Add PubkeySHA256 to discoveredCert
This commit is contained in:
parent
05bf3d0c62
commit
03c21ed118
|
@ -11,7 +11,6 @@ package monitor
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/sha256"
|
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
|
@ -29,6 +28,7 @@ type discoveredCert struct {
|
||||||
Info *certspotter.CertInfo
|
Info *certspotter.CertInfo
|
||||||
Chain []ct.ASN1Cert // first entry is the leaf certificate or precertificate
|
Chain []ct.ASN1Cert // first entry is the leaf certificate or precertificate
|
||||||
LeafSHA256 [32]byte // computed over Chain[0]
|
LeafSHA256 [32]byte // computed over Chain[0]
|
||||||
|
PubkeySHA256 [32]byte // computed over Info.TBS.PublicKey.FullBytes
|
||||||
Identifiers *certspotter.Identifiers
|
Identifiers *certspotter.Identifiers
|
||||||
CertPath string // empty if not saved on the filesystem
|
CertPath string // empty if not saved on the filesystem
|
||||||
JSONPath string // empty if not saved on the filesystem
|
JSONPath string // empty if not saved on the filesystem
|
||||||
|
@ -49,11 +49,9 @@ func (cert *discoveredCert) pemChain() []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cert *discoveredCert) json() []byte {
|
func (cert *discoveredCert) json() []byte {
|
||||||
pubkeySha256 := sha256.Sum256(cert.Info.TBS.GetRawPublicKey())
|
|
||||||
|
|
||||||
object := map[string]any{
|
object := map[string]any{
|
||||||
"cert_sha256": hex.EncodeToString(cert.LeafSHA256[:]),
|
"cert_sha256": hex.EncodeToString(cert.LeafSHA256[:]),
|
||||||
"pubkey_sha256": hex.EncodeToString(pubkeySha256[:]),
|
"pubkey_sha256": hex.EncodeToString(cert.PubkeySHA256[:]),
|
||||||
"issuer_der": cert.Info.TBS.Issuer.FullBytes,
|
"issuer_der": cert.Info.TBS.Issuer.FullBytes,
|
||||||
"subject_der": cert.Info.TBS.Subject.FullBytes,
|
"subject_der": cert.Info.TBS.Subject.FullBytes,
|
||||||
"dns_names": cert.Identifiers.DNSNames,
|
"dns_names": cert.Identifiers.DNSNames,
|
||||||
|
@ -95,8 +93,6 @@ func (cert *discoveredCert) save() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cert *discoveredCert) Environ() []string {
|
func (cert *discoveredCert) Environ() []string {
|
||||||
pubkeySha256 := sha256.Sum256(cert.Info.TBS.GetRawPublicKey())
|
|
||||||
|
|
||||||
env := []string{
|
env := []string{
|
||||||
"EVENT=discovered_cert",
|
"EVENT=discovered_cert",
|
||||||
"SUMMARY=certificate discovered for " + cert.WatchItem.String(),
|
"SUMMARY=certificate discovered for " + cert.WatchItem.String(),
|
||||||
|
@ -106,8 +102,8 @@ func (cert *discoveredCert) Environ() []string {
|
||||||
"WATCH_ITEM=" + cert.WatchItem.String(),
|
"WATCH_ITEM=" + cert.WatchItem.String(),
|
||||||
"CERT_SHA256=" + hex.EncodeToString(cert.LeafSHA256[:]),
|
"CERT_SHA256=" + hex.EncodeToString(cert.LeafSHA256[:]),
|
||||||
"FINGERPRINT=" + hex.EncodeToString(cert.LeafSHA256[:]), // backwards compat with pre-0.15.0; not documented
|
"FINGERPRINT=" + hex.EncodeToString(cert.LeafSHA256[:]), // backwards compat with pre-0.15.0; not documented
|
||||||
"PUBKEY_SHA256=" + hex.EncodeToString(pubkeySha256[:]),
|
"PUBKEY_SHA256=" + hex.EncodeToString(cert.PubkeySHA256[:]),
|
||||||
"PUBKEY_HASH=" + hex.EncodeToString(pubkeySha256[:]), // backwards compat with pre-0.15.0; not documented
|
"PUBKEY_HASH=" + hex.EncodeToString(cert.PubkeySHA256[:]), // backwards compat with pre-0.15.0; not documented
|
||||||
"CERT_FILENAME=" + cert.CertPath,
|
"CERT_FILENAME=" + cert.CertPath,
|
||||||
"JSON_FILENAME=" + cert.JSONPath,
|
"JSON_FILENAME=" + cert.JSONPath,
|
||||||
"TEXT_FILENAME=" + cert.TextPath,
|
"TEXT_FILENAME=" + cert.TextPath,
|
||||||
|
@ -151,8 +147,6 @@ func (cert *discoveredCert) Text() string {
|
||||||
text := new(strings.Builder)
|
text := new(strings.Builder)
|
||||||
writeField := func(name string, value any) { fmt.Fprintf(text, "\t%13s = %s\n", name, value) }
|
writeField := func(name string, value any) { fmt.Fprintf(text, "\t%13s = %s\n", name, value) }
|
||||||
|
|
||||||
pubkeySha256 := sha256.Sum256(cert.Info.TBS.GetRawPublicKey())
|
|
||||||
|
|
||||||
fmt.Fprintf(text, "%x:\n", cert.LeafSHA256)
|
fmt.Fprintf(text, "%x:\n", cert.LeafSHA256)
|
||||||
for _, dnsName := range cert.Identifiers.DNSNames {
|
for _, dnsName := range cert.Identifiers.DNSNames {
|
||||||
writeField("DNS Name", dnsName)
|
writeField("DNS Name", dnsName)
|
||||||
|
@ -160,7 +154,7 @@ func (cert *discoveredCert) Text() string {
|
||||||
for _, ipaddr := range cert.Identifiers.IPAddrs {
|
for _, ipaddr := range cert.Identifiers.IPAddrs {
|
||||||
writeField("IP Address", ipaddr)
|
writeField("IP Address", ipaddr)
|
||||||
}
|
}
|
||||||
writeField("Pubkey", hex.EncodeToString(pubkeySha256[:]))
|
writeField("Pubkey", hex.EncodeToString(cert.PubkeySHA256[:]))
|
||||||
if cert.Info.IssuerParseError == nil {
|
if cert.Info.IssuerParseError == nil {
|
||||||
writeField("Issuer", cert.Info.Issuer)
|
writeField("Issuer", cert.Info.Issuer)
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -93,6 +93,7 @@ func processCertificate(ctx context.Context, config *Config, entry *logEntry, ce
|
||||||
Info: certInfo,
|
Info: certInfo,
|
||||||
Chain: chain,
|
Chain: chain,
|
||||||
LeafSHA256: sha256.Sum256(chain[0]),
|
LeafSHA256: sha256.Sum256(chain[0]),
|
||||||
|
PubkeySHA256: sha256.Sum256(certInfo.TBS.PublicKey.FullBytes),
|
||||||
Identifiers: identifiers,
|
Identifiers: identifiers,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue