-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathoutput.go
150 lines (130 loc) · 2.78 KB
/
output.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package certgrep
import (
"crypto/sha1"
"crypto/x509"
"encoding/hex"
"encoding/json"
"encoding/pem"
"fmt"
"io"
"io/ioutil"
"log"
"os"
"path"
"path/filepath"
"time"
)
type output struct {
persist chan *ctx
done chan struct{}
certLogFile io.WriteCloser
options outputOptions
}
type outputOptions struct {
der bool
json bool
pem bool
dir string
}
type ctx struct {
certs []*x509.Certificate
logLine string
/*
src gopacket.Endpoint
dst gopacket.Endpoint
flowId uint64
flowHash string
*/
}
func newOutput(logfile string, options outputOptions) (*output, error) {
var (
err error
clf *os.File
)
if logLine == "-" {
clf = os.Stdout
} else {
clf, err = os.Create(path.Join(options.dir, logfile))
if err != nil {
return nil, err
}
}
o := &output{
persist: make(chan *ctx),
done: make(chan struct{}),
certLogFile: clf,
options: options,
}
go o.run()
return o, nil
}
func (o *output) PersistCertificate(certs []*x509.Certificate,
logLine string) {
o.persist <- &ctx{
certs: certs,
logLine: logLine,
}
}
func (o *output) run() {
for ctx := range o.persist {
for i, cert := range ctx.certs {
h := sha1.New()
h.Write(cert.Raw)
digest := hex.EncodeToString(h.Sum(nil))
path := filepath.Join(o.options.dir, digest)
// TODO: break if cert already written
if err := os.MkdirAll(path, defaultDirPerm); err != nil {
log.Fatal(err)
}
// log.Printf("%d %s %s", i, digest, cert.Subject.CommonName)
// log.Print(cert.Verify(x509.VerifyOptions{}))
//if !cert.IsCA {
//log.Print(cert.CheckSignatureFrom(cert))
//}
if o.options.der {
ioutil.WriteFile(filepath.Join(path, "cert.der"), cert.Raw, 0644)
}
if o.options.pem {
func() {
block := pem.Block{
Type: "CERTIFICATE",
Bytes: cert.Raw,
}
out, err := os.Create(filepath.Join(path, "cert.pem"))
if err != nil {
log.Fatal(err)
}
defer out.Close()
err = pem.Encode(out, &block)
if err != nil {
log.Fatal(err)
}
}()
}
// Note: cert.Verify requires cert.Raw
cert.Raw = nil
cert.RawIssuer = nil
cert.RawSubject = nil
cert.RawSubjectPublicKeyInfo = nil
cert.RawTBSCertificate = nil
if o.options.json {
raw, err := json.MarshalIndent(cert, "", " ")
if err != nil {
log.Fatal(err)
}
ioutil.WriteFile(filepath.Join(path, "cert.json"), raw, 0644)
}
// TODO(jca): proper escaping
fmt.Fprintf(o.certLogFile,
"%s %s cert:%d cn:\"%s\" fingerprint:%s serial:%s\n",
time.Now().UTC().Format(time.RFC3339), ctx.logLine,
i, cert.Subject.CommonName, digest, cert.SerialNumber.String())
}
}
close(o.done)
}
func (o *output) WaitUntilDone() {
close(o.persist)
<-o.done
o.certLogFile.Close()
}