certificate-api/README.md

# Certificate API
*Library of Code sp-us | Board of Directors*

This is an HTTP API which provides information on the x509 certificates deployed on TLS sites. 
You can self-host this yourself, however you're more than welcome to use the public API at https://certapi.libraryofcode.org/

## Installation
Run `make` to build the binary. It'll be installed in `build/certificateapi`. Simply run this executable.
### Environment Variables
By default, the application listens on port `8080`. You can change this by setting the `PORT` environment variable to what you want.
When running in production, set this environment variable: `GIN_MODE=release`

## How to Query Information for Websites
Send a GET request to `https://certapi.libraryofcode.org` with the query parameter `q` set to equal the site you wish to dial.
Ex: `https://certapi.libraryofcode.org/?q=www.google.com`

### Response & Types
#### Error
If the status !== `true`, there will be a message field which displays the error.
```ts
{
  status: false,
  message: string,
}
```

### 200 | SUCCESS
```ts
{
  status: true | false,
  subject: {
    commonName: string,
    organization: string[],
    organizationalUnit: string[],
    locality: string[],
    country: string[],
  },
  issuer: {
    commonName: string,
    organization: string[],
    organizationalUnit: string[],
    locality: string[],
    country: string[],
  },
  validationType: 'DV' | 'OV' | 'EV',
  signatureAlgorithm: string,
  publicKeyAlgorithm: string,
  serialNumber: number,
  notAfter: Date,
  /**
    - 0: KeyUsageCRLSign
    - 1: KeyUsageCertificateSign
    - 2: KeyUsageContentCommitment
    - 3: KeyUsageDataEncipherment
    - 4: KeyUsageDecipherOnly
    - 5: KeyUsageDigitalSignature
    - 6: KeyUsageEncipherOnly
    - 7: KeyUsageKeyAgreement
    - 8: KeyUsageKeyEncipherment
  */
  keyUsage: number[],
  keyUsageAsText: ['CRL Signing', 'Certificate Signing', 'Content Commitment', 'Data Encipherment', 'Decipher Only', 'Digital Signature', 'Encipher Only', 'Key Agreement', 'Key Encipherment'],
  /**
    - 0: Any/All Usage
    - 1: TLS Web Server Auth
    - 2: TLS Web Client Auth
    - 3: Code Signing
    - 4: Email Protection (S/MIME)
  */
  extendedKeyUsage: number[],
  extendedKeyUsageAsText: ['All/Any Usages', 'TLS Web Server Authentication', 'TLS Web Client Authentication', 'Code Signing', 'E-mail Protection (S/MIME)'],
  san: string,
  fingerprint: string,
  connection: {
    cipherSuite: string,
    tlsVersion: 'SSLv3' | 'TLSv1' | 'TLSv1.1' | 'TLSv1.2' | 'TLSv1.3',
  },
}
```

## How to Parse PEM-Encoded X509 certificate data
Submit a POST request to https://certapi.libraryofcode.org/ with the body being the raw/text content of the PEM encoded certificate.

### Response & Types
#### Error
If the status !== `true`, there will be a message field which displays the error.
```ts
{
  status: false,
  message: string,
}
```

### 200 | SUCCESS
```ts
{
  status: true | false,
  subject: {
    commonName: string,
    organization: string[],
    organizationalUnit: string[],
    locality: string[],
    country: string[],
  },
  issuer: {
    commonName: string,
    organization: string[],
    organizationalUnit: string[],
    locality: string[],
    country: string[],
  },
  aia: {
    issuingCertificateURL: string,
    ocspServer: string,
  },
  validationType: 'DV' | 'OV' | 'EV',
  signatureAlgorithm: string,
  publicKeyAlgorithm: string,
  serialNumber: number,
  notAfter: Date,
  /**
    - 0: KeyUsageCRLSign
    - 1: KeyUsageCertificateSign
    - 2: KeyUsageContentCommitment
    - 3: KeyUsageDataEncipherment
    - 4: KeyUsageDecipherOnly
    - 5: KeyUsageDigitalSignature
    - 6: KeyUsageEncipherOnly
    - 7: KeyUsageKeyAgreement
    - 8: KeyUsageKeyEncipherment
  */
  keyUsage: number[],
  keyUsageAsText: ['CRL Signing', 'Certificate Signing', 'Content Commitment', 'Data Encipherment', 'Decipher Only', 'Digital Signature', 'Encipher Only', 'Key Agreement', 'Key Encipherment'],
  /**
    - 0: Any/All Usage
    - 1: TLS Web Server Auth
    - 2: TLS Web Client Auth
    - 3: Code Signing
    - 4: Email Protection (S/MIME)
  */
  extendedKeyUsage: number[],
  extendedKeyUsageAsText: ['All/Any Usages', 'TLS Web Server Authentication', 'TLS Web Client Authentication', 'Code Signing', 'E-mail Protection (S/MIME)'],
  san: string,
  emailAddresses: string,
  fingerprint: string,
}
```
Initial commit 2020-12-11 00:18:06 -05:00			`# Certificate API`
add x509 raw parse functionality 2020-12-23 20:12:28 -05:00			`Library of Code sp-us \| Board of Directors`
Initial commit 2020-12-11 00:18:06 -05:00
			`This is an HTTP API which provides information on the x509 certificates deployed on TLS sites.`
			`You can self-host this yourself, however you're more than welcome to use the public API at https://certapi.libraryofcode.org/`

add x509 raw parse functionality 2020-12-23 20:12:28 -05:00			`## Installation`
more info to readme and fixes 2020-12-11 00:25:47 -05:00			Run `make` to build the binary. It'll be installed in `build/certificateapi`. Simply run this executable.
add x509 raw parse functionality 2020-12-23 20:12:28 -05:00			`### Environment Variables`
more info to readme and fixes 2020-12-11 00:25:47 -05:00			By default, the application listens on port `8080`. You can change this by setting the `PORT` environment variable to what you want.
			When running in production, set this environment variable: `GIN_MODE=release`

add x509 raw parse functionality 2020-12-23 20:12:28 -05:00			`## How to Query Information for Websites`
Initial commit 2020-12-11 00:18:06 -05:00			Send a GET request to `https://certapi.libraryofcode.org` with the query parameter `q` set to equal the site you wish to dial.
			Ex: `https://certapi.libraryofcode.org/?q=www.google.com`

			`### Response & Types`
			`#### Error`
			If the status !== `true`, there will be a message field which displays the error.
			```ts
			`{`
			`status: false,`
			`message: string,`
			`}`
			```

			`### 200 \| SUCCESS`
			```ts
			`{`
			`status: true \| false,`
			`subject: {`
			`commonName: string,`
			`organization: string[],`
			`organizationalUnit: string[],`
			`locality: string[],`
			`country: string[],`
			`},`
			`issuer: {`
			`commonName: string,`
			`organization: string[],`
			`organizationalUnit: string[],`
			`locality: string[],`
			`country: string[],`
			`},`
			`validationType: 'DV' \| 'OV' \| 'EV',`
			`signatureAlgorithm: string,`
			`publicKeyAlgorithm: string,`
			`serialNumber: number,`
			`notAfter: Date,`
add x509 raw parse functionality 2020-12-23 20:12:28 -05:00			`/**`
			`- 0: KeyUsageCRLSign`
			`- 1: KeyUsageCertificateSign`
			`- 2: KeyUsageContentCommitment`
			`- 3: KeyUsageDataEncipherment`
			`- 4: KeyUsageDecipherOnly`
			`- 5: KeyUsageDigitalSignature`
			`- 6: KeyUsageEncipherOnly`
			`- 7: KeyUsageKeyAgreement`
			`- 8: KeyUsageKeyEncipherment`
			`*/`
			`keyUsage: number[],`
			`keyUsageAsText: ['CRL Signing', 'Certificate Signing', 'Content Commitment', 'Data Encipherment', 'Decipher Only', 'Digital Signature', 'Encipher Only', 'Key Agreement', 'Key Encipherment'],`
			`/**`
			`- 0: Any/All Usage`
			`- 1: TLS Web Server Auth`
			`- 2: TLS Web Client Auth`
			`- 3: Code Signing`
			`- 4: Email Protection (S/MIME)`
			`*/`
			`extendedKeyUsage: number[],`
			`extendedKeyUsageAsText: ['All/Any Usages', 'TLS Web Server Authentication', 'TLS Web Client Authentication', 'Code Signing', 'E-mail Protection (S/MIME)'],`
			`san: string,`
			`fingerprint: string,`
			`connection: {`
			`cipherSuite: string,`
			`tlsVersion: 'SSLv3' \| 'TLSv1' \| 'TLSv1.1' \| 'TLSv1.2' \| 'TLSv1.3',`
			`},`
			`}`
			```

			`## How to Parse PEM-Encoded X509 certificate data`
			`Submit a POST request to https://certapi.libraryofcode.org/ with the body being the raw/text content of the PEM encoded certificate.`

			`### Response & Types`
			`#### Error`
			If the status !== `true`, there will be a message field which displays the error.
			```ts
			`{`
			`status: false,`
			`message: string,`
			`}`
			```

			`### 200 \| SUCCESS`
			```ts
			`{`
			`status: true \| false,`
			`subject: {`
			`commonName: string,`
			`organization: string[],`
			`organizationalUnit: string[],`
			`locality: string[],`
			`country: string[],`
			`},`
			`issuer: {`
			`commonName: string,`
			`organization: string[],`
			`organizationalUnit: string[],`
			`locality: string[],`
			`country: string[],`
			`},`
changes or whateva 2021-07-01 21:24:44 -04:00			`aia: {`
			`issuingCertificateURL: string,`
			`ocspServer: string,`
			`},`
add x509 raw parse functionality 2020-12-23 20:12:28 -05:00			`validationType: 'DV' \| 'OV' \| 'EV',`
			`signatureAlgorithm: string,`
			`publicKeyAlgorithm: string,`
			`serialNumber: number,`
			`notAfter: Date,`
			`/**`
			`- 0: KeyUsageCRLSign`
			`- 1: KeyUsageCertificateSign`
			`- 2: KeyUsageContentCommitment`
			`- 3: KeyUsageDataEncipherment`
			`- 4: KeyUsageDecipherOnly`
			`- 5: KeyUsageDigitalSignature`
			`- 6: KeyUsageEncipherOnly`
			`- 7: KeyUsageKeyAgreement`
			`- 8: KeyUsageKeyEncipherment`
			`*/`
			`keyUsage: number[],`
			`keyUsageAsText: ['CRL Signing', 'Certificate Signing', 'Content Commitment', 'Data Encipherment', 'Decipher Only', 'Digital Signature', 'Encipher Only', 'Key Agreement', 'Key Encipherment'],`
			`/**`
			`- 0: Any/All Usage`
			`- 1: TLS Web Server Auth`
			`- 2: TLS Web Client Auth`
			`- 3: Code Signing`
			`- 4: Email Protection (S/MIME)`
			`*/`
			`extendedKeyUsage: number[],`
			`extendedKeyUsageAsText: ['All/Any Usages', 'TLS Web Server Authentication', 'TLS Web Client Authentication', 'Code Signing', 'E-mail Protection (S/MIME)'],`
Initial commit 2020-12-11 00:18:06 -05:00			`san: string,`
changes or whateva 2021-07-01 21:24:44 -04:00			`emailAddresses: string,`
Initial commit 2020-12-11 00:18:06 -05:00			`fingerprint: string,`
			`}`
			```