crtpin

package module

v0.0.0-...-1bef214 Latest Latest Go to latest Published: Jun 12, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/veehaitch/crtpin

Links

Open Source Insights

README ¶

crtpin

crtpin is a tiny program to calculate public key hashes of hosts suitable for certificate pinning.

Usage

HTTP services running crtpin.veehait.ch.

curl https://crtpin.veehait.ch/nixos.org

{
  "result": {
    "cert": {
      "commonName": "*.nixos.org",
      "daysUntilExpiry": 75,
      "dnsNames": [
        "*.nixos.org",
        "nixos.org"
      ],
      "issuer": "R3",
      "notValidAfter": "2021-05-01T09:02:07Z",
      "notValidBefore": "2021-01-31T09:02:07Z",
      "serialNumber": 3.20230275935086e+41
    },
    "pins": {
      "blake2s256": "GK0cgAGtf0lQVG6aoUCuok61zSrx+CBEiwTPxUIqk+k=",
      "blake2b256": "DySrABnIreLNgWcUqX8JAHkqW2XD6/Y+pSOP4wfHxYI=",
      "sha256": "zM0mIOiZmXDc57J69igPJihA6YO9DWzA28lAHpMERVw=",
      "sha384": "y+4QoCsBJ+G3fMBmaqhEe0/Iv3vmJDGzACCwGhJrYEwoLpzNwdTyVXDGe+gWfKxe",
      "sha512": "Z95m9mw1Vyz9dRmvxv7kd0SxrqnyN9LS6iQ9e+8rOJykLEsE8Q45zE/lZO7Gt1ObyPltYM2gEAKYJqOr2MsoKg=="
    },
    "request": {
      "date": "2021-02-14T12:07:29.322842686+01:00",
      "host": "nixos.org",
      "ip": "2a03:b0c0:3:e0::27e:2001",
      "port": 443,
      "nameserver": "5.9.164.112@853#dns3.digitalcourage.de"
    }
  },
  "error": null
}

Get a specific pin directly using jq:

curl -s https://crtpin.veehait.ch/nixos.org | jq -r '.result.pins.sha256'
zM0mIOiZmXDc57J69igPJihA6YO9DWzA28lAHpMERVw=

Documentation ¶

Index ¶

type CertInfo
type Pins
type PreferIP6
type Request
type Result
- func Crtpin(host string, port int, allowRebind bool) (*Result, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertInfo ¶

type CertInfo struct {
	CommonName      string   `json:"commonName"`
	DaysUntilExpiry int      `json:"daysUntilExpiry"`
	Digest          string   `json:"digest"`
	DNSNames        []string `json:"dnsNames"`
	Issuer          string   `json:"issuer"`
	NotValidAfter   string   `json:"notValidAfter"`
	NotValidBefore  string   `json:"notValidBefore"`
	SerialNumber    big.Int  `json:"serialNumber"`
}

A CertInfo gives basic information about an X.509 certificate

type Pins ¶

type Pins struct {
	BLAKE2s256 string `json:"blake2s256"`
	BLAKE2b256 string `json:"blake2b256"`
	SHA256     string `json:"sha256"`
	SHA384     string `json:"sha384"`
	SHA512     string `json:"sha512"`
}

Pins consists of various Base64-encoded hashes

type PreferIP6 ¶

type PreferIP6 []net.IPAddr

PreferIP6 implements sort.Interface for []net.IPAddr preferring IPv6

func (PreferIP6) Len ¶

func (a PreferIP6) Len() int

func (PreferIP6) Less ¶

func (a PreferIP6) Less(i, _ int) bool

func (PreferIP6) Swap ¶

func (a PreferIP6) Swap(i, j int)

type Request ¶

type Request struct {
	Date       time.Time `json:"date"`
	Host       string    `json:"host"`
	IP         string    `json:"ip"`
	Port       int       `json:"port"`
	NameServer string    `json:"nameserver"`
}

A Request provides meta information about the query

type Result ¶

type Result struct {
	Cert    CertInfo `json:"cert"`
	Pins    Pins     `json:"pins"`
	Request Request  `json:"request"`
}

The Result is the final outcome

func Crtpin ¶

func Crtpin(host string, port int, allowRebind bool) (*Result, error)

Crtpin creates pins and meta information about a certificate used for host and port

Source Files ¶

View all Source files

crtpin.go

Directories ¶

Path	Synopsis
cmd
crtpin-cli
crtpin-http

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL