VerifactuMidAPI/internal/cert/validator.go

package cert

import (
	"encoding/base64"
	"time"

	"golang.org/x/crypto/pkcs12"
)

type ValidationResult struct {
	Valid    bool      `json:"valid"`
	CertInfo *CertInfo `json:"cert_info,omitempty"`
	Warnings []string  `json:"warnings,omitempty"`
	Error    string    `json:"error,omitempty"`
}

type CertInfo struct {
	Subject         string `json:"subject"`
	Issuer          string `json:"issuer"`
	NotBefore       string `json:"not_before"`
	NotAfter        string `json:"not_after"`
	Expired         bool   `json:"expired"`
	ExpiringSoon    bool   `json:"expiring_soon"`
	DaysUntilExpiry int    `json:"days_until_expiry"`
}

const WarningDaysThreshold = 30

func ValidateP12(base64Content, password string) *ValidationResult {
	result := &ValidationResult{Valid: true}

	der, err := base64.StdEncoding.DecodeString(base64Content)
	if err != nil {
		result.Valid = false
		result.Error = "invalid_base64"
		return result
	}

	_, cert, err := pkcs12.Decode(der, password)
	if err != nil {
		result.Valid = false
		result.Error = "invalid_password_or_format"
		return result
	}

	if cert == nil {
		result.Valid = false
		result.Error = "no_certificate_found"
		return result
	}

	now := time.Now()
	if now.Before(cert.NotBefore) {
		result.Valid = false
		result.Error = "certificate_not_yet_valid"
		return result
	}

	if now.After(cert.NotAfter) {
		result.Valid = false
		result.Error = "certificate_expired"
		result.CertInfo = &CertInfo{Expired: true}
		return result
	}

	daysUntilExpiry := int(cert.NotAfter.Sub(now).Hours() / 24)

	result.CertInfo = &CertInfo{
		Subject:         cert.Subject.String(),
		Issuer:          cert.Issuer.String(),
		NotBefore:       cert.NotBefore.Format("2006-01-02"),
		NotAfter:        cert.NotAfter.Format("2006-01-02"),
		DaysUntilExpiry: daysUntilExpiry,
	}

	if daysUntilExpiry <= WarningDaysThreshold {
		result.Warnings = append(result.Warnings, "certificate_expiring_soon")
		result.CertInfo.ExpiringSoon = true
	}

	return result
}
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`package cert`

			`import (`
refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`"encoding/base64"`
			`"time"`

			`"golang.org/x/crypto/pkcs12"`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`)`

			`type ValidationResult struct {`
			Valid bool `json:"valid"`
			CertInfo *CertInfo `json:"cert_info,omitempty"`
			Warnings []string `json:"warnings,omitempty"`
			Error string `json:"error,omitempty"`
			`}`

			`type CertInfo struct {`
			Subject string `json:"subject"`
			Issuer string `json:"issuer"`
			NotBefore string `json:"not_before"`
			NotAfter string `json:"not_after"`
			Expired bool `json:"expired"`
			ExpiringSoon bool `json:"expiring_soon"`
			DaysUntilExpiry int `json:"days_until_expiry"`
			`}`

			`const WarningDaysThreshold = 30`

refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`func ValidateP12(base64Content, password string) *ValidationResult {`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`result := &ValidationResult{Valid: true}`

refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`der, err := base64.StdEncoding.DecodeString(base64Content)`
			`if err != nil {`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`result.Valid = false`
refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`result.Error = "invalid_base64"`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`return result`
			`}`

refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`_, cert, err := pkcs12.Decode(der, password)`
			`if err != nil {`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`result.Valid = false`
			`result.Error = "invalid_password_or_format"`
			`return result`
			`}`

refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`if cert == nil {`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`result.Valid = false`
refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`result.Error = "no_certificate_found"`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`return result`
			`}`

refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`now := time.Now()`
			`if now.Before(cert.NotBefore) {`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`result.Valid = false`
			`result.Error = "certificate_not_yet_valid"`
			`return result`
			`}`

refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`if now.After(cert.NotAfter) {`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`result.Valid = false`
			`result.Error = "certificate_expired"`
			`result.CertInfo = &CertInfo{Expired: true}`
			`return result`
			`}`

refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`daysUntilExpiry := int(cert.NotAfter.Sub(now).Hours() / 24)`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00
refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`result.CertInfo = &CertInfo{`
			`Subject: cert.Subject.String(),`
			`Issuer: cert.Issuer.String(),`
			`NotBefore: cert.NotBefore.Format("2006-01-02"),`
			`NotAfter: cert.NotAfter.Format("2006-01-02"),`
			`DaysUntilExpiry: daysUntilExpiry,`
			`}`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00
refactor: accept certificates as base64, remove external dependencies - Replace file path with base64 content in register endpoint - Use native Go pkcs12 for certificate validation and loading - Remove PowerShell script dependency (validator.go) - Remove Python script dependency (client.go) - Remove hardcoded Windows paths - Cross-platform: works on Linux, macOS, Windows without external tools - Update documentation (api.md, seguridad.md, prerequisites.md) 2026-05-19 20:03:28 +00:00			`if daysUntilExpiry <= WarningDaysThreshold {`
			`result.Warnings = append(result.Warnings, "certificate_expiring_soon")`
			`result.CertInfo.ExpiringSoon = true`
Implement VeriFactu API with certificate management, invoice submission and local fallback - Add API handlers for facturas (alta/anulacion) - Implement certificate storage with temp/permanent flow - Add token generation for authenticated sessions - Add fallback to local storage when AEAT unavailable - Update config with certificate path/password - Add client certificate conversion for TLS - Add comprehensive documentation 2026-04-17 11:03:06 +00:00			`}`

			`return result`
			`}`