Commit Graph

82 Commits

Author SHA1 Message Date
Andrew Ayer c0e79476ae Add .gitignore file 2022-02-28 08:11:13 -05:00
Andrew Ayer c9aaa2782f Add -version flag 2021-10-12 10:28:34 -04:00
Andrew Ayer a147970db8 Use ct.SHA256Hash for log ID rather than []byte 2021-04-30 17:04:16 -04:00
Andrew Ayer 2cccf67601 Avoid leaving a file open for longer than necessary 2020-10-06 19:27:58 -04:00
Daniel Peukert 6d5e2395a1
Fix missing Printf 2020-05-01 00:25:39 +02:00
Andrew Ayer 185445e158 Retrieve log list from certspotter.org at startup instead of embedding in source
The list of logs changes far too frequently (with annual shards and operators
dropping out of the ecosystem) to continue embedding in the source code.

Breaking change: the -logs option now expects a
JSON file in the v2 log list format, as documented at
<https://www.certificate-transparency.org/known-logs> and
<https://www.gstatic.com/ct/log_list/v2/log_list_schema.json>.

You can now specify an HTTPS URL to -logs in addition to a file path.

Breaking change: the -underwater option has been removed; if you want
this behavior then specify https://loglist.certspotter.org/underwater.json
as your log list.
2020-04-29 11:51:50 -04:00
Andrew Ayer 30d171343a Add -start_at_end option to begin monitoring logs at the end
When Cert Spotter starts monitoring a log that it has never monitored before,
it can either start monitoring it from the beginning, or seek to the end and
start monitoring there.

Monitoring from the beginning guarantees detection of all certificates, but
requires downloading hundreds of millions of certificates, which takes days.

With the new -start_at_end option, you can save significant time by
starting at the end.  You will miss certificates that were added to a
log before Cert Spotter starts monitoring it, but you can always use the
Cert Spotter API <https://sslmate.com/certspotter/api> or crt.sh to find them.

Previously, the -start_at_end behavior was implied the first time you
ever ran Cert Spotter.  This is no longer the case.
2019-12-03 11:12:40 -05:00
Andrew Ayer 86785d89d7 Process logs in parallel 2019-12-02 15:19:35 -05:00
Andrew Ayer c2099d6d49 Manually prefix all log messages with log URL
(Instead of using log.SetPrefix)

This will let us process logs in parallel.
2019-12-02 15:03:34 -05:00
Ian Foster 6991be261c changed bygonessl behavior 2018-07-19 16:12:17 -07:00
Ian Foster 1b4943c198 rename issued_before to valid_at 2018-07-13 11:11:58 -07:00
Ian Foster e5fd2e9efc Initial BygoneSSL support 2018-07-04 19:03:57 -07:00
Andrew Ayer bc255f43d5 Add functions to verify SCTs 2017-12-17 09:51:46 -08:00
Andrew Ayer 06c253a0ea Continue processing a log even if an STH failed to verify
It may still be possible to audit other STHs, and to scan new entries
up to the latest verified STH.  This allows Cert Spotter to continue
to make forward progress even if a log is persistently skewed (as the
DigiCert has been lately).

Also, rework some code to be simpler and less redundant.
2017-04-27 10:48:48 -07:00
Andrew Ayer 8b9c08b984 submitct: apply gofmt 2017-02-05 10:09:42 -08:00
Andrew Ayer 732a660767 submitct: reorganize code 2017-02-05 10:09:19 -08:00
Andrew Ayer b94d850dbe submitct: use maps for efficiency
This will make submitct work better with lots of certificates as input.
2017-02-05 10:07:30 -08:00
Andrew Ayer 779230cbc8 submitct: include cert index in log entries 2017-02-04 16:09:56 -08:00
Andrew Ayer e7a9ba6e7d Add submitct program for submitting certs 2017-02-04 16:05:51 -08:00
Andrew Ayer e8c4f10e97 Use a lock file to prevent certspotter from running concurrently 2017-01-10 10:50:41 -08:00
Andrew Ayer 2f0833ac9c Apply gofmt 2017-01-08 10:17:00 -08:00
Andrew Ayer 9f3e9968ec Rename verified_sth.json to just sth.json 2017-01-08 10:15:41 -08:00
Andrew Ayer 7adbc6cffe Add .json extension to log state filenames
Since they are JSON.
2017-01-08 10:14:44 -08:00
Andrew Ayer b88de6b320 Rename "position" to "tree" in log state 2017-01-06 14:49:42 -08:00
Andrew Ayer 671814cd9b CollapsedMerkleTree: rename numLeaves to size 2017-01-06 14:41:51 -08:00
Andrew Ayer 9ceedea9ef Rename MerkleTreeBuilder to CollapsedMerkleTree 2017-01-06 14:39:08 -08:00
Andrew Ayer d8b1877e8d Improve filenames of unverified STHs
Include the tree size in plain decimal, since it's more user-friendly.

Don't include tree size in hash (redundant now that we're storing it
outside of hash) or version (implied by signature).
2017-01-06 12:51:10 -08:00
Andrew Ayer 1719aa5d8e Set log ID in STHs that we download
This will facilitate STH pollination.
2017-01-06 12:50:21 -08:00
Andrew Ayer 0eb6d199a4 Improve the name of a function 2017-01-06 12:24:09 -08:00
Andrew Ayer c8f0a0f9e8 Only write once file if run was 100% successful
Otherwise, if a single log was unreachable, we'd be force to download
all of it on the next run.
2017-01-06 12:23:20 -08:00
Andrew Ayer 0d9b81ecc8 Tweak logic for storing tree position 2017-01-06 12:19:53 -08:00
Andrew Ayer 8ea4003994 Add some additional logging 2017-01-06 10:31:34 -08:00
Andrew Ayer 0c751f0294 Drop the MerkleTreeBuilder return value from VerifyConsistencyProof 2017-01-05 21:06:37 -08:00
Andrew Ayer 0af0262498 Overhaul log processing and auditing
1. Instead of storing a single STH per log, we now store one verified
STH and any number of unverified STHs.  When we process a log, we verify
each unverified STH using a consistency proof with the verified STH,
and only delete it if it successfully verifies.  We set the verified
STH to the largest STH which we've successfully verified.

This has two important benefits.  First, we never ever delete an STH
unless we can successfully verify it (previously, we would forget about
an STH under certain error conditions).  Second, it lays the groundwork
for STH pollination.  Upon reception of an STH, we can simply drop it in
the log's unverified_sths directory (assuming the signature is valid),
and Cert Spotter will audit it.

There is no more "evidence" directory; if a consistency proof fails,
the STHs will already be present elsewhere in the state directory.

2. We now persist a MerkleTreeBuilder between each run of Cert Spotter,
instead of rebuilding it every time from the consistency proof.  This is
not intrinsically better, but it makes the code simpler considering we
can now fetch numerous consistency proofs per run.

3. To accommodate the above changes, the state directory has a brand
new layout.  The state directory is now versioned, and Cert Spotter
will automatically migrate old state directories to the new layout.
This migration logic will be removed in a future Cert Spotter release.

As a bonus, the code is generally cleaner now :-)
2017-01-05 21:00:35 -08:00
Andrew Ayer b63a024876 Replace MerkleTreeBuilder.Finish with non-mutating CalculateRoot 2016-11-25 17:43:07 -08:00
Andrew Ayer 9bf82346d8 Avoid use of json.Decoder
Per https://ahmetalpbalkan.com/blog/golang-json-decoder-pitfalls/
2016-11-15 15:59:39 -08:00
Andrew Ayer 31f2316aa2 Rework -all_time logic
If -all_time is specified, scan the entirety of all logs, even
existing logs.  This matches user expectation better.  Previously,
-all_time had no impact on existing logs.

The first time Cert Spotter is run, do not scan any logs, unless
-all_time is specified.  This avoids a several hour wait the first
time Cert Spotter is run.  If the user is interested in knowing
about existing certificates, they can use the certspotter.com API
or crt.sh.  This is the same as existing behavior.

When a new log is added, scan it in its entirety even if -all_time is
not specified, so users are alerted to interesting certificates in the
new log.  Hopefully new logs will be small and this won't take too long!
Previously, new logs were not scanned in their entirety unless -all_time
was specified.

Closes: #5
2016-11-15 15:59:38 -08:00
Jonathan Rudenberg acc6781f29 Run gofmt
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 14:55:46 -04:00
Andrew Ayer 1dc7e1cda9 Refine command line flag descriptions 2016-07-27 14:14:09 -07:00
Andrew Ayer f75c47d9ca Always store files in ~/.certspotter, even if running as root 2016-07-26 16:57:26 -07:00
Andrew Ayer 19e05b901a Remove some dead code from the scanner 2016-06-22 10:32:42 -07:00
Andrew Ayer 2c8cb1f402 Return exit code from cmd.Main instead of exiting directly
This allows the calling code to do custom cleanup.
2016-06-03 07:21:08 -07:00
Andrew Ayer 2bed88e7c5 Rework watchlist
Watchlist is now read from ~/.certspotter/watchlist by default, or from
the file specified by -watchlist (- for stdin).

By default, only exact DNS names are matched.  To match both the domain
itself and all sub-domains, prefix with a dot (e.g. .example.com).

Comments are now allowed in watchlist files.
2016-05-12 11:30:59 -07:00
Andrew Ayer 7196ec5217 Use $CERTSPOTTER_STATE_DIR to specify state directory 2016-05-12 10:53:57 -07:00
Andrew Ayer f9432ae4b9 Reverse order of certspotter.MatchesWildcard arguments 2016-05-10 14:29:04 -07:00
Andrew Ayer 92fbdcb947 Support crazy wildcards (not just in the left-most label) 2016-05-10 10:37:10 -07:00
Andrew Ayer b79cb31413 Move package to software.sslmate.com/src/certspotter 2016-05-04 12:19:59 -07:00
Andrew Ayer 1e582e2e0c License under the MPL 2.0 2016-05-04 11:56:13 -07:00
Andrew Ayer 670cddafbc Rename project to certspotter 2016-05-04 11:49:07 -07:00
Andrew Ayer ea3db97486 Only replace DNS label with placeholder if it's utterly unparsable
e.g. contains control characters, Punycode conversion fails

There are quite simply too many certs with bogus DNS labels out in the wild,
and it just doesn't make sense to bother every .com domain holder because
GoDaddy signed a cert with a DNS name like "www.        just4funpartyrentals.com"
It is highly unlikely any validator will ever match that DNS name.
2016-05-04 11:43:02 -07:00