geberl/parse_certs.go

## parse_certs.go
package main

import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"math"
	"os"
	"path/filepath"
)

func main() {
	certDumpDir := "/Users/guenther/Development/backend/certs"
	fileList := make([]string, 0)
	err := filepath.Walk(certDumpDir, func(path string, f os.FileInfo, err error) error {
		fileList = append(fileList, path)
		return err
	})
	if err != nil {
		fmt.Printf("unable to build file list: %v", err)
	}

	for _, filePath := range fileList {
		fileNameNew, err := generateFilename(filePath)
		if err != nil {
			fmt.Printf("invalid cert: %s\n", filePath)
		} else {
			fmt.Printf("valid cert:   %s\n", fileNameNew)
		}
	}
}

func generateFilename(path string) (string, error) {
	content, err := ioutil.ReadFile(path)
	if err != nil {
		return "", fmt.Errorf("unable to read file content: %v", err)
	}

	expiryEpoch, err := getExpiryEpoch(content)
	if err != nil {
		return "", fmt.Errorf("invalid cert: %v", err)
	}
	fixedLengthInverseExpiryEpoch := fmt.Sprintf("%016x", math.MaxInt64-expiryEpoch)
	filePath := fmt.Sprintf("%s_%s.pem", fixedLengthInverseExpiryEpoch, "rest")
	return filePath, nil
}

func getExpiryEpoch(pemData []byte) (int64, error) {
	// Only the first block (= end-entity certificate) is interesting here, the rest of the chain doesn't matter.
	block, _ := pem.Decode(pemData)
	if block == nil {
		return 0, fmt.Errorf("invalid PEM-encoded certificate")
	}
	if block.Type != "CERTIFICATE" {
		return 0, fmt.Errorf("invalid PEM block type: %s", block.Type)
	}

	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return 0, err
	}

	return cert.NotAfter.Unix(), nil
}
	package main

	import (
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"math"
	"os"
	"path/filepath"
	)

	func main() {
	certDumpDir := "/Users/guenther/Development/backend/certs"
	fileList := make([]string, 0)
	err := filepath.Walk(certDumpDir, func(path string, f os.FileInfo, err error) error {
	fileList = append(fileList, path)
	return err
	})
	if err != nil {
	fmt.Printf("unable to build file list: %v", err)
	}

	for _, filePath := range fileList {
	fileNameNew, err := generateFilename(filePath)
	if err != nil {
	fmt.Printf("invalid cert: %s\n", filePath)
	} else {
	fmt.Printf("valid cert: %s\n", fileNameNew)
	}
	}
	}

	func generateFilename(path string) (string, error) {
	content, err := ioutil.ReadFile(path)
	if err != nil {
	return "", fmt.Errorf("unable to read file content: %v", err)
	}

	expiryEpoch, err := getExpiryEpoch(content)
	if err != nil {
	return "", fmt.Errorf("invalid cert: %v", err)
	}
	fixedLengthInverseExpiryEpoch := fmt.Sprintf("%016x", math.MaxInt64-expiryEpoch)
	filePath := fmt.Sprintf("%s_%s.pem", fixedLengthInverseExpiryEpoch, "rest")
	return filePath, nil
	}

	func getExpiryEpoch(pemData []byte) (int64, error) {
	// Only the first block (= end-entity certificate) is interesting here, the rest of the chain doesn't matter.
	block, _ := pem.Decode(pemData)
	if block == nil {
	return 0, fmt.Errorf("invalid PEM-encoded certificate")
	}
	if block.Type != "CERTIFICATE" {
	return 0, fmt.Errorf("invalid PEM block type: %s", block.Type)
	}

	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
	return 0, err
	}

	return cert.NotAfter.Unix(), nil
	}