import sys
import datetime
import os
from cryptography import x509
from cryptography.hazmat.primitives.serialization import pkcs12
from cryptography.hazmat.backends import default_backend

cert_path = sys.argv[1]
password = sys.argv[2]

try:
    if not os.path.exists(cert_path):
        print("NOT_FOUND")
        sys.exit(1)
    
    with open(cert_path, "rb") as f:
        p12_data = f.read()
    
    private_key, cert, additional_certs = pkcs12.load_key_and_certificates(
        p12_data, password.encode(), default_backend()
    )
    
    now = datetime.datetime.now(datetime.timezone.utc)
    not_after = cert.not_valid_after_utc.replace(tzinfo=datetime.timezone.utc)
    not_before = cert.not_valid_before_utc.replace(tzinfo=datetime.timezone.utc)
    
    if now > not_after:
        print("EXPIRED")
        sys.exit(1)
    
    if now < not_before:
        print("NOT_YET_VALID")
        sys.exit(1)
    
    days_until = (not_after - now).days
    
    print(f"OK:{days_until}")
    
except FileNotFoundError:
    print("NOT_FOUND")
    sys.exit(1)
except Exception as e:
    print("INVALID")
    sys.exit(1)