forked from Freshman-tech/file-upload
-
Notifications
You must be signed in to change notification settings - Fork 0
/
validatePEMFile.go
65 lines (54 loc) · 1.53 KB
/
validatePEMFile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package validate
import (
"crypto/x509"
"encoding/pem"
"io/ioutil"
"os"
log "github.com/sirupsen/logrus"
)
// ValidatePEM will check for pem file validity by decoding the certificate
func ValidatePEM(f string) {
certFile := f
certPEM, err := ioutil.ReadFile(certFile)
if err != nil {
log.Error("Failed read certificatee file" + err.Error())
}
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(certPEM))
if !ok {
log.Error("Failed to parse certificate, file will be removed")
err := os.Remove(certFile)
if err != nil {
log.Error("could not delete file" + err.Error())
return
}
}
block, _ := pem.Decode([]byte(certPEM))
if block == nil {
log.Error("Failed to parse certificate PEM" + err.Error())
return
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
log.Error("Failed to parse certificate" + err.Error())
//fmt.Errorf("Failed to parse certificate: %v", err.Error())
return
}
opts := x509.VerifyOptions{
// DNSName: name,
Roots: roots,
// accept all keyusages kind
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
}
if _, err := cert.Verify(opts); err != nil {
log.Error("Failed to verify certificate" + err.Error())
// fmt.Errorf("Failed to verify certificate: %v", err.Error())
return
}
// print cert infos
certIssuer := cert.Issuer
certCN := cert.Subject.CommonName
certEndDate := cert.NotAfter.String()
log.Info("successfully validated certificate for issuer: [", certIssuer, "] Common Name: [", certCN, "] valid until [", certEndDate, "]")
return
}