func IsPEMCertificateExpired()

in toolkit/certificates/utils.go [20:47]

• 23 lines of code
• 7 McCabe index (conditional complexity)

func IsPEMCertificateExpired(ctx context.Context, encodedCert, certName string, expirationTime time.Time) (bool, error) {
	logger := log.MustGetLogger(ctx)
	if encodedCert == "" {
		logger.Errorf(ctx, "cert is empty")
		return false, fmt.Errorf("empty cert of %s", certName)
	}

	block, leftover := pem.Decode([]byte(encodedCert))
	if len(leftover) > 0 {
		logger.Warningf(ctx, "leftover string in cert of %s", certName)
	}

	if block == nil || len(block.Bytes) < 1 {
		return false, fmt.Errorf("failed to pem decode cert of %s", certName)
	}

	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return false, fmt.Errorf("failed to parse cert of %s, error: %s", certName, err)
	}

	logger.Infof(ctx, "cert.NotAfter: %s", cert.NotAfter.String())
	if cert.NotAfter.Before(expirationTime) {
		return true, nil
	}

	return false, nil
}