Refactor expiration date extraction logic in certificate utility to improve handling of ASN.1 date formats. Update to correctly identify and parse "not after" dates for both UTCTime and GeneralizedTime formats.

apps/dokploy/components/dashboard/settings/certificates/utils.ts

@@ -13,22 +13,31 @@ export const extractExpirationDate = (certData: string): Date | null => {
 			bytes[i] = binaryStr.charCodeAt(i);
 		}
 
-		let dateFound = 0;
+		// ASN.1 tag for UTCTime is 0x17, GeneralizedTime is 0x18
+		// We need to find the second occurrence of either tag as it's the "not after" (expiration) date
+		let dateFound = false;
 		for (let i = 0; i < bytes.length - 2; i++) {
-			if (bytes[i] === 0x17 || bytes[i] === 0x18) {
-				const dateType = bytes[i];
-				const dateLength = bytes[i + 1];
-				if (typeof dateLength === "undefined") continue;
+			// Look for sequence containing validity period (0x30)
+			if (bytes[i] === 0x30) {
+				// Check next bytes for UTCTime or GeneralizedTime
+				let j = i + 1;
+				while (j < bytes.length - 2) {
+					if (bytes[j] === 0x17 || bytes[j] === 0x18) {
+						const dateType = bytes[j];
+						const dateLength = bytes[j + 1];
+						if (typeof dateLength === "undefined") break;
 
-				if (dateFound === 0) {
-					dateFound++;
-					i += dateLength + 1;
+						if (!dateFound) {
+							// Skip "not before" date
+							dateFound = true;
+							j += dateLength + 2;
 							continue;
 						}
 
+						// Found "not after" date
 						let dateStr = "";
-				for (let j = 0; j < dateLength; j++) {
-					const charCode = bytes[i + 2 + j];
+						for (let k = 0; k < dateLength; k++) {
+							const charCode = bytes[j + 2 + k];
 							if (typeof charCode === "undefined") continue;
 							dateStr += String.fromCharCode(charCode);
 						}
@@ -61,6 +70,9 @@ export const extractExpirationDate = (certData: string): Date | null => {
 							),
 						);
 					}
+					j++;
+				}
+			}
 		}
 		return null;
 	} catch (error) {