Documentation ¶
Index ¶
- Constants
- Variables
- func GetHexASN1Serial(cert *x509.Certificate) (serial string, err error)
- func GetValidityMap(trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, ... bool) map[string]ValidationInfo
- func MD5Hash(data []byte) string
- func PKPSHA256Hash(cert *x509.Certificate) string
- func SHA1Hash(data []byte) string
- func SHA256Hash(data []byte) string
- func SPKISHA256(cert *x509.Certificate) string
- func SubjectSPKISHA256(cert *x509.Certificate) string
- type Certificate
- type Chain
- type Extensions
- type Hashes
- type IDs
- type JsonRawCert
- type MozillaPolicy
- type Paths
- type Subject
- type SubjectPublicKeyInfo
- type Trust
- type TrustStore
- type ValidationInfo
- type Validity
- type X509v3BasicConstraints
Constants ¶
View Source
const ( Ubuntu_TS_name = "Ubuntu" Mozilla_TS_name = "Mozilla" Microsoft_TS_name = "Microsoft" Apple_TS_name = "Apple" Android_TS_name = "Android" Default_Cisco_Umbrella_Rank = 2147483647 // max positive value of postgres integer )
Variables ¶
View Source
var ExtKeyUsage = [...]string{
"ExtKeyUsageAny",
"ExtKeyUsageServerAuth",
"ExtKeyUsageClientAuth",
"ExtKeyUsageCodeSigning",
"ExtKeyUsageEmailProtection",
"ExtKeyUsageIPSECEndSystem",
"ExtKeyUsageIPSECTunnel",
"ExtKeyUsageIPSECUser",
"ExtKeyUsageTimeStamping",
"ExtKeyUsageOCSPSigning",
"ExtKeyUsageMicrosoftServerGatedCrypto",
"ExtKeyUsageNetscapeServerGatedCrypto",
"ExtKeyUsageMicrosoftCommercialCodeSigning",
"ExtKeyUsageMicrosoftKernelCodeSigning",
}
View Source
var ExtKeyUsageOID = [...]string{ asn1.ObjectIdentifier{2, 5, 29, 37, 0}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 3}.String(), asn1.ObjectIdentifier{2, 16, 840, 1, 113730, 4, 1}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 22}.String(), asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 61, 1, 1}.String(), }
View Source
var PublicKeyAlgorithm = [...]string{
"UnknownPublicKeyAlgorithm",
"RSA",
"DSA",
"ECDSA",
}
View Source
var SignatureAlgorithm = [...]string{
"UnknownSignatureAlgorithm",
"MD2WithRSA",
"MD5WithRSA",
"SHA1WithRSA",
"SHA256WithRSA",
"SHA384WithRSA",
"SHA512WithRSA",
"DSAWithSHA1",
"DSAWithSHA256",
"ECDSAWithSHA1",
"ECDSAWithSHA256",
"ECDSAWithSHA384",
"ECDSAWithSHA512",
}
Functions ¶
func GetHexASN1Serial ¶
func GetHexASN1Serial(cert *x509.Certificate) (serial string, err error)
func GetValidityMap ¶
func GetValidityMap(trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool) map[string]ValidationInfo
GetValidityMap converts boolean validity variables to a validity map.
func PKPSHA256Hash ¶
func PKPSHA256Hash(cert *x509.Certificate) string
func SHA256Hash ¶
func SPKISHA256 ¶
func SPKISHA256(cert *x509.Certificate) string
func SubjectSPKISHA256 ¶
func SubjectSPKISHA256(cert *x509.Certificate) string
Types ¶
type Certificate ¶
type Certificate struct { ID int64 `json:"id"` Serial string `json:"serialNumber"` ScanTarget string `json:"scanTarget,omitempty"` IPs []string `json:"ips,omitempty"` Version int `json:"version"` SignatureAlgorithm string `json:"signatureAlgorithm"` Issuer Subject `json:"issuer"` Validity Validity `json:"validity"` Subject Subject `json:"subject"` Key SubjectPublicKeyInfo `json:"key"` X509v3Extensions Extensions `json:"x509v3Extensions"` X509v3BasicConstraints string `json:"x509v3BasicConstraints"` CA bool `json:"ca"` Analysis interface{} `json:"analysis,omitempty"` //for future use... ParentSignature []string `json:"parentSignature,omitempty"` ValidationInfo map[string]ValidationInfo `json:"validationInfo"` FirstSeenTimestamp time.Time `json:"firstSeenTimestamp"` LastSeenTimestamp time.Time `json:"lastSeenTimestamp"` Hashes Hashes `json:"hashes"` Raw string `json:"Raw"` CiscoUmbrellaRank int64 `json:"ciscoUmbrellaRank"` Anomalies string `json:"anomalies,omitempty"` MozillaPolicyV2_5 MozillaPolicy `json:"mozillaPolicyV2_5"` }
func CertToStored ¶
func CertToStored(cert *x509.Certificate, parentSignature, domain, ip string, TSName string, valInfo *ValidationInfo) Certificate
certtoStored returns a Certificate struct created from a X509.Certificate
func (Certificate) GetBooleanValidity ¶
func (c Certificate) GetBooleanValidity() (trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool)
GetBooleanValidity converts the validation info map to DB booleans
func (Certificate) IsSelfSigned ¶
func (c Certificate) IsSelfSigned() bool
IsSelfSigned return true if the subject and issuer fields of a certificate are identical
func (Certificate) ToX509 ¶
func (cert Certificate) ToX509() (xcert *x509.Certificate, err error)
ToX509() returns the crypto/x509 version of a certificate
type Extensions ¶
type Extensions struct { AuthorityKeyId string `json:"authorityKeyId"` SubjectKeyId string `json:"subjectKeyId"` KeyUsage []string `json:"keyUsage"` ExtendedKeyUsage []string `json:"extendedKeyUsage"` ExtendedKeyUsageOID []string `json:"extendedKeyUsageOID"` SubjectAlternativeName []string `json:"subjectAlternativeName"` CRLDistributionPoints []string `json:"crlDistributionPoint"` PolicyIdentifiers []string `json:"policyIdentifiers,omitempty"` PermittedDNSDomains []string `json:"permittedDNSNames,omitempty"` PermittedIPAddresses []string `json:"permittedIPAddresses,omitempty"` ExcludedDNSDomains []string `json:"excludedDNSNames,omitempty"` ExcludedIPAddresses []string `json:"excludedIPAddresses,omitempty"` IsTechnicallyConstrained bool `json:"isTechnicallyConstrained"` }
Currently exporting extensions that are already decoded into the x509 Certificate structure
type JsonRawCert ¶
type JsonRawCert struct {
RawCert string `json:"rawCert"`
}
type MozillaPolicy ¶
type MozillaPolicy struct {
IsTechnicallyConstrained bool
}
type Paths ¶
type Paths struct { Cert *Certificate `json:"certificate"` Parents []Paths `json:"parents"` // contains filtered or unexported fields }
Paths represent the chain of trust between a given certificate and one of multiple parents. It is meant to be walked recursively from an end-entity to a trusted root
func (Paths) GetValidityMap ¶
func (p Paths) GetValidityMap() map[string]ValidationInfo
func (Paths) IsTrustedBy ¶
type Subject ¶
type SubjectPublicKeyInfo ¶
type SubjectPublicKeyInfo struct { Alg string `json:"alg,omitempty"` Size float64 `json:"size,omitempty"` Exponent float64 `json:"exponent,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` P string `json:"p,omitempty"` Q string `json:"q,omitempty"` G string `json:"g,omitempty"` Curve string `json:"curve,omitempty"` }
type TrustStore ¶
type ValidationInfo ¶
type X509v3BasicConstraints ¶
type X509v3BasicConstraints struct { CA bool `json:"ca"` Analysis interface{} `json:"analysis,omitempty"` }
Click to show internal directories.
Click to hide internal directories.