#!/bin/sh

SUBS_CERT=/etc/ssl/nginx/nginx-repo.crt
OPENSSL=/usr/bin/openssl
CERT_EXT_CMD="$OPENSSL x509 -in $SUBS_CERT -text -certopt ca_default,no_sigdump,no_serial -noout"

CCA="-----BEGIN CERTIFICATE-----
MIIDjzCCAnegAwIBAgIJAIu3DxpkIGrqMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzANBgNVBAcMBk1vc2NvdzESMBAGA1UE
CgwJTkdJTlggSW5jMRkwFwYDVQQDDBBuZ2lueCBjbGllbnRzIENBMB4XDTE0MDQx
MjE3MTIyN1oXDTIyMDQxMjE3MTIyN1owXjELMAkGA1UEBhMCUlUxDzANBgNVBAgM
Bk1vc2NvdzEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlOR0lOWCBJbmMxGTAX
BgNVBAMMEG5naW54IGNsaWVudHMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDEPxQdivul86frKz1THqVDNjmFDWoX23w7ineOYJaCSR3e6SlXDM0B
8Rv1ideNtU4mGAhLL7UaCO7b4kRbLF8AKyNoTXj8xxEGUQosufd5xdAe8P/jXIIi
BqbCp9r8DtablLjzs81B9aXgMpoZgddDNsmIvHQn6qU6UerMLNUcB9LBOA2tbcCM
JkZz/A1bWB7jH2SPOh5nuIfZ8w0at+MKFAhsFMkk1Dtm04lvQamqboUA+whmBCAg
j85ReEOAf0WXMR+ADHfaLFvZ/zP5qhLYA+ebJ8frfbey3vs0DHS9AeKfKbvzBPlL
feTvr039/orWmvAPI3i/i1JdtC5ed4DvAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8w
HQYDVR0OBBYEFMV07soOaApznZzWDskzQAalCjB6MB8GA1UdIwQYMBaAFMV07soO
aApznZzWDskzQAalCjB6MA0GCSqGSIb3DQEBBQUAA4IBAQAkMsoWHFZCZO8G4yxj
IkfkUSV65JYo4BvvYUgQPwcEtTv8HNyj84Nwh3yXH62FyyZ0z0RMpzUwHkAm8o/y
LNeEeKoh7T4uClZIogTt/fMJ768aod0Ta6u3KAIElvhoFe68jvrjYH/f1JkSetyz
FNokgN1gkPSc9LU9ksquLORE8ooh33yucSr5yFTRnME1yDujPiXgiLjFBcFQ8mE3
2LuerFU1g3NN7ZiB3Tgj4b2iKVGL/nnm8Un8czxU/yekhbTMBEgNPm28770WjwLH
RhwnsNMWK0Wvv0X+xBoqad2ORnK6Yg91ka51NZWVA7EE3Q8EKaM9fX+VWL/JRB/X
R2o2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIJALe09gGoPNRsMA0GCSqGSIb3DQEBCwUAMD4xEjAQBgNV
BAoMCU5HSU5YIEluYzEoMCYGA1UEAwwfbmdpbnggY2xpZW50IGF1dGhlbnRpY2F0
aW9uIENBMjAeFw0xODExMjkxMTUzNTZaFw0yODA0MTIxMTUzNTZaMD4xEjAQBgNV
BAoMCU5HSU5YIEluYzEoMCYGA1UEAwwfbmdpbnggY2xpZW50IGF1dGhlbnRpY2F0
aW9uIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALXJxxHBV8XR
vgYD2ANRzWphLZu8ChDwFuycxHVyxZYLVp2xRklb5CqsNJUTX+Y/u+1qvhbRuzkK
MMDoLY6PA/Zhj3q/o0lf4KaS5VASbRi3JAW1EsyTs95amW6xpm0kvdV0sBBeOyih
tA6RzCvcaZb5po7cKb9l9S+lIq/dLvDAzxtkgfJN/b0bR+/WeGtTZxwglYK9uh8o
VVW/8IB+Ghm9cuf7JFQbVYdye4/oDy2lpCIdwO/YtBJP/QmwnFPjnEJhszoNPCMz
63brEwzW8f0PnL8LbO4X7x9Pl0llk2SVFO/R0EKV3+V/YvzIYzcPHsK2CGiZooRu
7IGPihFLUSkCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUt6TS69Lu
sK5/xRzb5xMF9qW3m2UwHwYDVR0jBBgwFoAUt6TS69LusK5/xRzb5xMF9qW3m2Uw
DQYJKoZIhvcNAQELBQADggEBAIuf3SBm72H3jDIdVap8I+W+/q/7BSEPUZmW5khq
RZ46Fa2391m+IM3BCTiap048Zj/lImcZZN+1Lk8BV+saPGzgaWE5TiX8s/fhj39V
AOuCw7nMjaXwjJfxDwvBv7sE1CoTLd6+m4vQHuzWNs/Pm9pwUwJpNsOCS1s+NeYC
uVGBuaW3BX3uMnSF4FqhVlmqk3UiYVJ+5TTzWI4sHbneT8H56b8+6LoZoGVz53+3
BQfIHLpWi/SnanN8jRuJtDSJ36AlhaNeeMCx1epAGj7Of1kTLF9KtVOKHOXeguOw
/XPb0/Cn4QCHZeyd9IcR8zTQIVxFz++ss2S021LCNvdTaM4=
-----END CERTIFICATE-----"

check_trial() {
    test -x $OPENSSL || return 1
    test -f $SUBS_CERT || return 1
    verify_cert || return 1
    certext=`$CERT_EXT_CMD`
    echo $certext | fgrep 'Trial subscription' >/dev/null 2>&1
    subtrial=$?
    echo $certext | fgrep 'Developer subscription' >/dev/null 2>&1
    subtrialdev=$?
    [ $subtrial -eq 1 -a $subtrialdev -eq 1 ] && return 1
    ENDDATE=`openssl x509 -enddate -in $SUBS_CERT -noout 2>/dev/null` || return 1
    ENDDATE=`echo $ENDDATE | sed 's/.*=//'`
    ENDDATE=`LC_TIME=C date -d "$ENDDATE" +%s` || return 1
    CURDATE=`date +%s`

    case "$ENDDATE$CURDATE" in
        ''|*[!0-9]*) return 1;;
    esac

    if [ $CURDATE -gt $ENDDATE ]; then
        echo
        if [ $subtrial -eq 0 ]; then
            echo "Your trial subscription of NGINX Plus has now expired."
            echo "Please see https://www.nginx.com/trial-expired/ for more information."
        fi
        if [ $subtrialdev -eq 0 ]; then
            echo "NGINX Plus - Developer Edition"
            echo "ERROR: cannot start, your subscription has expired"
        fi
        echo
        exit 1
    else
        EXPDAYS=$((($ENDDATE-$CURDATE)/86400))
        echo
        if [ $subtrial -eq 0 ]; then
            echo "Your trial subscription will expire in $EXPDAYS days"
        fi
        if [ $subtrialdev -eq 0 ]; then
            echo "NGINX Plus - Developer Edition - for non-production use only"
            echo "Your subscription will expire in $EXPDAYS days"
        fi
        echo
    fi
}

verify_cert() {
    CCAFILE=`mktemp /tmp/ccafile.XXXXXX` || return 1
    printf "%s" "$CCA" >$CCAFILE
    $OPENSSL verify -CAfile $CCAFILE $SUBS_CERT >/dev/null 2>&1
    VALID=$?
    rm -f $CCAFILE
    return $VALID
}

check_trial
exit 0
