Show if certificate is not yet/no longer valid in show-cert tool.

Symantec · Jan 27, 2019 · f82c9fb · f82c9fb
1 parent ee92133
commit f82c9fb
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/cmd/show-cert/main.go b/cmd/show-cert/main.go
@@ -7,7 +7,9 @@ import (
 	"io/ioutil"
 	"os"
 	"sort"
+	"time"
 
+	"github.com/Symantec/Dominator/lib/format"
 	"github.com/Symantec/Dominator/lib/x509util"
 )
 
@@ -37,6 +39,14 @@ func showCert(filename string) {
 		fmt.Fprintf(os.Stderr, "Unable to parse certificate: %s\n", err)
 		return
 	}
+	now := time.Now()
+	if notYet := cert.NotBefore.Sub(now); notYet > 0 {
+		fmt.Fprintf(os.Stderr, "  Will not be valid for %s\n",
+			format.Duration(notYet))
+	}
+	if expired := now.Sub(cert.NotAfter); expired > 0 {
+		fmt.Fprintf(os.Stderr, "  Expired %s ago\n", format.Duration(expired))
+	}
 	username, err := x509util.GetUsername(cert)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to get username: %s\n", err)