50 lines
1.0 KiB
Go
50 lines
1.0 KiB
Go
package verify
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"fmt"
|
|
"time"
|
|
|
|
"git.wntrmute.dev/kyle/goutils/certlib/dump"
|
|
)
|
|
|
|
const DefaultLeeway = 2160 * time.Hour // three months
|
|
|
|
type CertCheck struct {
|
|
Cert *x509.Certificate
|
|
leeway time.Duration
|
|
}
|
|
|
|
func NewCertCheck(cert *x509.Certificate, leeway time.Duration) *CertCheck {
|
|
return &CertCheck{
|
|
Cert: cert,
|
|
leeway: leeway,
|
|
}
|
|
}
|
|
|
|
func (c CertCheck) Expiry() time.Duration {
|
|
return time.Until(c.Cert.NotAfter)
|
|
}
|
|
|
|
func (c CertCheck) IsExpiring(leeway time.Duration) bool {
|
|
return c.Expiry() < leeway
|
|
}
|
|
|
|
// Err returns nil if the certificate is not expiring within the leeway period.
|
|
func (c CertCheck) Err() error {
|
|
if !c.IsExpiring(c.leeway) {
|
|
return nil
|
|
}
|
|
|
|
return fmt.Errorf("%s expires in %s", dump.DisplayName(c.Cert.Subject), c.Expiry())
|
|
}
|
|
|
|
func (c CertCheck) Name() string {
|
|
return fmt.Sprintf("%s/SN=%s", dump.DisplayName(c.Cert.Subject),
|
|
c.Cert.SerialNumber)
|
|
}
|
|
|
|
func (c CertCheck) String() string {
|
|
return fmt.Sprintf("%s expires on %s (in %s)\n", c.Name(), c.Cert.NotAfter, c.Expiry())
|
|
}
|