#!/bin/sh

# Remove certificates of hosts that both:
# - have been down for more than 30 days;
# - are no longer in the hosts file.

set -o errexit  # (-e) exit immediately if any command has a non-zero exit status
set -o nounset  # (-u) don't accept undefined variables
#set -o xtrace  # for debugging

# Go where this script is.
cd "$(dirname "$0")" || exit

# Go through certs of hosts that have been down for more than 30 days.
find certs -mtime +30 -type f -execdir sh -c '
  cert_file="$1"
  host=$(expr "$cert_file" : "^\.\/\(.*\)\:[0-9]*\.pem$")
  port=$(expr "$cert_file" : "^\.\/.*\:\([0-9]*\)\.pem$")

  # Append port if not default
  if [ "$port" != 1965 ]; then
    host="$host:$port"
  fi

  # If it is not in the hosts file, delete it.
  if ! grep -xq "$host" ../hosts; then
    echo "Pruning $host"
    rm "$cert_file"
  fi
' sh {} \;

echo OK