func main() {
if len(os.Args) != 2 {
fmt.Fprintf(os.Stderr, "Usage: %s <log entries file>\n", os.Args[0])
os.Exit(1)
}
fileName := os.Args[1]
in, err := os.Open(fileName)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to open entries file: %s\n", err)
os.Exit(1)
}
defer in.Close()
entriesFile := certificatetransparency.EntriesFile{in}
outputLock := new(sync.Mutex)
// Dump
// - csv file of OCSP urls, one per line
// - csv file of CRL sets, one per line
// - CNs and subjectAltName for compatibility testing
entriesFile.Map(func(ent *certificatetransparency.EntryAndPosition, err error) {
if err != nil {
return
}
cert, err := x509.ParseCertificate(ent.Entry.X509Cert)
if err != nil {
return
}
dump := true
for _, san := range cert.DNSNames {
if strings.HasSuffix(san, ".corp") {
dump = true
}
}
if dump {
outputLock.Lock()
fmt.Printf("CN:%s\n", cert.Subject.CommonName)
fmt.Printf("ISSUER:%s\n", cert.Issuer.CommonName)
hasher := sha1.New()
sha256hasher := sha256.New()
hasher.Write(cert.RawSubjectPublicKeyInfo)
sha256hasher.Write(cert.RawSubjectPublicKeyInfo)
fmt.Printf("sha1/%s\n", base64.StdEncoding.EncodeToString(hasher.Sum(nil)))
fmt.Printf("sha256/%s\n", base64.StdEncoding.EncodeToString(sha256hasher.Sum(nil)))
for _, san := range cert.DNSNames {
fmt.Printf("DNS:%s\n", san)
}
for _, san := range cert.CRLDistributionPoints {
fmt.Printf("CRL:%s\n", san)
}
for _, san := range cert.OCSPServer {
fmt.Printf("OCSP:%s\n", san)
}
outputLock.Unlock()
}
})
}
func main() {
if len(os.Args) != 2 {
fmt.Fprintf(os.Stderr, "Usage: %s <log entries file>\n", os.Args[0])
os.Exit(1)
}
fileName := os.Args[1]
in, err := os.Open(fileName)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to open entries file: %s\n", err)
os.Exit(1)
}
defer in.Close()
entriesFile := certificatetransparency.EntriesFile{in}
outputLock := new(sync.Mutex)
//pinned_domains, _ := regexp.Compile("(.*[.])?mozilla[.](com|org|net)")
//pinned_domains, _ := regexp.Compile("(.*[.])?twitter[.](com|net)")
pinned_domains, _ := regexp.Compile("(.*[.])?google[.](com|net)")
// Dump
// - csv file of OCSP urls, one per line
// - csv file of CRL sets, one per line
// - CNs and subjectAltName for compatibility testing
entriesFile.Map(func(ent *certificatetransparency.EntryAndPosition, err error) {
if err != nil {
return
}
cert, err := x509.ParseCertificate(ent.Entry.X509Cert)
if err != nil {
return
}
dump := false
if pinned_domains.MatchString(cert.Subject.CommonName) {
dump = true
}
for _, san := range cert.DNSNames {
if pinned_domains.MatchString(san) {
dump = true
}
}
if dump {
hasher := sha1.New()
hasher.Write(cert.RawSubjectPublicKeyInfo)
outputLock.Lock()
fmt.Printf("CN:%s\n", cert.Subject.CommonName)
fmt.Printf("ISSUER:%s\n", cert.Issuer.CommonName)
for _, san := range cert.DNSNames {
fmt.Printf("DNS:%s\n", san)
}
for _, san := range cert.CRLDistributionPoints {
fmt.Printf("CRL:%s\n", san)
}
for _, san := range cert.OCSPServer {
fmt.Printf("OCSP:%s\n", san)
}
pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: ent.Entry.X509Cert})
fmt.Printf("SHA1:%s\n", base64.StdEncoding.EncodeToString(hasher.Sum(nil)))
outputLock.Unlock()
}
})
}
