// grabCerts grabs certificates for the domains received on domainsCh and sends // *client.Masquerades to masqueradesCh. func grabCerts() { defer wg.Done() for domain := range domainsCh { _, blacklisted := blacklist[domain] if blacklisted { log.Tracef("Domain %s is blacklisted, skipping", domain) continue } log.Tracef("Grabbing certs for domain: %s", domain) cwt, err := tlsdialer.DialForTimings(&net.Dialer{ Timeout: 10 * time.Second, }, "tcp", domain+":443", false, nil) if err != nil { log.Errorf("Unable to dial domain %s: %s", domain, err) continue } cwt.Conn.Close() chain := cwt.VerifiedChains[0] rootCA := chain[len(chain)-1] rootCert, err := keyman.LoadCertificateFromX509(rootCA) if err != nil { log.Errorf("Unablet to load keyman certificate: %s", err) continue } masqueradesCh <- &client.Masquerade{ Domain: domain, IpAddress: cwt.ResolvedAddr.IP.String(), RootCA: strings.Replace(string(rootCert.PEMEncoded()), "\n", "\\n", -1), } } }
// grabCerts grabs certificates for the masquerades received on masqueradesCh and sends // *masquerades to masqueradesCh. func grabCerts() { defer wg.Done() for masq := range inputCh { parts := strings.Split(masq, " ") if len(parts) != 2 { log.Error("Bad line! '" + masq + "'") continue } ip := parts[0] domain := parts[1] _, blacklisted := blacklist[domain] if blacklisted { log.Tracef("Domain %s is blacklisted, skipping", domain) continue } log.Tracef("Grabbing certs for IP %s, domain %s", ip, domain) cwt, err := tlsdialer.DialForTimings(&net.Dialer{ Timeout: 10 * time.Second, }, "tcp", ip+":443", false, &tls.Config{ServerName: domain}) if err != nil { log.Errorf("Unable to dial IP %s, domain %s: %s", ip, domain, err) continue } if err := cwt.Conn.Close(); err != nil { log.Debugf("Error closing connection: %v", err) } chain := cwt.VerifiedChains[0] rootCA := chain[len(chain)-1] rootCert, err := keyman.LoadCertificateFromX509(rootCA) if err != nil { log.Errorf("Unable to load keyman certificate: %s", err) continue } ca := &castat{ CommonName: rootCA.Subject.CommonName, Cert: strings.Replace(string(rootCert.PEMEncoded()), "\n", "\\n", -1), } masqueradesCh <- &masquerade{ Domain: domain, IpAddress: ip, RootCA: ca, } } }