certificate-api/routes/get.go

162 lines
5.0 KiB
Go

package routes
import (
"crypto/sha1"
"crypto/tls"
"crypto/x509"
"encoding/hex"
"fmt"
"net/http"
"github.com/gin-gonic/gin"
)
// GetCertificateInfo handler
func GetCertificateInfo(c *gin.Context) {
query := c.Query("q")
resp, err := tls.Dial("tcp", query+":443", &tls.Config{})
if err != nil {
fmt.Println(err)
c.JSON(http.StatusBadRequest, gin.H{
"status": false,
"message": "Could not establish connection with server.",
})
return
}
cipherSuite := tls.CipherSuiteName(resp.ConnectionState().CipherSuite)
v := resp.ConnectionState().Version
var tlsVersion string
if v == tls.VersionSSL30 {
tlsVersion = "SSLv3"
} else if v == tls.VersionTLS10 {
tlsVersion = "TLSv1"
} else if v == tls.VersionTLS11 {
tlsVersion = "TLSv1.1"
} else if v == tls.VersionTLS12 {
tlsVersion = "TLSv1.2"
} else if v == tls.VersionTLS13 {
tlsVersion = "TLSv1.3"
} else {
tlsVersion = "unknown"
}
certificate := resp.ConnectionState().PeerCertificates[0]
var validationType string
for _, value := range certificate.PolicyIdentifiers {
if value.String() == "2.23.140.1.1" {
validationType = "EV"
} else if value.String() == "2.23.140.1.2.2" {
validationType = "OV"
} else if value.String() == "2.23.140.1.2.1" {
validationType = "DV"
}
}
keyUsages := []int{}
keyUsagesText := []string{}
extendedKeyUsages := []int{}
extendedKeyUsagesText := []string{}
for _, value := range certificate.ExtKeyUsage {
switch value {
case 0:
// All Usages
extendedKeyUsages = append(extendedKeyUsages, 0)
extendedKeyUsagesText = append(extendedKeyUsagesText, "Any/All Usages")
break
case 1:
// TLS Web Server Authentication
extendedKeyUsages = append(extendedKeyUsages, 1)
extendedKeyUsagesText = append(extendedKeyUsagesText, "TLS Web Server Authentication")
break
case 2:
// TLS Web Client Authentication
extendedKeyUsages = append(extendedKeyUsages, 2)
extendedKeyUsagesText = append(extendedKeyUsagesText, "TLS Web Client Authentication")
break
case 3:
// Code Signing
extendedKeyUsages = append(extendedKeyUsages, 3)
extendedKeyUsagesText = append(extendedKeyUsagesText, "Code Signing")
break
case 4:
// Email Protection
extendedKeyUsages = append(extendedKeyUsages, 4)
extendedKeyUsagesText = append(extendedKeyUsagesText, "Email Protection (S/MIME)")
default:
break
}
}
if certificate.KeyUsage & x509.KeyUsageCRLSign != 0 {
keyUsages = append(keyUsages, 0)
keyUsagesText = append(keyUsagesText, "CRL Signing")
}
if certificate.KeyUsage & x509.KeyUsageCertSign != 0 {
keyUsages = append(keyUsages, 1)
keyUsagesText = append(keyUsagesText, "Certificate Signing")
}
if certificate.KeyUsage & x509.KeyUsageContentCommitment != 0 {
keyUsages = append(keyUsages, 3)
keyUsagesText = append(keyUsagesText, "Content Commitment")
}
if certificate.KeyUsage & x509.KeyUsageDataEncipherment != 0 {
keyUsages = append(keyUsages, 4)
keyUsagesText = append(keyUsagesText, "Data Encipherment")
}
if certificate.KeyUsage & x509.KeyUsageDecipherOnly != 0 {
keyUsages = append(keyUsages, 5)
keyUsagesText = append(keyUsagesText, "Decipher Only")
}
if certificate.KeyUsage & x509.KeyUsageDigitalSignature != 0 {
keyUsages = append(keyUsages, 5)
keyUsagesText = append(keyUsagesText, "Digital Signature")
}
if certificate.KeyUsage & x509.KeyUsageEncipherOnly != 0 {
keyUsages = append(keyUsages, 6)
keyUsagesText = append(keyUsagesText, "Encipher Only")
}
if certificate.KeyUsage & x509.KeyUsageKeyAgreement != 0 {
keyUsages = append(keyUsages, 7)
keyUsagesText = append(keyUsagesText, "Key Agreement")
}
if certificate.KeyUsage & x509.KeyUsageKeyEncipherment != 0 {
keyUsages = append(keyUsages, 8)
keyUsagesText = append(keyUsagesText, "Key Encipherment")
}
sum := sha1.Sum(certificate.Raw)
c.JSON(http.StatusOK, gin.H{
"status": true,
"subject": gin.H{
"commonName": certificate.Subject.CommonName,
"organization": certificate.Subject.Organization,
"organizationalUnit": certificate.Subject.OrganizationalUnit,
"locality": certificate.Subject.Locality,
"country": certificate.Subject.Country,
},
"issuer": gin.H{
"commonName": certificate.Issuer.CommonName,
"organization": certificate.Issuer.Organization,
"organizationalUnit": certificate.Issuer.OrganizationalUnit,
"locality": certificate.Issuer.Locality,
"country": certificate.Issuer.Country,
},
"validationType": validationType,
"signatureAlgorithm": certificate.SignatureAlgorithm.String(),
"publicKeyAlgorithm": certificate.PublicKeyAlgorithm.String(),
"serialNumber": certificate.SerialNumber.Int64(),
"notAfter": certificate.NotAfter,
"keyUsage": keyUsages,
"keyUsageAsText": keyUsagesText,
"extendedKeyUsage": extendedKeyUsages,
"extendedKeyUsageAsText": extendedKeyUsagesText,
"san": certificate.DNSNames,
"fingerprint": hex.EncodeToString(sum[:]),
"connection": gin.H{
"tlsVersion": tlsVersion,
"cipherSuite": cipherSuite,
},
})
}