Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for IDNs 

IDNs can be specified in either Unicode or ASCII (as Punycode).
Certs can specify the DNS name either way, and we'll match it.
This commit is contained in:
Andrew Ayer 2016-04-26 14:38:09 -07:00
parent 19c5f86d23
commit 4132ed5e9f
1 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
cmd/ctwatch/main.go
View File

@ -7,6 +7,8 @@ import (
"bufio" "bufio"
"strings" "strings"
"golang.org/x/net/idna"
"src.agwa.name/ctwatch" "src.agwa.name/ctwatch"
"src.agwa.name/ctwatch/ct" "src.agwa.name/ctwatch/ct"
"src.agwa.name/ctwatch/cmd" "src.agwa.name/ctwatch/cmd"
@ -24,17 +26,38 @@ var stateDir = flag.String("state_dir", DefaultStateDir(), "Directory for storin
var watchDomains []string var watchDomains []string
var watchDomainSuffixes []string var watchDomainSuffixes []string
func setWatchDomains (domains []string) { func addWatchDomain (domain string) {
watchDomains = append(watchDomains, strings.ToLower(domain))
watchDomainSuffixes = append(watchDomainSuffixes, "." + strings.ToLower(domain))
}
func setWatchDomains (domains []string) error {
for _, domain := range domains { for _, domain := range domains {
if domain == "." { // "." as in root zone (matches everything) if domain == "." { // "." as in root zone (matches everything)
watchDomains = []string{} watchDomains = []string{}
watchDomainSuffixes = []string{""} watchDomainSuffixes = []string{""}
break break
} else { } else {
watchDomains = append(watchDomains, strings.ToLower(domain)) addWatchDomain(domain)
watchDomainSuffixes = append(watchDomainSuffixes, "." + strings.ToLower(domain))
asciiDomain, err := idna.ToASCII(domain)
if err != nil {
return fmt.Errorf("Invalid domain `%s': %s", domain, err)
}
if asciiDomain != domain {
addWatchDomain(asciiDomain)
}
unicodeDomain, err := idna.ToUnicode(domain)
if err != nil {
return fmt.Errorf("Invalid domain `%s': %s", domain, err)
}
if unicodeDomain != domain {
addWatchDomain(unicodeDomain)
} }
} }
}
return nil
} }
func dnsNameMatches (dnsName string) bool { func dnsNameMatches (dnsName string) bool {
@ -105,9 +128,15 @@ func main() {
fmt.Fprintf(os.Stderr, "%s: Error reading standard input: %s\n", os.Args[0], err) fmt.Fprintf(os.Stderr, "%s: Error reading standard input: %s\n", os.Args[0], err)
os.Exit(1) os.Exit(1)
} }
setWatchDomains(domains) if err := setWatchDomains(domains); err != nil {
fmt.Fprintf(os.Stderr, "%s: %s\n", os.Args[0], err)
os.Exit(1)
}
} else { } else {
setWatchDomains(flag.Args()) if err := setWatchDomains(flag.Args()); err != nil {
fmt.Fprintf(os.Stderr, "%s: %s\n", os.Args[0], err)
os.Exit(1)
}
} }
cmd.Main(*stateDir, processEntry) cmd.Main(*stateDir, processEntry)