add keyusages, cipher suite, and tls version

merge-requests/1/head
Matthew 2020-12-22 19:09:14 -05:00
parent 5494dbcccb
commit 89f094e113
No known key found for this signature in database
GPG Key ID: 210AF32ADE3B5C4B
1 changed files with 82 additions and 7 deletions

View File

@ -3,10 +3,12 @@ package routes
import ( import (
"crypto/sha1" "crypto/sha1"
"crypto/tls" "crypto/tls"
"crypto/x509"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"github.com/gin-gonic/gin"
"net/http" "net/http"
"github.com/gin-gonic/gin"
) )
// GetCertificateInfo handler // GetCertificateInfo handler
@ -21,6 +23,22 @@ func GetCertificateInfo(c *gin.Context) {
}) })
return return
} }
cipherSuite := tls.CipherSuiteName(resp.ConnectionState().CipherSuite)
ver := resp.ConnectionState().Version
var tlsVersion string
if ver == tls.VersionSSL30 {
tlsVersion = "SSLv3"
} else if ver == tls.VersionTLS10 {
tlsVersion = "TLSv1"
} else if ver == tls.VersionTLS11 {
tlsVersion = "TLSv1.1"
} else if ver == tls.VersionTLS12 {
tlsVersion = "TLSv1.2"
} else if ver == tls.VersionTLS13 {
tlsVersion = "TLSv1.3"
} else {
tlsVersion = "unknown"
}
certificate := resp.ConnectionState().PeerCertificates[0] certificate := resp.ConnectionState().PeerCertificates[0]
var validationType string var validationType string
@ -34,28 +52,78 @@ func GetCertificateInfo(c *gin.Context) {
} }
} }
extendedKeyUsages := []string{} keyUsages := []int{}
keyUsagesText := []string{}
extendedKeyUsages := []int{}
extendedKeyUsagesText := []string{}
for _, value := range certificate.ExtKeyUsage { for _, value := range certificate.ExtKeyUsage {
switch value { switch value {
case 0: case 0:
extendedKeyUsages = append(extendedKeyUsages, "All/Any Usages") // All Usages
extendedKeyUsages = append(extendedKeyUsages, 0)
extendedKeyUsagesText = append(extendedKeyUsagesText, "Any/All Usages")
break break
case 1: case 1:
extendedKeyUsages = append(extendedKeyUsages, "TLS Web Server Authentication") // TLS Web Server Authentication
extendedKeyUsages = append(extendedKeyUsages, 1)
extendedKeyUsagesText = append(extendedKeyUsagesText, "TLS Web Server Authentication")
break break
case 2: case 2:
extendedKeyUsages = append(extendedKeyUsages, "TLS Web Client Authentication") // TLS Web Client Authentication
extendedKeyUsages = append(extendedKeyUsages, 2)
extendedKeyUsagesText = append(extendedKeyUsagesText, "TLS Web Client Authentication")
break break
case 3: case 3:
extendedKeyUsages = append(extendedKeyUsages, "Code Signing") // Code Signing
extendedKeyUsages = append(extendedKeyUsages, 3)
extendedKeyUsagesText = append(extendedKeyUsagesText, "Code Signing")
break break
case 4: case 4:
extendedKeyUsages = append(extendedKeyUsages, "E-mail Protection (S/MIME)") // Email Protection
extendedKeyUsages = append(extendedKeyUsages, 4)
extendedKeyUsagesText = append(extendedKeyUsagesText, "Email Protection (S/MIME)")
default: default:
break break
} }
} }
if certificate.KeyUsage & x509.KeyUsageCRLSign != 0 {
keyUsages = append(keyUsages, 0)
keyUsagesText = append(keyUsagesText, "CRL Signing")
}
if certificate.KeyUsage & x509.KeyUsageCertSign != 0 {
keyUsages = append(keyUsages, 1)
keyUsagesText = append(keyUsagesText, "Certificate Signing")
}
if certificate.KeyUsage & x509.KeyUsageContentCommitment != 0 {
keyUsages = append(keyUsages, 3)
keyUsagesText = append(keyUsagesText, "Content Commitment")
}
if certificate.KeyUsage & x509.KeyUsageDataEncipherment != 0 {
keyUsages = append(keyUsages, 4)
keyUsagesText = append(keyUsagesText, "Data Encipherment")
}
if certificate.KeyUsage & x509.KeyUsageDecipherOnly != 0 {
keyUsages = append(keyUsages, 5)
keyUsagesText = append(keyUsagesText, "Decipher Only")
}
if certificate.KeyUsage & x509.KeyUsageDigitalSignature != 0 {
keyUsages = append(keyUsages, 5)
keyUsagesText = append(keyUsagesText, "Digital Signature")
}
if certificate.KeyUsage & x509.KeyUsageEncipherOnly != 0 {
keyUsages = append(keyUsages, 6)
keyUsagesText = append(keyUsagesText, "Encipher Only")
}
if certificate.KeyUsage & x509.KeyUsageKeyAgreement != 0 {
keyUsages = append(keyUsages, 7)
keyUsagesText = append(keyUsagesText, "Key Agreement")
}
if certificate.KeyUsage & x509.KeyUsageKeyEncipherment != 0 {
keyUsages = append(keyUsages, 8)
keyUsagesText = append(keyUsagesText, "Key Encipherment")
}
sum := sha1.Sum(certificate.Raw) sum := sha1.Sum(certificate.Raw)
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
@ -79,8 +147,15 @@ func GetCertificateInfo(c *gin.Context) {
"publicKeyAlgorithm": certificate.PublicKeyAlgorithm.String(), "publicKeyAlgorithm": certificate.PublicKeyAlgorithm.String(),
"serialNumber": certificate.SerialNumber.Int64(), "serialNumber": certificate.SerialNumber.Int64(),
"notAfter": certificate.NotAfter, "notAfter": certificate.NotAfter,
"keyUsage": keyUsages,
"keyUsageAsText": keyUsagesText,
"extendedKeyUsage": extendedKeyUsages, "extendedKeyUsage": extendedKeyUsages,
"extendedKeyUsageAsText": extendedKeyUsagesText,
"san": certificate.DNSNames, "san": certificate.DNSNames,
"fingerprint": hex.EncodeToString(sum[:]), "fingerprint": hex.EncodeToString(sum[:]),
"connection": gin.H{
"tlsVersion": tlsVersion,
"cipherSuite": cipherSuite,
},
}) })
} }