github.com/cloud-foundations/dominator@v0.0.0-20221004181915-6e4fee580046/cmd/show-cert/main.go

github.com/cloud-foundations/dominator@v0.0.0-20221004181915-6e4fee580046/cmd/show-cert/main.go (about)

     1  package main
     2  
     3  import (
     4  	"crypto/x509"
     5  	"encoding/pem"
     6  	"fmt"
     7  	"io/ioutil"
     8  	"os"
     9  	"sort"
    10  	"time"
    11  
    12  	"github.com/Cloud-Foundations/Dominator/lib/format"
    13  	"github.com/Cloud-Foundations/Dominator/lib/x509util"
    14  )
    15  
    16  func printUsage() {
    17  	fmt.Fprintln(os.Stderr,
    18  		"Usage: show-cert certfile")
    19  }
    20  
    21  func showCert(filename string) {
    22  	fmt.Println("Certificate:", filename+":")
    23  	data, err := ioutil.ReadFile(filename)
    24  	if err != nil {
    25  		fmt.Fprintf(os.Stderr, "Unable to read certfile: %s\n", err)
    26  		return
    27  	}
    28  	block, rest := pem.Decode(data)
    29  	if block == nil {
    30  		fmt.Fprintf(os.Stderr, "Failed to parse certificate PEM")
    31  		return
    32  	}
    33  	if len(rest) > 0 {
    34  		fmt.Fprintf(os.Stderr, "%d extra bytes in certfile\n", len(rest))
    35  		return
    36  	}
    37  	cert, err := x509.ParseCertificate(block.Bytes)
    38  	if err != nil {
    39  		fmt.Fprintf(os.Stderr, "Unable to parse certificate: %s\n", err)
    40  		return
    41  	}
    42  	now := time.Now()
    43  	if notYet := cert.NotBefore.Sub(now); notYet > 0 {
    44  		fmt.Fprintf(os.Stderr, "  Will not be valid for %s\n",
    45  			format.Duration(notYet))
    46  	}
    47  	if expired := now.Sub(cert.NotAfter); expired > 0 {
    48  		fmt.Fprintf(os.Stderr, "  Expired %s ago\n", format.Duration(expired))
    49  	}
    50  	username, err := x509util.GetUsername(cert)
    51  	if err != nil {
    52  		fmt.Fprintf(os.Stderr, "Unable to get username: %s\n", err)
    53  		return
    54  	}
    55  	fmt.Printf("  Issued to: %s\n", username)
    56  	permittedMethods, err := x509util.GetPermittedMethods(cert)
    57  	if err != nil {
    58  		fmt.Fprintf(os.Stderr, "Unable to get methods: %s\n", err)
    59  		return
    60  	}
    61  	if len(permittedMethods) > 0 {
    62  		fmt.Println("  Permitted methods:")
    63  		showList(permittedMethods)
    64  	} else {
    65  		fmt.Println("  No methods are permitted")
    66  	}
    67  	groupList, err := x509util.GetGroupList(cert)
    68  	if err != nil {
    69  		fmt.Fprintf(os.Stderr, "Unable to get group list: %s\n", err)
    70  		return
    71  	}
    72  	if len(groupList) > 0 {
    73  		fmt.Println("  Group list:")
    74  		showList(groupList)
    75  	} else {
    76  		fmt.Println("  No group memberships")
    77  	}
    78  }
    79  
    80  func showList(list map[string]struct{}) {
    81  	sortedList := make([]string, 0, len(list))
    82  	for entry := range list {
    83  		sortedList = append(sortedList, entry)
    84  	}
    85  	sort.Strings(sortedList)
    86  	for _, entry := range sortedList {
    87  		fmt.Println("   ", entry)
    88  	}
    89  }
    90  
    91  func main() {
    92  	if len(os.Args) < 2 {
    93  		printUsage()
    94  		os.Exit(2)
    95  	}
    96  	for _, filename := range os.Args[1:] {
    97  		showCert(filename)
    98  	}
    99  }