geberl · October 15, 2022 09:25
diff --git a/parse_certs.go b/parse_certs.go
 package main

 import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
 	"io/ioutil"
 	"math"
 	"os"
 	"path/filepath"
 )

 func main() {
 	certDumpDir := "/Users/guenther/Development/backend/certs"
 	fileList := make([]string, 0)
 	err := filepath.Walk(certDumpDir, func(path string, f os.FileInfo, err error) error {
 		fileList = append(fileList, path)
 		return err
 	})
 	if err != nil {
 		fmt.Printf("unable to build file list: %v", err)
 	}

 	for _, filePath := range fileList {
 		fileNameNew, err := generateFilename(filePath)
 		if err != nil {
 			fmt.Printf("invalid cert: %s\n", filePath)
 		} else {
 			fmt.Printf("valid cert:   %s\n", fileNameNew)
 		}
 	}
 }

 func generateFilename(path string) (string, error) {
 	content, err := ioutil.ReadFile(path)
 	if err != nil {
 		return "", fmt.Errorf("unable to read file content: %v", err)
 	}

 	expiryEpoch, err := getExpiryEpoch(content)
 	if err != nil {
 		return "", fmt.Errorf("invalid cert: %v", err)
 	}
 	fixedLengthInverseExpiryEpoch := fmt.Sprintf("%016x", math.MaxInt64-expiryEpoch)
 	filePath := fmt.Sprintf("%s_%s.pem", fixedLengthInverseExpiryEpoch, "rest")
 	return filePath, nil
 }

 func getExpiryEpoch(pemData []byte) (int64, error) {
 	// Only the first block (= end-entity certificate) is interesting here, the rest of the chain doesn't matter.
 	block, _ := pem.Decode(pemData)
 	if block == nil {
 		return 0, fmt.Errorf("invalid PEM-encoded certificate")
 	}
 	if block.Type != "CERTIFICATE" {
 		return 0, fmt.Errorf("invalid PEM block type: %s", block.Type)
 	}

 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
 		return 0, err
 	}

 	return cert.NotAfter.Unix(), nil
 }
	package main

	import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"math"
	"os"
	"path/filepath"
	)

	func main() {
	certDumpDir := "/Users/guenther/Development/backend/certs"
	fileList := make([]string, 0)
	err := filepath.Walk(certDumpDir, func(path string, f os.FileInfo, err error) error {
	fileList = append(fileList, path)
	return err
	})
	if err != nil {
	fmt.Printf("unable to build file list: %v", err)
	}

	for _, filePath := range fileList {
	fileNameNew, err := generateFilename(filePath)
	if err != nil {
	fmt.Printf("invalid cert: %s\n", filePath)
	} else {
	fmt.Printf("valid cert: %s\n", fileNameNew)
	}
	}
	}

	func generateFilename(path string) (string, error) {
	content, err := ioutil.ReadFile(path)
	if err != nil {
	return "", fmt.Errorf("unable to read file content: %v", err)
	}

	expiryEpoch, err := getExpiryEpoch(content)
	if err != nil {
	return "", fmt.Errorf("invalid cert: %v", err)
	}
	fixedLengthInverseExpiryEpoch := fmt.Sprintf("%016x", math.MaxInt64-expiryEpoch)
	filePath := fmt.Sprintf("%s_%s.pem", fixedLengthInverseExpiryEpoch, "rest")
	return filePath, nil
	}

	func getExpiryEpoch(pemData []byte) (int64, error) {
	// Only the first block (= end-entity certificate) is interesting here, the rest of the chain doesn't matter.
	block, _ := pem.Decode(pemData)
	if block == nil {
	return 0, fmt.Errorf("invalid PEM-encoded certificate")
	}
	if block.Type != "CERTIFICATE" {
	return 0, fmt.Errorf("invalid PEM block type: %s", block.Type)
	}

	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
	return 0, err
	}

	return cert.NotAfter.Unix(), nil
	}