From 70c6e9f593b03911ab3cad279bd56235ca40340c Mon Sep 17 00:00:00 2001
From: Balakrishnan Balasubramanian <git.user@balki.me>
Date: Sat, 15 Nov 2025 22:57:52 -0500
Subject: [PATCH] add json support and print just first one

---
 main.go | 66 ++++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 46 insertions(+), 20 deletions(-)

diff --git a/main.go b/main.go
index 04fdc2d..1a0f065 100644
--- a/main.go
+++ b/main.go
@@ -2,22 +2,60 @@ package main
 
 import (
 	"crypto/x509"
+	"encoding/json"
 	"encoding/pem"
+	"flag"
 	"fmt"
 	"io/ioutil"
 	"os"
 )
 
 func main() {
-	if len(os.Args) < 2 {
-		fmt.Fprintln(os.Stderr, "usage: inspect <cert.pem>")
+	jsonOut := flag.Bool("json", false, "output JSON with all certs/fields")
+	flag.Parse()
+	if flag.NArg() < 1 {
+		fmt.Println("usage: certinfo [--json] <foo.crt>")
 		os.Exit(2)
 	}
-	data, err := ioutil.ReadFile(os.Args[1])
+	path := flag.Arg(0)
+
+	certs, err := ParseCertinfo(path)
 	if err != nil {
-		panic(err)
+		fmt.Println("parse error:", err)
+		os.Exit(1)
+	}
+	if *jsonOut {
+		jsonBytes, err := json.Marshal(certs)
+		if err != nil {
+			fmt.Println("marshal error:", err)
+			os.Exit(1)
+		}
+		fmt.Println(string(jsonBytes))
+		return
 	}
 
+	// Usually just the first one is interesting
+	cert := certs[0]
+
+	fmt.Println("Subject:", cert.Subject.String())
+	fmt.Println("Issuer:", cert.Issuer.String())
+	fmt.Println("Serial:", cert.SerialNumber.String())
+	fmt.Println("NotBefore:", cert.NotBefore)
+	fmt.Println("NotAfter:", cert.NotAfter)
+	if len(cert.DNSNames) > 0 {
+		fmt.Println("DNS SANs:", cert.DNSNames)
+	}
+	fmt.Println("Signature Algorithm:", cert.SignatureAlgorithm)
+	fmt.Println("Public Key Algorithm:", cert.PublicKeyAlgorithm)
+}
+
+func ParseCertinfo(filename string) ([]*x509.Certificate, error) {
+	data, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+
+	var certs []*x509.Certificate
 	for {
 		var block *pem.Block
 		block, data = pem.Decode(data)
@@ -25,26 +63,14 @@ func main() {
 			break
 		}
 		if block.Type != "CERTIFICATE" {
+			fmt.Fprintf(os.Stderr, "warning: Ignoring block type: %s\n", block.Type)
 			continue
 		}
 		cert, err := x509.ParseCertificate(block.Bytes)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "parse error: %v\n", err)
-			continue
+			return nil, err
 		}
-		fmt.Println("-----")
-		fmt.Printf("Subject: %s\n", cert.Subject.String())
-		fmt.Printf("Issuer: %s\n", cert.Issuer.String())
-		fmt.Printf("Serial: %s\n", cert.SerialNumber.String())
-		fmt.Printf("NotBefore: %s\n", cert.NotBefore)
-		fmt.Printf("NotAfter: %s\n", cert.NotAfter)
-		if len(cert.DNSNames) > 0 {
-			fmt.Printf("DNS SANs: %v\n", cert.DNSNames)
-		}
-		if len(cert.URIs) > 0 {
-			fmt.Printf("URI SANs: %v\n", cert.URIs)
-		}
-		fmt.Printf("Signature Algorithm: %s\n", cert.SignatureAlgorithm)
-		fmt.Printf("Public Key Algorithm: %s\n", cert.PublicKeyAlgorithm)
+		certs = append(certs, cert)
 	}
+	return certs, nil
 }