Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove fields from JSON file that I am not ready to stabilize

This commit is contained in:
Andrew Ayer 2023-02-06 10:10:58 -05:00
parent fc7cc17f45
commit a8af849c9f
2 changed files with 2 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
man/certspotter-script.md
View File

@ -152,23 +152,10 @@ The JSON file contains an object with the following fields:
: A string containing the hex-encoded SHA-256 digest of the TBSCertificate, as defined in RFC 6962 Section 3.2.
Certificates and their corresponding precertificates have the same `tbs_sha256` value.
`cert_sha256`
: A string containing the hex-encoded SHA-256 digest (sometimes called fingerprint) of the certificate.
The digest is computed over the ASN.1 DER encoding.
`pubkey_sha256`
: A string containing the hex-encoded SHA-256 digest of the certificate's Subject Public Key Info.
`issuer_der`
: A base64 string containing the certificate's DER-encoded issuer distinguished name.
`subject_der`
: A base64 string containing the certificate's DER-encoded subject distinguished name.
`dns_names`
: An array of strings containing the DNS names for which the
@ -191,10 +178,8 @@ The JSON file contains an object with the following fields:
: A string containing the not after (expiration) time of the certificate in RFC3339 format.
Null if there was an error parsing the certificate's validity.
`serial_number`
: A string containing the hex-encoded serial number of the certificate. Prefixed with a minus (-) sign if negative.
Null if there was an error parsing the serial number.
Additional fields will be added in the future based on user feedback. Please open
an issue at <https://github.com/SSLMate/certspotter> if you have a use case for another field.
# EXAMPLES
@ -227,18 +212,14 @@ Example JSON file for a discovered certificate:
```
{
"cert_sha256": "3cdc83b3932c194fcdf17aa2bf1abc34e8438b293c3d5c70693e175b38ff128a",
"dns_names": [
"sslmate.com",
"www.sslmate.com"
],
"ip_addresses": [],
"issuer_der": "MIGPMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxNzA1BgNVBAMTLlNlY3RpZ28gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0E=",
"not_after": "2024-01-26T03:47:26Z",
"not_before": "2023-01-31T03:47:26Z",
"pubkey_sha256": "33ac1d9b9e56005ccac045eac2398b3e9dd6b3f5b66ae6260f2d478c7c0d82c8",
"serial_number": "c170fbf3bf27481e5c351a4db6f2dc5f",
"subject_der": "MBYxFDASBgNVBAMTC3NzbG1hdGUuY29t",
"tbs_sha256": "2388ee81c6f45cffc73e68a35fa8921e839e20acc9a98e8e6dcaea07cbfbdef8"
}
```

9
monitor/discoveredcert.go
View File

@ -52,10 +52,7 @@ func (cert *discoveredCert) pemChain() []byte {
func (cert *discoveredCert) json() []byte {
object := map[string]any{
"tbs_sha256": hex.EncodeToString(cert.TBSSHA256[:]),
"cert_sha256": hex.EncodeToString(cert.SHA256[:]),
"pubkey_sha256": hex.EncodeToString(cert.PubkeySHA256[:]),
"issuer_der": cert.Info.TBS.Issuer.FullBytes,
"subject_der": cert.Info.TBS.Subject.FullBytes,
"dns_names": cert.Identifiers.DNSNames,
"ip_addresses": cert.Identifiers.IPAddrs,
}
@ -68,12 +65,6 @@ func (cert *discoveredCert) json() []byte {
object["not_after"] = nil
}
if cert.Info.SerialNumberParseError == nil {
object["serial_number"] = fmt.Sprintf("%x", cert.Info.SerialNumber)
} else {
object["serial_number"] = nil
}
jsonBytes, err := json.Marshal(object)
if err != nil {
panic(fmt.Errorf("encoding certificate as JSON failed unexpectedly: %w", err))