Documentation
¶
Index ¶
- Constants
- Variables
- func GetValidityMap(trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, ... bool) map[string]ValidationInfo
- func MD5Hash(data []byte) string
- func PKPSHA256Hash(cert *x509.Certificate) string
- func SHA1Hash(data []byte) string
- func SHA256Hash(data []byte) string
- func SHA256SubjectSPKI(cert *x509.Certificate) string
- type Certificate
- type Chain
- type Extensions
- type Hashes
- type IDs
- type JsonRawCert
- type Paths
- type Subject
- type SubjectPublicKeyInfo
- type Trust
- type TrustStore
- type ValidationInfo
- type Validity
- type X509v3BasicConstraints
Constants ¶
View Source
const ( Ubuntu_TS_name = "Ubuntu" Mozilla_TS_name = "Mozilla" Microsoft_TS_name = "Microsoft" Apple_TS_name = "Apple" Android_TS_name = "Android" Default_Cisco_Umbrella_Rank = 2147483647 // max positive value of postgres integer )
Variables ¶
View Source
var ExtKeyUsage = [...]string{
"ExtKeyUsageAny",
"ExtKeyUsageServerAuth",
"ExtKeyUsageClientAuth",
"ExtKeyUsageCodeSigning",
"ExtKeyUsageEmailProtection",
"ExtKeyUsageIPSECEndSystem",
"ExtKeyUsageIPSECTunnel",
"ExtKeyUsageIPSECUser",
"ExtKeyUsageTimeStamping",
"ExtKeyUsageOCSPSigning",
"ExtKeyUsageMicrosoftServerGatedCrypto",
"ExtKeyUsageNetscapeServerGatedCrypto",
}
View Source
var PublicKeyAlgorithm = [...]string{
"UnknownPublicKeyAlgorithm",
"RSA",
"DSA",
"ECDSA",
}
View Source
var SignatureAlgorithm = [...]string{
"UnknownSignatureAlgorithm",
"MD2WithRSA",
"MD5WithRSA",
"SHA1WithRSA",
"SHA256WithRSA",
"SHA384WithRSA",
"SHA512WithRSA",
"DSAWithSHA1",
"DSAWithSHA256",
"ECDSAWithSHA1",
"ECDSAWithSHA256",
"ECDSAWithSHA384",
"ECDSAWithSHA512",
}
Functions ¶
func GetValidityMap ¶
func GetValidityMap(trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool) map[string]ValidationInfo
GetValidityMap converts boolean validity variables to a validity map.
func PKPSHA256Hash ¶
func PKPSHA256Hash(cert *x509.Certificate) string
func SHA256Hash ¶
func SHA256SubjectSPKI ¶
func SHA256SubjectSPKI(cert *x509.Certificate) string
Types ¶
type Certificate ¶
type Certificate struct {
ID int64 `json:"id"`
Serial string `json:"serialNumber"`
ScanTarget string `json:"scanTarget,omitempty"`
IPs []string `json:"ips,omitempty"`
Version int `json:"version"`
SignatureAlgorithm string `json:"signatureAlgorithm"`
Issuer Subject `json:"issuer"`
Validity Validity `json:"validity"`
Subject Subject `json:"subject"`
Key SubjectPublicKeyInfo `json:"key"`
X509v3Extensions Extensions `json:"x509v3Extensions"`
X509v3BasicConstraints string `json:"x509v3BasicConstraints"`
CA bool `json:"ca"`
Analysis interface{} `json:"analysis,omitempty"` //for future use...
ParentSignature []string `json:"parentSignature,omitempty"`
ValidationInfo map[string]ValidationInfo `json:"validationInfo"`
FirstSeenTimestamp time.Time `json:"firstSeenTimestamp"`
LastSeenTimestamp time.Time `json:"lastSeenTimestamp"`
Hashes Hashes `json:"hashes"`
Raw string `json:"Raw"`
CiscoUmbrellaRank int64 `json:"ciscoUmbrellaRank"`
Anomalies string `json:"anomalies,omitempty"`
}
func CertToStored ¶
func CertToStored(cert *x509.Certificate, parentSignature, domain, ip string, TSName string, valInfo *ValidationInfo) Certificate
certtoStored returns a Certificate struct created from a X509.Certificate
func (Certificate) GetBooleanValidity ¶
func (c Certificate) GetBooleanValidity() (trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool)
GetBooleanValidity converts the validation info map to DB booleans
func (Certificate) IsSelfSigned ¶
func (c Certificate) IsSelfSigned() bool
IsSelfSigned return true if the subject and issuer fields of a certificate are identical
func (Certificate) ToX509 ¶
func (cert Certificate) ToX509() (xcert *x509.Certificate, err error)
ToX509() returns the crypto/x509 version of a certificate
type Extensions ¶
type Extensions struct {
AuthorityKeyId string `json:"authorityKeyId"`
SubjectKeyId string `json:"subjectKeyId"`
KeyUsage []string `json:"keyUsage"`
ExtendedKeyUsage []string `json:"extendedKeyUsage"`
SubjectAlternativeName []string `json:"subjectAlternativeName"`
CRLDistributionPoints []string `json:"crlDistributionPoint"`
PolicyIdentifiers []string `json:"policyIdentifiers,omitempty"`
PermittedDNSDomains []string `json:"permittedDNSNames,omitempty"`
PermittedIPAddresses []string `json:"permittedIPAddresses,omitempty"`
ExcludedDNSDomains []string `json:"excludedDNSNames,omitempty"`
ExcludedIPAddresses []string `json:"excludedIPAddresses,omitempty"`
IsTechnicallyConstrained bool `json:"isTechnicallyConstrained"`
}
Currently exporting extensions that are already decoded into the x509 Certificate structure
type JsonRawCert ¶
type JsonRawCert struct {
RawCert string `json:"rawCert"`
}
type Paths ¶
type Paths struct {
Cert *Certificate `json:"certificate"`
Parents []Paths `json:"parents"`
// contains filtered or unexported fields
}
Paths represent the chain of trust between a given certificate and one of multiple parents. It is meant to be walked recursively from an end-entity to a trusted root
func (Paths) GetValidityMap ¶
func (p Paths) GetValidityMap() map[string]ValidationInfo
func (Paths) IsTrustedBy ¶
type Subject ¶
type SubjectPublicKeyInfo ¶
type SubjectPublicKeyInfo struct {
Alg string `json:"alg,omitempty"`
Size float64 `json:"size,omitempty"`
Exponent float64 `json:"exponent,omitempty"`
X string `json:"x,omitempty"`
Y string `json:"y,omitempty"`
P string `json:"p,omitempty"`
Q string `json:"q,omitempty"`
G string `json:"g,omitempty"`
Curve string `json:"curve,omitempty"`
}
type TrustStore ¶
type ValidationInfo ¶
type X509v3BasicConstraints ¶
type X509v3BasicConstraints struct {
CA bool `json:"ca"`
Analysis interface{} `json:"analysis,omitempty"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.