package certchecker

import (
	"crypto/tls"
	"fmt"
	"time"
)

// Check checks if the certificate of the domain expires in less than notifyExpirationDays
// and returns an error if it does
func Check(domain string, notifyExpirationDays int) error {
	conn, err := tls.Dial("tcp", domain+":443", nil)
	if err != nil {
		return err
	}
	defer conn.Close()

	err = conn.Handshake()
	if err != nil {
		return err
	}

	err = conn.VerifyHostname(domain)
	if err != nil {
		return err
	}

	for _, certificate := range conn.ConnectionState().PeerCertificates {
		expiresInDays := int(certificate.NotAfter.Sub(time.Now()).Hours() / 24)
		if expiresInDays < notifyExpirationDays {
			return fmt.Errorf("certificate expires in %d days", expiresInDays)
		}
	}

	return nil
}