func main() {
	if len(os.Args) != 2 {
		fmt.Fprintf(os.Stderr, "Usage: %s <log entries file>\n", os.Args[0])
		os.Exit(1)
	}
	fileName := os.Args[1]

	in, err := os.Open(fileName)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Failed to open entries file: %s\n", err)
		os.Exit(1)
	}
	defer in.Close()

	entriesFile := certificatetransparency.EntriesFile{in}

	outputLock := new(sync.Mutex)

	//pinned_domains, _ := regexp.Compile("(.*[.])?mozilla[.](com|org|net)")
	//pinned_domains, _ := regexp.Compile("(.*[.])?twitter[.](com|net)")
	pinned_domains, _ := regexp.Compile("(.*[.])?google[.](com|net)")
	// Dump
	// - csv file of OCSP urls, one per line
	// - csv file of CRL sets, one per line
	// - CNs and subjectAltName for compatibility testing

	entriesFile.Map(func(ent *certificatetransparency.EntryAndPosition, err error) {
		if err != nil {
			return
		}

		cert, err := x509.ParseCertificate(ent.Entry.X509Cert)
		if err != nil {
			return
		}

		dump := false
		if pinned_domains.MatchString(cert.Subject.CommonName) {
			dump = true
		}
		for _, san := range cert.DNSNames {
			if pinned_domains.MatchString(san) {
				dump = true
			}
		}
		if dump {
			hasher := sha1.New()
			hasher.Write(cert.RawSubjectPublicKeyInfo)
			outputLock.Lock()
			fmt.Printf("CN:%s\n", cert.Subject.CommonName)
			fmt.Printf("ISSUER:%s\n", cert.Issuer.CommonName)
			for _, san := range cert.DNSNames {
				fmt.Printf("DNS:%s\n", san)
			}
			for _, san := range cert.CRLDistributionPoints {
				fmt.Printf("CRL:%s\n", san)
			}
			for _, san := range cert.OCSPServer {
				fmt.Printf("OCSP:%s\n", san)
			}
			pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: ent.Entry.X509Cert})
			fmt.Printf("SHA1:%s\n", base64.StdEncoding.EncodeToString(hasher.Sum(nil)))
			outputLock.Unlock()
		}
	})
}
Exemplo n.º 2
0
func main() {
	if len(os.Args) != 2 {
		fmt.Fprintf(os.Stderr, "Usage: %s <log entries file>\n", os.Args[0])
		os.Exit(1)
	}
	fileName := os.Args[1]

	in, err := os.Open(fileName)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Failed to open entries file: %s\n", err)
		os.Exit(1)
	}
	defer in.Close()

	entriesFile := certificatetransparency.EntriesFile{in}

	outputLock := new(sync.Mutex)

	// Dump
	// - csv file of OCSP urls, one per line
	// - csv file of CRL sets, one per line
	// - CNs and subjectAltName for compatibility testing

	entriesFile.Map(func(ent *certificatetransparency.EntryAndPosition, err error) {
		if err != nil {
			return
		}

		cert, err := x509.ParseCertificate(ent.Entry.X509Cert)
		if err != nil {
			return
		}

		dump := true
		for _, san := range cert.DNSNames {
			if strings.HasSuffix(san, ".corp") {
				dump = true
			}
		}
		if dump {
			outputLock.Lock()
			fmt.Printf("CN:%s\n", cert.Subject.CommonName)
			fmt.Printf("ISSUER:%s\n", cert.Issuer.CommonName)
			hasher := sha1.New()
			sha256hasher := sha256.New()
			hasher.Write(cert.RawSubjectPublicKeyInfo)
			sha256hasher.Write(cert.RawSubjectPublicKeyInfo)
			fmt.Printf("sha1/%s\n", base64.StdEncoding.EncodeToString(hasher.Sum(nil)))
			fmt.Printf("sha256/%s\n", base64.StdEncoding.EncodeToString(sha256hasher.Sum(nil)))
			for _, san := range cert.DNSNames {
				fmt.Printf("DNS:%s\n", san)
			}
			for _, san := range cert.CRLDistributionPoints {
				fmt.Printf("CRL:%s\n", san)
			}
			for _, san := range cert.OCSPServer {
				fmt.Printf("OCSP:%s\n", san)
			}
			outputLock.Unlock()
		}
	})
}
Exemplo n.º 3
0
func main() {
	if len(os.Args) != 3 {
		fmt.Fprintf(os.Stderr, "Usage: %s <log nickname> <log entries file>\n", os.Args[0])
		fmt.Fprintf(os.Stderr, "Known logs:\n")
		fmt.Fprintf(os.Stderr, "\taviator\n")
		fmt.Fprintf(os.Stderr, "\tcertly\n")
		fmt.Fprintf(os.Stderr, "\tdigicert\n")
		fmt.Fprintf(os.Stderr, "\tizenpe\n")
		fmt.Fprintf(os.Stderr, "\tpilot\n")
		fmt.Fprintf(os.Stderr, "\trocketeer\n")
		fmt.Fprintf(os.Stderr, "\tsymantec\n")
		fmt.Fprintf(os.Stderr, "\tvenafi\n")
		os.Exit(1)
	}
	logName := os.Args[1]
	fileName := os.Args[2]

	var log *certificatetransparency.Log
	if logName == "pilot" {
		log = certificatetransparency.PilotLog
	} else if logName == "aviator" {
		log = certificatetransparency.AviatorLog
	} else if logName == "rocketeer" {
		log = certificatetransparency.RocketeerLog
	} else if logName == "symantec" {
		log = certificatetransparency.SymantecLog
	} else if logName == "izenpe" {
		log = certificatetransparency.IzenpeLog
	} else if logName == "certly" {
		log = certificatetransparency.CertlyLog
	} else if logName == "digicert" {
		log = certificatetransparency.DigiCertLog
	} else if logName == "venafi" {
		log = certificatetransparency.VenafiLog
	} else {
		fmt.Fprintf(os.Stderr, "Unknown log name '%s'\n", logName)
		os.Exit(1)
	}

	out, err := os.OpenFile(fileName, os.O_RDWR|os.O_CREATE, 0666)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Failed to open entries file: %s\n", err)
		os.Exit(1)
	}
	defer out.Close()

	entriesFile := certificatetransparency.EntriesFile{out}
	fmt.Printf("Counting existing entries... ")
	count, err := entriesFile.Count()
	if err != nil {
		fmt.Fprintf(os.Stderr, "\nFailed to read entries file: %s\n", err)
		os.Exit(1)
	}
	fmt.Printf("%d\n", count)

	fmt.Printf("Fetching signed tree head... ")
	sth, err := log.GetSignedTreeHead()
	if err != nil {
		fmt.Fprintf(os.Stderr, "%s\n", err)
		os.Exit(1)
	}
	fmt.Printf("%d total entries at %s\n", sth.Size, sth.Time.Format(time.ANSIC))
	if count == sth.Size {
		fmt.Printf("Nothing to do\n")
		return
	}

	statusChan := make(chan certificatetransparency.OperationStatus, 1)
	wg := new(sync.WaitGroup)
	displayProgress(statusChan, wg)
	_, err = log.DownloadRange(out, statusChan, count, sth.Size)
	wg.Wait()

	clearLine()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error while downloading: %s\n", err)
		os.Exit(1)
	}

	fmt.Printf("Hashing tree\n")
	entriesFile.Seek(0, 0)
	statusChan = make(chan certificatetransparency.OperationStatus, 1)
	wg = new(sync.WaitGroup)
	displayProgress(statusChan, wg)
	treeHash, err := entriesFile.HashTree(statusChan, sth.Size)
	wg.Wait()

	clearLine()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error hashing tree: %s\n", err)
		os.Exit(1)
	}
	if !bytes.Equal(treeHash[:], sth.Hash) {
		fmt.Fprintf(os.Stderr, "Hashes do not match! Calculated: %x, STH contains %x\n", treeHash, sth.Hash)
		os.Exit(1)
	}
}