add keyusages, cipher suite, and tls version
parent
5494dbcccb
commit
89f094e113
|
|
@ -3,10 +3,12 @@ package routes
|
|||
import (
|
||||
"crypto/sha1"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"github.com/gin-gonic/gin"
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// GetCertificateInfo handler
|
||||
|
|
@ -21,6 +23,22 @@ func GetCertificateInfo(c *gin.Context) {
|
|||
})
|
||||
return
|
||||
}
|
||||
cipherSuite := tls.CipherSuiteName(resp.ConnectionState().CipherSuite)
|
||||
ver := resp.ConnectionState().Version
|
||||
var tlsVersion string
|
||||
if ver == tls.VersionSSL30 {
|
||||
tlsVersion = "SSLv3"
|
||||
} else if ver == tls.VersionTLS10 {
|
||||
tlsVersion = "TLSv1"
|
||||
} else if ver == tls.VersionTLS11 {
|
||||
tlsVersion = "TLSv1.1"
|
||||
} else if ver == tls.VersionTLS12 {
|
||||
tlsVersion = "TLSv1.2"
|
||||
} else if ver == tls.VersionTLS13 {
|
||||
tlsVersion = "TLSv1.3"
|
||||
} else {
|
||||
tlsVersion = "unknown"
|
||||
}
|
||||
certificate := resp.ConnectionState().PeerCertificates[0]
|
||||
|
||||
var validationType string
|
||||
|
|
@ -34,28 +52,78 @@ func GetCertificateInfo(c *gin.Context) {
|
|||
}
|
||||
}
|
||||
|
||||
extendedKeyUsages := []string{}
|
||||
keyUsages := []int{}
|
||||
keyUsagesText := []string{}
|
||||
extendedKeyUsages := []int{}
|
||||
extendedKeyUsagesText := []string{}
|
||||
for _, value := range certificate.ExtKeyUsage {
|
||||
switch value {
|
||||
case 0:
|
||||
extendedKeyUsages = append(extendedKeyUsages, "All/Any Usages")
|
||||
// All Usages
|
||||
extendedKeyUsages = append(extendedKeyUsages, 0)
|
||||
extendedKeyUsagesText = append(extendedKeyUsagesText, "Any/All Usages")
|
||||
break
|
||||
case 1:
|
||||
extendedKeyUsages = append(extendedKeyUsages, "TLS Web Server Authentication")
|
||||
// TLS Web Server Authentication
|
||||
extendedKeyUsages = append(extendedKeyUsages, 1)
|
||||
extendedKeyUsagesText = append(extendedKeyUsagesText, "TLS Web Server Authentication")
|
||||
break
|
||||
case 2:
|
||||
extendedKeyUsages = append(extendedKeyUsages, "TLS Web Client Authentication")
|
||||
// TLS Web Client Authentication
|
||||
extendedKeyUsages = append(extendedKeyUsages, 2)
|
||||
extendedKeyUsagesText = append(extendedKeyUsagesText, "TLS Web Client Authentication")
|
||||
break
|
||||
case 3:
|
||||
extendedKeyUsages = append(extendedKeyUsages, "Code Signing")
|
||||
// Code Signing
|
||||
extendedKeyUsages = append(extendedKeyUsages, 3)
|
||||
extendedKeyUsagesText = append(extendedKeyUsagesText, "Code Signing")
|
||||
break
|
||||
case 4:
|
||||
extendedKeyUsages = append(extendedKeyUsages, "E-mail Protection (S/MIME)")
|
||||
// Email Protection
|
||||
extendedKeyUsages = append(extendedKeyUsages, 4)
|
||||
extendedKeyUsagesText = append(extendedKeyUsagesText, "Email Protection (S/MIME)")
|
||||
default:
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if certificate.KeyUsage & x509.KeyUsageCRLSign != 0 {
|
||||
keyUsages = append(keyUsages, 0)
|
||||
keyUsagesText = append(keyUsagesText, "CRL Signing")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageCertSign != 0 {
|
||||
keyUsages = append(keyUsages, 1)
|
||||
keyUsagesText = append(keyUsagesText, "Certificate Signing")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageContentCommitment != 0 {
|
||||
keyUsages = append(keyUsages, 3)
|
||||
keyUsagesText = append(keyUsagesText, "Content Commitment")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageDataEncipherment != 0 {
|
||||
keyUsages = append(keyUsages, 4)
|
||||
keyUsagesText = append(keyUsagesText, "Data Encipherment")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageDecipherOnly != 0 {
|
||||
keyUsages = append(keyUsages, 5)
|
||||
keyUsagesText = append(keyUsagesText, "Decipher Only")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageDigitalSignature != 0 {
|
||||
keyUsages = append(keyUsages, 5)
|
||||
keyUsagesText = append(keyUsagesText, "Digital Signature")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageEncipherOnly != 0 {
|
||||
keyUsages = append(keyUsages, 6)
|
||||
keyUsagesText = append(keyUsagesText, "Encipher Only")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageKeyAgreement != 0 {
|
||||
keyUsages = append(keyUsages, 7)
|
||||
keyUsagesText = append(keyUsagesText, "Key Agreement")
|
||||
}
|
||||
if certificate.KeyUsage & x509.KeyUsageKeyEncipherment != 0 {
|
||||
keyUsages = append(keyUsages, 8)
|
||||
keyUsagesText = append(keyUsagesText, "Key Encipherment")
|
||||
}
|
||||
|
||||
sum := sha1.Sum(certificate.Raw)
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
|
|
@ -79,8 +147,15 @@ func GetCertificateInfo(c *gin.Context) {
|
|||
"publicKeyAlgorithm": certificate.PublicKeyAlgorithm.String(),
|
||||
"serialNumber": certificate.SerialNumber.Int64(),
|
||||
"notAfter": certificate.NotAfter,
|
||||
"keyUsage": keyUsages,
|
||||
"keyUsageAsText": keyUsagesText,
|
||||
"extendedKeyUsage": extendedKeyUsages,
|
||||
"extendedKeyUsageAsText": extendedKeyUsagesText,
|
||||
"san": certificate.DNSNames,
|
||||
"fingerprint": hex.EncodeToString(sum[:]),
|
||||
"connection": gin.H{
|
||||
"tlsVersion": tlsVersion,
|
||||
"cipherSuite": cipherSuite,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue