certificate

package
v0.0.0-...-ac45d91 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 5, 2024 License: MPL-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Ubuntu_TS_name    = "Ubuntu"
	Mozilla_TS_name   = "Mozilla"
	Microsoft_TS_name = "Microsoft"
	Apple_TS_name     = "Apple"
	Android_TS_name   = "Android"

	Default_Cisco_Umbrella_Rank = 2147483647 // max positive value of postgres integer
)
View Source
const (
	E_SEP string = "   "
	S_SEP string = "│  "
	T_SEP string = "├──"
	L_SEP string = "└──"
	C_SEP string = "───"
)

Variables

View Source
var ExtKeyUsage = [...]string{
	"ExtKeyUsageAny",
	"ExtKeyUsageServerAuth",
	"ExtKeyUsageClientAuth",
	"ExtKeyUsageCodeSigning",
	"ExtKeyUsageEmailProtection",
	"ExtKeyUsageIPSECEndSystem",
	"ExtKeyUsageIPSECTunnel",
	"ExtKeyUsageIPSECUser",
	"ExtKeyUsageTimeStamping",
	"ExtKeyUsageOCSPSigning",
	"ExtKeyUsageMicrosoftServerGatedCrypto",
	"ExtKeyUsageNetscapeServerGatedCrypto",
	"ExtKeyUsageMicrosoftCommercialCodeSigning",
	"ExtKeyUsageMicrosoftKernelCodeSigning",
}
View Source
var ExtKeyUsageOID = [...]string{
	asn1.ObjectIdentifier{2, 5, 29, 37, 0}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 3}.String(),
	asn1.ObjectIdentifier{2, 16, 840, 1, 113730, 4, 1}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 22}.String(),
	asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 61, 1, 1}.String(),
}
View Source
var PublicKeyAlgorithm = [...]string{
	"UnknownPublicKeyAlgorithm",
	"RSA",
	"DSA",
	"ECDSA",
}
View Source
var SignatureAlgorithm = [...]string{
	"UnknownSignatureAlgorithm",
	"MD2WithRSA",
	"MD5WithRSA",
	"SHA1WithRSA",
	"SHA256WithRSA",
	"SHA384WithRSA",
	"SHA512WithRSA",
	"DSAWithSHA1",
	"DSAWithSHA256",
	"ECDSAWithSHA1",
	"ECDSAWithSHA256",
	"ECDSAWithSHA384",
	"ECDSAWithSHA512",
}

Functions

func GetHexASN1Serial

func GetHexASN1Serial(cert *x509.Certificate) (serial string, err error)

func GetValidityMap

func GetValidityMap(trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool) map[string]ValidationInfo

GetValidityMap converts boolean validity variables to a validity map.

func MD5Hash

func MD5Hash(data []byte) string

func PKPSHA256Hash

func PKPSHA256Hash(cert *x509.Certificate) string

func SHA1Hash

func SHA1Hash(data []byte) string

func SHA256Hash

func SHA256Hash(data []byte) string

func SPKISHA256

func SPKISHA256(cert *x509.Certificate) string

func SubjectSPKISHA256

func SubjectSPKISHA256(cert *x509.Certificate) string

Types

type Certificate

type Certificate struct {
	ID                     int64                     `json:"id"`
	Serial                 string                    `json:"serialNumber"`
	ScanTarget             string                    `json:"scanTarget,omitempty"`
	IPs                    []string                  `json:"ips,omitempty"`
	Version                int                       `json:"version"`
	SignatureAlgorithm     string                    `json:"signatureAlgorithm"`
	Issuer                 Subject                   `json:"issuer"`
	Validity               Validity                  `json:"validity"`
	Subject                Subject                   `json:"subject"`
	Key                    SubjectPublicKeyInfo      `json:"key"`
	X509v3Extensions       Extensions                `json:"x509v3Extensions"`
	X509v3BasicConstraints string                    `json:"x509v3BasicConstraints"`
	CA                     bool                      `json:"ca"`
	Analysis               interface{}               `json:"analysis,omitempty"` //for future use...
	ParentSignature        []string                  `json:"parentSignature,omitempty"`
	ValidationInfo         map[string]ValidationInfo `json:"validationInfo"`
	FirstSeenTimestamp     time.Time                 `json:"firstSeenTimestamp"`
	LastSeenTimestamp      time.Time                 `json:"lastSeenTimestamp"`
	Hashes                 Hashes                    `json:"hashes"`
	Raw                    string                    `json:"Raw"`
	CiscoUmbrellaRank      int64                     `json:"ciscoUmbrellaRank"`
	Anomalies              string                    `json:"anomalies,omitempty"`
	MozillaPolicyV2_5      MozillaPolicy             `json:"mozillaPolicyV2_5"`
}

func CertToStored

func CertToStored(cert *x509.Certificate, parentSignature, domain, ip string, TSName string, valInfo *ValidationInfo) Certificate

certtoStored returns a Certificate struct created from a X509.Certificate

func (Certificate) GetBooleanValidity

func (c Certificate) GetBooleanValidity() (trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool)

GetBooleanValidity converts the validation info map to DB booleans

func (Certificate) IsSelfSigned

func (c Certificate) IsSelfSigned() bool

IsSelfSigned return true if the subject and issuer fields of a certificate are identical

func (Certificate) ToX509

func (cert Certificate) ToX509() (xcert *x509.Certificate, err error)

ToX509() returns the crypto/x509 version of a certificate

type Chain

type Chain struct {
	Domain string `json:"domain"`
	IP     string `json:"ip"`
	// base64 DER encoded certificates
	Certs []string `json:"certs"`
}

type Extensions

type Extensions struct {
	AuthorityKeyId           string   `json:"authorityKeyId"`
	SubjectKeyId             string   `json:"subjectKeyId"`
	KeyUsage                 []string `json:"keyUsage"`
	ExtendedKeyUsage         []string `json:"extendedKeyUsage"`
	ExtendedKeyUsageOID      []string `json:"extendedKeyUsageOID"`
	SubjectAlternativeName   []string `json:"subjectAlternativeName"`
	CRLDistributionPoints    []string `json:"crlDistributionPoint"`
	PolicyIdentifiers        []string `json:"policyIdentifiers,omitempty"`
	PermittedDNSDomains      []string `json:"permittedDNSNames,omitempty"`
	PermittedIPAddresses     []string `json:"permittedIPAddresses,omitempty"`
	ExcludedDNSDomains       []string `json:"excludedDNSNames,omitempty"`
	ExcludedIPAddresses      []string `json:"excludedIPAddresses,omitempty"`
	IsTechnicallyConstrained bool     `json:"isTechnicallyConstrained"`
}

Currently exporting extensions that are already decoded into the x509 Certificate structure

type Hashes

type Hashes struct {
	MD5               string `json:"md5,omitempty"`
	SHA1              string `json:"sha1,omitempty"`
	SHA256            string `json:"sha256,omitempty"`
	SPKISHA256        string `json:"spki-sha256,omitempty"`
	SubjectSPKISHA256 string `json:"subject-spki-sha256,omitempty"`
	PKPSHA256         string `json:"pin-sha256,omitempty"`
}

type IDs

type IDs struct {
	// contains filtered or unexported fields
}

type JsonRawCert

type JsonRawCert struct {
	RawCert string `json:"rawCert"`
}

type MozillaPolicy

type MozillaPolicy struct {
	IsTechnicallyConstrained bool
}

type Paths

type Paths struct {
	Cert    *Certificate `json:"certificate"`
	Parents []Paths      `json:"parents"`
	// contains filtered or unexported fields
}

Paths represent the chain of trust between a given certificate and one of multiple parents. It is meant to be walked recursively from an end-entity to a trusted root

func (Paths) GetValidityMap

func (p Paths) GetValidityMap() map[string]ValidationInfo

func (Paths) IsTrustedBy

func (p Paths) IsTrustedBy(truststore string) bool

func (Paths) String

func (p Paths) String() (str string)

type Subject

type Subject struct {
	ID           int64    `json:"id,omitempty"`
	Country      []string `json:"c,omitempty"`
	Organisation []string `json:"o,omitempty"`
	OrgUnit      []string `json:"ou,omitempty"`
	CommonName   string   `json:"cn,omitempty"`
}

func (Subject) String

func (s Subject) String() string

String() prints the subject as a single string, following OpenSSL's display format: Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com

type SubjectPublicKeyInfo

type SubjectPublicKeyInfo struct {
	Alg      string  `json:"alg,omitempty"`
	Size     float64 `json:"size,omitempty"`
	Exponent float64 `json:"exponent,omitempty"`
	X        string  `json:"x,omitempty"`
	Y        string  `json:"y,omitempty"`
	P        string  `json:"p,omitempty"`
	Q        string  `json:"q,omitempty"`
	G        string  `json:"g,omitempty"`
	Curve    string  `json:"curve,omitempty"`
}

type Trust

type Trust struct {
	ID               int64
	CertID           int64
	IssuerID         int64
	Timestamp        time.Time
	TrustUbuntu      bool
	TrustMozilla     bool
	TrustedMicrosoft bool
	TrustedApple     bool
	TrustedAndroid   bool
	Current          bool
}

type TrustStore

type TrustStore struct {
	Name  string
	Certs *x509.CertPool
}

type ValidationInfo

type ValidationInfo struct {
	IsValid         bool   `json:"isValid,omitempty"`
	ValidationError string `json:"validationError,omitempty"`
}

type Validity

type Validity struct {
	NotBefore time.Time `json:"notBefore"`
	NotAfter  time.Time `json:"notAfter"`
}

type X509v3BasicConstraints

type X509v3BasicConstraints struct {
	CA       bool        `json:"ca"`
	Analysis interface{} `json:"analysis,omitempty"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL