README
¶
KIT-CA Websearch
To Do Feature List
misc
- H legende
- H i18n
- L hilfetexte
- M infobutton
- infos erzeugen. welche?
- H state in URL mitführen (next, …)
- H CI
- H downloads als PEM & DER
- icon/font
- H Button:
- Border bei hover
- farbchange bei click
- H Barrierefreiheit
- H catch alle the errors!
- H keine externen komponenten
- M minify
- L deployment
- L Doku
- L favicon
- automatic scroll down to results
- sort email case-insensitive
Filter
- L doppelklick => enable only
- M trefferzahlen an filter
- H Filter ein-/ausblendbar
- M nicht alle filter einer gruppe abwählbar
- L hover bei mobile
shib
- H butten besser plazieren
- M im hintergrund state prüfen
- H sessiondauer erhöhen
Documentation
¶
Index ¶
- Constants
- Variables
- func BuildCertificateLink(template, ca, serial string) string
- func CleanupQueryString(query string) string
- func CreateAllWatchers(certRepoDir string) map[int]*AttributeState
- func DnToString(n pkix.Name) string
- func FilterEncryptionEmail(c *SearchableCert) bool
- func GetIssuer(serial string, ccache *CertCache) (string, error)
- func NeverMatch(c *SearchableCert) bool
- func ReadCertificates(filenames ...string) []*x509.Certificate
- func TypeToName(t int) string
- func ValidityToName(v int) string
- func VisibilityToName(v int) string
- type AttributeState
- type CertCache
- type CertIndex
- type CertSymlinkState
- type JSONResult
- type JSONShell
- type SCFilter
- type SearchableCert
- type Searchresults
- type WatchForSymlinkChange
Constants ¶
const ( SYMLINKCHANLEN = 4096 ARCHIVECHANLEN = 16384 )
const ( WatchValid = 1 << iota WatchVisibile )
const ( Gruppe = 1 << iota Benutzer Extern Server Pseudonym )
coarse Type
const ( Unknown = 0 Valid = 1 << iota Expired Revoked Public Private )
symlink states
Variables ¶
var ( MagicInitialImportMarker = "Not an actual file" MagicInitialFileEvent = fsnotify.Event{"Not an actual file", fsnotify.Chmod} )
var ( // RawIssuerG1 C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=KIT-CA/emailAddress=ca@kit.edu RawIssuerG1 = []byte{}/* 194 elements not displayed */ // RawIssuerG2 C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, CN=KIT-CA RawIssuerG2 = []byte{}/* 125 elements not displayed */ // RawIssuerSectigo CN=GEANT Personal CA 4, O=GEANT Vereniging, C=NL RawIssuerSectigo = []byte{ 0x30, 0x46, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10, 0x47, 0x45, 0x41, 0x4e, 0x54, 0x20, 0x56, 0x65, 0x72, 0x65, 0x6e, 0x69, 0x67, 0x69, 0x6e, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x47, 0x45, 0x41, 0x4e, 0x54, 0x20, 0x50, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x34, } RawIssuers = map[string][]byte{ // contains filtered or unexported fields } )
var NoCommonNameFilter = func(c *x509.Certificate) bool { return len(c.Subject.CommonName) == 0 }
var (
RedirTemplates = map[string]string{
"getcert": "https://pki.pca.dfn.de/%s/cgi-bin/pub/pki?cmd=send_email_cert&type=email&dataType=CERTIFICATE&key=%s",
"installcert": "https://pki.pca.dfn.de/%s/cgi-bin/pub/pki?cmd=getcert&type=CERTIFICATE&key=%s",
"viewcert": "https://pki.pca.dfn.de/%s/cgi-bin/pub/pki?cmd=viewCert;dataType=CERTIFICATE;key=%s",
}
)
var SectigoPersonalFilter = func(c *x509.Certificate) bool { sectigoIssuers := []string{ "CN=GEANT Code Signing CA 4,O=GEANT Vereniging,C=NL", "CN=GEANT Personal CA 4,O=GEANT Vereniging,C=NL", "CN=GEANT Personal ECC CA 4,O=GEANT Vereniging,C=NL", "CN=GEANT eScience Personal CA 4,O=GEANT Vereniging,C=NL", "CN=GEANT eScience Personal ECC CA 4,O=GEANT Vereniging,C=NL", } return slices.Contains(sectigoIssuers, c.Issuer.String()) }
var ( SignatureAlgorithmNames = map[x509.SignatureAlgorithm]string{ x509.UnknownSignatureAlgorithm: "UnknownSignatureAlgorithm", x509.MD2WithRSA: "MD2WithRSA", x509.MD5WithRSA: "MD5WithRSA", x509.SHA1WithRSA: "SHA1WithRSA", x509.SHA256WithRSA: "SHA256WithRSA", x509.SHA384WithRSA: "SHA384WithRSA", x509.SHA512WithRSA: "SHA512WithRSA", x509.DSAWithSHA1: "DSAWithSHA1", x509.DSAWithSHA256: "DSAWithSHA256", x509.ECDSAWithSHA1: "ECDSAWithSHA1", x509.ECDSAWithSHA256: "ECDSAWithSHA256", x509.ECDSAWithSHA384: "ECDSAWithSHA384", x509.ECDSAWithSHA512: "ECDSAWithSHA512", } )
Functions ¶
func CreateAllWatchers ¶
func CreateAllWatchers(certRepoDir string) map[int]*AttributeState
start all known watchers in certRepoDir
func DnToString ¶
DnToString turns a DistinguishedName into a readable string According to the relevant RFCs, there is no canonical form. The returned format is designed to be sortable and have good readability.
func FilterEncryptionEmail ¶
func FilterEncryptionEmail(c *SearchableCert) bool
func NeverMatch ¶
func NeverMatch(c *SearchableCert) bool
NeverMatch does not match any SearchableCert
func ReadCertificates ¶
func ReadCertificates(filenames ...string) []*x509.Certificate
ReadCertificates reads alls x509 certificates from a list of input files. Errors are logged and skipped.
Types ¶
type AttributeState ¶
type AttributeState struct {
// contains filtered or unexported fields
}
keep all connected symlink states plus their associated values in one place
func NewAttributeState ¶
func NewAttributeState(watchthis []WatchForSymlinkChange) *AttributeState
NewAttributeState creates a new set of SymlinkStateWatchers that constitute a single value for the underlying certificate
func (*AttributeState) Get ¶
func (as *AttributeState) Get(serial string) int
return the bitwise-AND-sum of all symlinks that the serial is part of. returns 0 on no-match.
func (*AttributeState) Is ¶
func (as *AttributeState) Is(serial string, what int) bool
returns true if the bitwise-AND-sum of all symlinks if serial is what XXX: semantik sinnvoll?
func (*AttributeState) Len ¶
func (as *AttributeState) Len() int
returns the sum of all links in all watched directories
type CertCache ¶
type CertCache struct {
sync.RWMutex
IndexEmail CertIndex
// contains filtered or unexported fields
}
CertCache provides a map[string]*SearchableCert that is thread-safe
func CertArchiveWatcher ¶
CertArchiveWatcher reads all certificates from the archive directory and watches for the creation of new ones. It returns a *CertCache which is constantly updated and a chan bool that reads a true after the existing certificates have been read.
func (*CertCache) Add ¶
func (cc *CertCache) Add(cert *x509.Certificate) (*SearchableCert, bool)
Add a certificate to a CertCache, returns certificate as SearchableCert and a flag indicating if an existing entry was overwritten
func (*CertCache) Delete ¶
Delete a certificate from a CertCache
func (*CertCache) Filter ¶
func (cc *CertCache) Filter(filter SCFilter) Searchresults
Filter returns all SearchableCerts that match the filter's criteria
func (*CertCache) Get ¶
func (cc *CertCache) Get(serial string) *SearchableCert
Get retrieves a SearchableCert by serial number, return nil on failure
type CertIndex ¶
CertIndex provides a mapping between a string and a set of certificates in a thread-safe way
func (*CertIndex) Add ¶
func (ci *CertIndex) Add(key string, cert *SearchableCert)
Add cert to the set which is associated with key
func (*CertIndex) Get ¶
func (ci *CertIndex) Get(key string) Searchresults
Get returns an array of all certificates for a key
type CertSymlinkState ¶
maps a certificate's serial to true if a symlink exists
func NewCertSymlinkState ¶
func NewCertSymlinkState() *CertSymlinkState
func SymlinkStateWatcher ¶
func SymlinkStateWatcher(path string, initialBatchDone chan bool) *CertSymlinkState
SymlinkStateWatcher reads all symlinks from path and watches creation and deletion of symlinks. It returns a CertSymlinkState which is constantly updated and a chan bool that reads a true after the existing symlinks have been read (to prevent the API from return incomplete results).
func (*CertSymlinkState) In ¶
func (cv *CertSymlinkState) In(serial string) bool
In returns true if serial is included in cv
func (*CertSymlinkState) Len ¶
func (cv *CertSymlinkState) Len() int
func (*CertSymlinkState) Remove ¶
func (cv *CertSymlinkState) Remove(serial string)
Remove adds serial to cv
type JSONResult ¶
type JSONResult struct {
Serial string `json:"serial"`
HexSerial string `json:"hexserial"`
SignatureAlgorithm string `json:"sigalg"`
Subject string `json:"subject"`
CommonName string `json:"cn"`
OrganizationalUnit string `json:"ou"`
KeyLength int `json:"keylength"`
NotBeforeDuration string `json:"notbeforeduration"`
NotBeforeDisplay string `json:"notbefore"`
NotBeforeEpoch int64 `json:"notbeforeepoch"`
NotAfterDuration string `json:"notafterduration"`
NotAfterDisplay string `json:"notafter"`
NotAfterEpoch int64 `json:"notafterepoch"`
DNSNames []string `json:"dnsnames,omitempty"`
EmailAddresses []string `json:"emailaddresses,omitempty"`
IPAddresses []string `json:"ipaddresses,omitempty"`
CAGeneration string `json:"cageneration"`
Type string `json:"type"`
Profile string `json:"profile"`
Expired bool `json:"expired"`
Validity string `json:"valid"`
Public string `json:"public"`
}
JSONResult represents the json export structure of a single certificate
type JSONShell ¶
type JSONShell struct {
Results []*JSONResult `json:"results"`
}
type SCFilter ¶
type SCFilter func(*SearchableCert) bool
SCFilter functions implement a selection criteria for a SearchableCert
func MakeInternalSearchFilter ¶
MakeInternalSearchFilter creates a SCFilter that based on a simple substring match
func MakePublicSearchFilter ¶
func MakePublicSearchFilter(query string, visibilityWatcher *AttributeState) SCFilter
type SearchableCert ¶
type SearchableCert struct {
Serial string
HexSerial string
SignatureAlgorithm string
Subject string
Issuer string
KeyLength int
NotBefore time.Time
NotAfter time.Time
DNSNames []string
EmailAddresses []string
IPAddresses []string
CAGeneration *string
Type int
// contains filtered or unexported fields
}
func CertToSearchable ¶
func CertToSearchable(c *x509.Certificate) SearchableCert
CertToSearchable converts an x509.Certificate into a SearchableCert
func (*SearchableCert) GetDER ¶
func (c *SearchableCert) GetDER() []byte
func (*SearchableCert) GetPEM ¶
func (c *SearchableCert) GetPEM() []byte
func (*SearchableCert) JSONResult ¶
func (c *SearchableCert) JSONResult(watchers map[int]*AttributeState) *JSONResult
type Searchresults ¶
type Searchresults []*SearchableCert
an array of *SearchableCert that implements sort.
func (Searchresults) Filter ¶
func (r Searchresults) Filter(filter SCFilter) Searchresults
Filter returns the subset of results that match filter
func (Searchresults) JSONString ¶
func (r Searchresults) JSONString(watchers map[int]*AttributeState) []byte
func (Searchresults) Len ¶
func (r Searchresults) Len() int
func (Searchresults) Less ¶
func (r Searchresults) Less(i, j int) bool
sort results by type, subject, validity
func (Searchresults) Swap ¶
func (r Searchresults) Swap(i, j int)
func (Searchresults) WriteHTML ¶
func (r Searchresults) WriteHTML(w io.Writer)
Source Files
Directories