certificate-api/README.md

143 lines
4.2 KiB
Markdown
Raw Normal View History

2020-12-11 00:18:06 -05:00
# Certificate API
2020-12-23 20:12:28 -05:00
*Library of Code sp-us | Board of Directors*
2020-12-11 00:18:06 -05:00
This is an HTTP API which provides information on the x509 certificates deployed on TLS sites.
You can self-host this yourself, however you're more than welcome to use the public API at https://certapi.libraryofcode.org/
2020-12-23 20:12:28 -05:00
## Installation
2020-12-11 00:25:47 -05:00
Run `make` to build the binary. It'll be installed in `build/certificateapi`. Simply run this executable.
2020-12-23 20:12:28 -05:00
### Environment Variables
2020-12-11 00:25:47 -05:00
By default, the application listens on port `8080`. You can change this by setting the `PORT` environment variable to what you want.
When running in production, set this environment variable: `GIN_MODE=release`
2020-12-23 20:12:28 -05:00
## How to Query Information for Websites
2020-12-11 00:18:06 -05:00
Send a GET request to `https://certapi.libraryofcode.org` with the query parameter `q` set to equal the site you wish to dial.
Ex: `https://certapi.libraryofcode.org/?q=www.google.com`
### Response & Types
#### Error
If the status !== `true`, there will be a message field which displays the error.
```ts
{
status: false,
message: string,
}
```
### 200 | SUCCESS
```ts
{
status: true | false,
subject: {
commonName: string,
organization: string[],
organizationalUnit: string[],
locality: string[],
country: string[],
},
issuer: {
commonName: string,
organization: string[],
organizationalUnit: string[],
locality: string[],
country: string[],
},
validationType: 'DV' | 'OV' | 'EV',
signatureAlgorithm: string,
publicKeyAlgorithm: string,
serialNumber: number,
notAfter: Date,
2020-12-23 20:12:28 -05:00
/**
- 0: KeyUsageCRLSign
- 1: KeyUsageCertificateSign
- 2: KeyUsageContentCommitment
- 3: KeyUsageDataEncipherment
- 4: KeyUsageDecipherOnly
- 5: KeyUsageDigitalSignature
- 6: KeyUsageEncipherOnly
- 7: KeyUsageKeyAgreement
- 8: KeyUsageKeyEncipherment
*/
keyUsage: number[],
keyUsageAsText: ['CRL Signing', 'Certificate Signing', 'Content Commitment', 'Data Encipherment', 'Decipher Only', 'Digital Signature', 'Encipher Only', 'Key Agreement', 'Key Encipherment'],
/**
- 0: Any/All Usage
- 1: TLS Web Server Auth
- 2: TLS Web Client Auth
- 3: Code Signing
- 4: Email Protection (S/MIME)
*/
extendedKeyUsage: number[],
extendedKeyUsageAsText: ['All/Any Usages', 'TLS Web Server Authentication', 'TLS Web Client Authentication', 'Code Signing', 'E-mail Protection (S/MIME)'],
san: string,
fingerprint: string,
connection: {
cipherSuite: string,
tlsVersion: 'SSLv3' | 'TLSv1' | 'TLSv1.1' | 'TLSv1.2' | 'TLSv1.3',
},
}
```
## How to Parse PEM-Encoded X509 certificate data
Submit a POST request to https://certapi.libraryofcode.org/ with the body being the raw/text content of the PEM encoded certificate.
### Response & Types
#### Error
If the status !== `true`, there will be a message field which displays the error.
```ts
{
status: false,
message: string,
}
```
### 200 | SUCCESS
```ts
{
status: true | false,
subject: {
commonName: string,
organization: string[],
organizationalUnit: string[],
locality: string[],
country: string[],
},
issuer: {
commonName: string,
organization: string[],
organizationalUnit: string[],
locality: string[],
country: string[],
},
validationType: 'DV' | 'OV' | 'EV',
signatureAlgorithm: string,
publicKeyAlgorithm: string,
serialNumber: number,
notAfter: Date,
/**
- 0: KeyUsageCRLSign
- 1: KeyUsageCertificateSign
- 2: KeyUsageContentCommitment
- 3: KeyUsageDataEncipherment
- 4: KeyUsageDecipherOnly
- 5: KeyUsageDigitalSignature
- 6: KeyUsageEncipherOnly
- 7: KeyUsageKeyAgreement
- 8: KeyUsageKeyEncipherment
*/
keyUsage: number[],
keyUsageAsText: ['CRL Signing', 'Certificate Signing', 'Content Commitment', 'Data Encipherment', 'Decipher Only', 'Digital Signature', 'Encipher Only', 'Key Agreement', 'Key Encipherment'],
/**
- 0: Any/All Usage
- 1: TLS Web Server Auth
- 2: TLS Web Client Auth
- 3: Code Signing
- 4: Email Protection (S/MIME)
*/
extendedKeyUsage: number[],
extendedKeyUsageAsText: ['All/Any Usages', 'TLS Web Server Authentication', 'TLS Web Client Authentication', 'Code Signing', 'E-mail Protection (S/MIME)'],
2020-12-11 00:18:06 -05:00
san: string,
fingerprint: string,
}
```