// printCertificationPathsInfo print info about certificates in chain
func printCertificationPathsInfo(details *sslscan.EndpointDetails) {
printCategoryHeader("Certification Paths")
fmtc.Printf(" %-24s {s}|{!} %d\n", "Certificates provided", len(details.Chain.Certs))
fmtc.Printf(" %-24s {s}|{!} ", "Chain issues")
if details.Chain.Issues == 0 {
fmtc.Println("None")
} else {
fmtc.Printf("{y}%s{!}\n", getChainIssuesDesc(details.Chain.Issues))
}
if len(details.Chain.Certs) > 1 {
fmtutil.Separator(true)
lastCertIndex := len(details.Chain.Certs) - 2
for index, cert := range details.Chain.Certs[1:] {
validUntilDate := time.Unix(cert.NotAfter/1000, 0)
fmtc.Printf(" %-24s {s}|{!} %s\n", "Subject", cert.Label)
fmtc.Printf(" %-24s {s}|{!} %s\n", "Valid until", timeutil.Format(validUntilDate, "%Y/%m/%d %H:%M:%S"))
fmtc.Printf(" %-24s {s}|{!} ", "Key")
if cert.KeyAlg == "RSA" && cert.KeyStrength < 2048 {
fmtc.Printf("{y}%s %d bits (WEAK){!}\n", cert.KeyAlg, cert.KeySize)
} else {
fmtc.Printf("%s %d bits\n", cert.KeyAlg, cert.KeySize)
}
fmtc.Printf(" %-24s {s}|{!} %s\n", "Issuer", cert.IssuerLabel)
fmtc.Printf(" %-24s {s}|{!} ", "Signature algorithm")
if weakAlgorithms[cert.SigAlg] {
fmtc.Printf("{y}%s (WEAK){!}\n", cert.SigAlg)
} else {
fmtc.Printf("%s\n", cert.SigAlg)
}
if index < lastCertIndex {
fmtutil.Separator(true)
}
}
}
}
// printMiscellaneousInfo print miscellaneous info about endpoint
func printMiscellaneousInfo(info *sslscan.EndpointInfo) {
printCategoryHeader("Miscellaneous")
details := info.Details
testDate := time.Unix(info.Details.HostStartTime/1000, 0)
// ---
fmtc.Printf(
" %-24s {s}|{!} %s {s-}(%s ago){!}\n", "Test date",
timeutil.Format(testDate, "%Y/%m/%d %H:%M:%S"),
timeutil.PrettyDuration(time.Since(testDate)),
)
// ---
fmtc.Printf(" %-24s {s}|{!} %s\n", "Test duration", timeutil.PrettyDuration(info.Duration/1000))
fmtc.Printf(" %-24s {s}|{!} %d\n", "HTTP status code", details.HTTPStatusCode)
// ---
if details.HTTPForwarding != "" {
if strings.Contains(details.HTTPForwarding, "http://") {
fmtc.Printf(" %-24s {s}|{!} {y}%s (PLAINTEXT){!}\n", "HTTP forwarding", details.HTTPForwarding)
} else {
fmtc.Printf(" %-24s {s}|{!} %s\n", "HTTP forwarding", details.HTTPForwarding)
}
}
// ---
if details.ServerSignature != "" {
fmtc.Printf(" %-24s {s}|{!} %s\n", "HTTP server signature", details.ServerSignature)
}
// ---
if info.ServerName != "" {
fmtc.Printf(" %-24s {s}|{!} %s\n", "Server hostname", info.ServerName)
}
}
// printCertificateInfo print basic info about server key and certificate
func printCertificateInfo(details *sslscan.EndpointDetails) {
printCategoryHeader("Server Key and Certificate")
validFromDate := time.Unix(details.Cert.NotBefore/1000, 0)
validUntilDate := time.Unix(details.Cert.NotAfter/1000, 0)
// ---
fmtc.Printf(" %-24s {s}|{!} %s\n", "Common names", strings.Join(details.Cert.CommonNames, " "))
if len(details.Cert.AltNames) > 0 {
if len(details.Cert.AltNames) > 5 {
fmtc.Printf(
" %-24s {s}|{!} %s {s-}(+%d more){!}\n",
"Alternative names",
strings.Join(details.Cert.AltNames[:4], " "),
len(details.Cert.AltNames)-4,
)
} else {
fmtc.Printf(" %-24s {s}|{!} %s\n", "Alternative names", strings.Join(details.Cert.AltNames, " "))
}
}
// ---
fmtc.Printf(" %-24s {s}|{!} %s\n", "Valid from", timeutil.Format(validFromDate, "%Y/%m/%d %H:%M:%S"))
// ---
fmtc.Printf(" %-24s {s}|{!} ", "Valid until")
if time.Now().Unix() >= validUntilDate.Unix() {
fmtc.Printf("{r}%s (EXPIRED){!}\n", timeutil.Format(validUntilDate, "%Y/%m/%d %H:%M:%S"))
} else {
fmtc.Printf("%s\n", timeutil.Format(validUntilDate, "%Y/%m/%d %H:%M:%S"))
}
// ---
fmtc.Printf(" %-24s {s}|{!} %s %d bits\n", "Key", details.Key.Alg, details.Key.Size)
fmtc.Printf(" %-24s {s}|{!} %s\n", "Weak Key (Debian)", getBool(details.Key.DebianFlaw))
// ---
fmtc.Printf(" %-24s {s}|{!} ", "Issuer")
if details.Cert.Issues&64 == 64 {
fmtc.Printf("%s {s-}(Self-signed){!}\n", details.Cert.IssuerLabel)
} else {
fmtc.Printf("%s\n", details.Cert.IssuerLabel)
}
// ---
fmtc.Printf(" %-24s {s}|{!} ", "Signature algorithm")
if weakAlgorithms[details.Cert.SigAlg] {
fmtc.Printf("{y}%s (WEAK){!}\n", details.Cert.SigAlg)
} else {
fmtc.Printf("%s\n", details.Cert.SigAlg)
}
// ---
fmtc.Printf(" %-24s {s}|{!} ", "Extended Validation")
if details.Cert.ValidationType == "E" {
fmtc.Println("{g}Yes{!}")
} else {
fmtc.Println("No")
}
// ---
fmtc.Printf(" %-24s {s}|{!} ", "Certificate Transparency")
if details.Cert.SCT {
fmtc.Println("{g}Yes{!}")
} else {
fmtc.Println("No")
}
// ---
if details.Cert.RevocationInfo != 0 {
fmtc.Printf(" %-24s {s}|{!} %s\n", "Revocation information", getRevocationInfo(details.Cert.RevocationInfo))
}
// ---
fmtc.Printf(" %-24s {s}|{!} ", "Revocation status")
if details.Cert.RevocationStatus&1 == 1 {
fmtc.Printf("{r}%s{!}\n", getRevocationStatus(details.Cert.RevocationStatus))
} else {
fmtc.Printf("%s\n", getRevocationStatus(details.Cert.RevocationStatus))
}
// ---
fmtc.Printf(" %-24s {s}|{!} ", "Trusted")
if details.Cert.Issues == 0 {
fmtc.Println("{g}Yes{!}")
} else {
fmtc.Printf("{r}No (%s){!}\n", getCertIssuesDesc(details.Cert.Issues))
}
}
