<?php

class SslCertException extends \Exception
{
    public function __construct($message = '', $code = 0, Throwable $previous = null)
    {
        parent::__construct($message, $code, $previous);
    }
}
function sslCertInfo(string $url, int &$error_code = null, string &$error_message = null): array | false
{
    $domain = parse_url($url, PHP_URL_HOST);
    $streamContext = stream_context_create(["ssl" => ["capture_peer_cert" => TRUE]]);
    $streamClient = stream_socket_client("ssl://$domain:443", $error_code, $error_message,
        30, STREAM_CLIENT_CONNECT, $streamContext);
    if(! $streamClient) return false;
    return openssl_x509_parse(stream_context_get_params($streamClient)['options']['ssl']['peer_certificate']);
}

function checkCertDate(string $url, int $daysBeforeExpiration = 0)
{
    $certInfo = sslCertInfo($url, $error_code, $error_message);
    if(!$certInfo) throw new SslCertException('Failed to retrieve cert info: '.$error_message, $error_code);
    $notBefore = new DateTime('@'.$certInfo['validFrom_time_t']);
    $notAfter = new DateTime('@'.$certInfo['validTo_time_t']);
    $now = new DateTime();

    if($now < $notBefore) throw new SslCertException('Cert is not valid yet.');
    if($now > $notAfter) throw new SslCertException('Cert is expired.');

    $daysDiff = $notAfter->diff($now)->format("%a");
    if($daysBeforeExpiration > $daysDiff) throw new SslCertException("Cert has $daysDiff days before it expires.");
}