Rename LeafSHA256 to avoid confusion with Merkle leafs
This commit is contained in:
Andrew Ayer
parent
7a8a770d99
commit
9ec3c74400
|
|
@ -28,7 +28,7 @@ type discoveredCert struct {
|
|||
Info *certspotter.CertInfo
|
||||
Chain []ct.ASN1Cert // first entry is the leaf certificate or precertificate
|
||||
TBSSHA256 [32]byte // computed over Info.TBS.Raw
|
||||
LeafSHA256 [32]byte // computed over Chain[0]
|
||||
SHA256 [32]byte // computed over Chain[0]
|
||||
PubkeySHA256 [32]byte // computed over Info.TBS.PublicKey.FullBytes
|
||||
Identifiers *certspotter.Identifiers
|
||||
CertPath string // empty if not saved on the filesystem
|
||||
|
|
@ -52,7 +52,7 @@ func (cert *discoveredCert) pemChain() []byte {
|
|||
func (cert *discoveredCert) json() []byte {
|
||||
object := map[string]any{
|
||||
"tbs_sha256": hex.EncodeToString(cert.TBSSHA256[:]),
|
||||
"cert_sha256": hex.EncodeToString(cert.LeafSHA256[:]),
|
||||
"cert_sha256": hex.EncodeToString(cert.SHA256[:]),
|
||||
"pubkey_sha256": hex.EncodeToString(cert.PubkeySHA256[:]),
|
||||
"issuer_der": cert.Info.TBS.Issuer.FullBytes,
|
||||
"subject_der": cert.Info.TBS.Subject.FullBytes,
|
||||
|
|
@ -103,8 +103,8 @@ func (cert *discoveredCert) Environ() []string {
|
|||
"ENTRY_INDEX=" + fmt.Sprint(cert.LogEntry.Index),
|
||||
"WATCH_ITEM=" + cert.WatchItem.String(),
|
||||
"TBS_SHA256=" + hex.EncodeToString(cert.TBSSHA256[:]),
|
||||
"CERT_SHA256=" + hex.EncodeToString(cert.LeafSHA256[:]),
|
||||
"FINGERPRINT=" + hex.EncodeToString(cert.LeafSHA256[:]), // backwards compat with pre-0.15.0; not documented
|
||||
"CERT_SHA256=" + hex.EncodeToString(cert.SHA256[:]),
|
||||
"FINGERPRINT=" + hex.EncodeToString(cert.SHA256[:]), // backwards compat with pre-0.15.0; not documented
|
||||
"PUBKEY_SHA256=" + hex.EncodeToString(cert.PubkeySHA256[:]),
|
||||
"PUBKEY_HASH=" + hex.EncodeToString(cert.PubkeySHA256[:]), // backwards compat with pre-0.15.0; not documented
|
||||
"CERT_FILENAME=" + cert.CertPath,
|
||||
|
|
@ -150,7 +150,7 @@ func (cert *discoveredCert) Text() string {
|
|||
text := new(strings.Builder)
|
||||
writeField := func(name string, value any) { fmt.Fprintf(text, "\t%13s = %s\n", name, value) }
|
||||
|
||||
fmt.Fprintf(text, "%x:\n", cert.LeafSHA256)
|
||||
fmt.Fprintf(text, "%x:\n", cert.SHA256)
|
||||
for _, dnsName := range cert.Identifiers.DNSNames {
|
||||
writeField("DNS Name", dnsName)
|
||||
}
|
||||
|
|
@ -171,7 +171,7 @@ func (cert *discoveredCert) Text() string {
|
|||
writeField("Not After", fmt.Sprintf("[unable to parse: %s]", cert.Info.ValidityParseError))
|
||||
}
|
||||
writeField("Log Entry", fmt.Sprintf("%d @ %s", cert.LogEntry.Index, cert.LogEntry.Log.URL))
|
||||
writeField("crt.sh", "https://crt.sh/?sha256="+hex.EncodeToString(cert.LeafSHA256[:]))
|
||||
writeField("crt.sh", "https://crt.sh/?sha256="+hex.EncodeToString(cert.SHA256[:]))
|
||||
if cert.CertPath != "" {
|
||||
writeField("Filename", cert.CertPath)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,14 +103,14 @@ func processCertificate(ctx context.Context, config *Config, entry *logEntry, ce
|
|||
Info: certInfo,
|
||||
Chain: chain,
|
||||
TBSSHA256: sha256.Sum256(certInfo.TBS.Raw),
|
||||
LeafSHA256: sha256.Sum256(chain[0]),
|
||||
SHA256: sha256.Sum256(chain[0]),
|
||||
PubkeySHA256: sha256.Sum256(certInfo.TBS.PublicKey.FullBytes),
|
||||
Identifiers: identifiers,
|
||||
}
|
||||
|
||||
var notifiedPath string
|
||||
if config.SaveCerts {
|
||||
hexFingerprint := hex.EncodeToString(cert.LeafSHA256[:])
|
||||
hexFingerprint := hex.EncodeToString(cert.SHA256[:])
|
||||
prefixPath := filepath.Join(config.StateDir, "certs", hexFingerprint[0:2])
|
||||
|
||||
for _, suffix := range []string{".notified", ".cert.pem", ".precert.pem"} {
|
||||
|
|
@ -120,7 +120,7 @@ func processCertificate(ctx context.Context, config *Config, entry *logEntry, ce
|
|||
}
|
||||
|
||||
if err := os.Mkdir(prefixPath, 0777); err != nil && !errors.Is(err, fs.ErrExist) {
|
||||
return fmt.Errorf("error creating directory in which to save certificate %x: %w", cert.LeafSHA256, err)
|
||||
return fmt.Errorf("error creating directory in which to save certificate %x: %w", cert.SHA256, err)
|
||||
}
|
||||
|
||||
notifiedPath = filepath.Join(prefixPath, "."+hexFingerprint+".notified")
|
||||
|
|
@ -129,19 +129,19 @@ func processCertificate(ctx context.Context, config *Config, entry *logEntry, ce
|
|||
cert.TextPath = filepath.Join(prefixPath, hexFingerprint+".txt")
|
||||
|
||||
if err := cert.save(); err != nil {
|
||||
return fmt.Errorf("error saving certificate %x: %w", cert.LeafSHA256, err)
|
||||
return fmt.Errorf("error saving certificate %x: %w", cert.SHA256, err)
|
||||
}
|
||||
} else {
|
||||
// TODO-4: save cert to temporary files, and defer their unlinking
|
||||
}
|
||||
|
||||
if err := notify(ctx, config, cert); err != nil {
|
||||
return fmt.Errorf("error notifying about discovered certificate for %s (%x): %w", cert.WatchItem, cert.LeafSHA256, err)
|
||||
return fmt.Errorf("error notifying about discovered certificate for %s (%x): %w", cert.WatchItem, cert.SHA256, err)
|
||||
}
|
||||
|
||||
if notifiedPath != "" {
|
||||
if err := os.WriteFile(notifiedPath, nil, 0666); err != nil {
|
||||
return fmt.Errorf("error saving certificate %x: %w", cert.LeafSHA256, err)
|
||||
return fmt.Errorf("error saving certificate %x: %w", cert.SHA256, err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue