func testCertificates(ch <-chan []byte, wg *sync.WaitGroup) {
var h detectcoll.Hash
if *md5 {
h = detectcoll.NewMD5()
} else {
if *thorough {
h = detectcoll.NewSHA1Thorough()
} else {
h = detectcoll.NewSHA1()
}
}
for blob := range ch {
cert, err := x509.ParseCertificate(blob)
if err != nil {
// log.Printf("Error in cert %v: %s", err, base64.StdEncoding.EncodeToString(blob))
continue
}
h.Write(cert.RawTBSCertificate)
if sum, ok := h.DetectSum(nil); !ok {
log.Printf("Certificate has possible collision (hash=%x)", sum)
log.Print(base64.StdEncoding.EncodeToString(blob))
}
h.Reset()
}
wg.Done()
}
func printModuli(ch <-chan []byte) {
smallest := big.NewInt(65537)
for blob := range ch {
cert, err := x509.ParseCertificate(blob)
if err != nil {
log.Printf("Error in cert %v: %s", err, base64.StdEncoding.EncodeToString(blob))
continue
}
if cert.PublicKeyAlgorithm != x509.RSA {
log.Printf("Skipping non-RSA certificate")
continue
}
pk := cert.PublicKey.(*rsa.PublicKey)
if pk.N.Cmp(smallest) < 1 {
log.Printf("Skipping small/negative modulus")
continue
}
fmt.Printf("%x,%s\n", pk.N, base64.StdEncoding.EncodeToString(cert.Raw))
}
}