From 63f6907bfbb3a4a44091905d03436f43ec88b1cb Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Tue, 25 Jun 2019 14:24:43 +0200
Subject: check-email: output mail

---
 check-email | 56 ++++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 38 insertions(+), 18 deletions(-)

diff --git a/check-email b/check-email
index 55d36c5..da0de62 100755
--- a/check-email
+++ b/check-email
@@ -15,23 +15,29 @@ if ! printf '%s\n' "${header}" | \
   grep -q '^From expiry@letsencrypt\.org' || \
   ! printf '%s\n' "${header}" | \
   grep -qxF 'From: Let'"'"'s Encrypt Expiry Bot <expiry@letsencrypt.org>'; then
-  >&2 echo 'This mail is not from letsencrypt'"'"'s Expiry Bot - ignoring.'
+  # This mail is not from letsencrypt's Expiry Bot - ignore
+  printf '%s\n' "${mail}"
   exit
 fi
 
+body=$(
+  printf '%s\n' "${mail}" | \
+    sed '1,/^$/ d'
+)
+
 claimed_expire_date=$(
   date -d"$(
-    printf '%s\n' "${mail}" | \
+    printf '%s\n' "${body}" | \
       sed '
         s/^.*Your certificate (or certificates) for the names listed below will expire in [0-9]\+ days\? (on \([^)]\+\))\..*$/\1/
         t
         d
       '
-  )" '+%s'
+  )" '+%s' 2>/dev/null
 )
 
 domains=$(
-  printf '%s\n' "${mail}" | \
+  printf '%s\n' "${body}" | \
     sed -n '
       / for details\.$/,/^For any questions or support, / {
         /^$/,/^$/ {
@@ -42,36 +48,50 @@ domains=$(
 )
 
 if [ -z "${domains}" ] || [ -z "${claimed_expire_date}" ]; then
-  >&2 echo 'Could not extract domains/expiration date from letsencrypt email - did the format change?'
-  exit 1
+  printf '%s\n' \
+    "${header}" | \
+    sed '
+      s/^Subject:\s\+/\0PARSE ERROR --- /
+    '
+  printf '\n'
+  printf '%s FAILED TO PARSE THIS MESSAGE!\n\n' \
+    "$0"
+  printf '%s\n' \
+    "${body}"
+  exit
 fi
 
-exit_code=0
+regex=''
 
 for domain in ${domains}; do
+  domain_regex=$(
+    printf '%s\n' "${domain}" | \
+      sed 's/[.]/\\\0/g'
+  )
   real_expire_date=$(
     date -d"$(
       openssl s_client -showcerts -servername "${domain}" -connect "${domain}:443" </dev/null 2>/dev/null | \
-        openssl x509 -noout -dates | \
+        openssl x509 -noout -dates 2>/dev/null | \
         sed '
           s/^notAfter=//
           t
           d
         '
-    )" '+%s'
+    )" '+%s' 2>/dev/null
   )
   if [ -z "${real_expire_date}" ]; then
-    >&2 printf  'could not determine expiration date of cert for %s\n' \
-      "${domain}"
-    exit_code=2
+    regex="${regex};s@^\\s*${domain_regex}\\s*@\0 (EXPIRATION UNKNOWN)@"
+    continue
   fi
   if [ ${claimed_expire_date} -ge ${real_expire_date} ]; then
-    >&2 printf  'certificate for %s really expires!\n' \
-      "${domain}"
-    if [ ${exit_code} -le 1 ]; then
-      exit_code=1
-    fi
+    regex="${regex};s@^\\s*${domain_regex}\\s*@\0 (EXPIRATION CONFIRMED)@"
+    continue
   fi
+  regex="${regex};s@^\\s*${domain_regex}\\s*@\0 (expiration actually $(((real_expire_date-claimed_expire_date)/24/60/60)) days later)@"
 done
 
-exit ${exit_code}
+printf '%s\n\n' \
+  "${header}"
+printf '%s\n' \
+  "${body}" | \
+  sed "${regex}"
-- 
cgit v1.2.3-54-g00ecf