bytes())
}