diff --git a/README.md b/README.md index 959e022..c295016 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,10 @@ Contents: cmd/ certchain/ Display the certificate chain from a TLS connection. + certdump/ Dump certificate information. csrpubdump/ Dump the public key from an X.509 certificate request. + fragment/ Print a fragment of a file. readchain/ Print the common name for the certificates in a bundle. stealchain/ Dump the verified chain from a TLS diff --git a/cmd/certdump/README b/cmd/certdump/README new file mode 100644 index 0000000..6416d84 --- /dev/null +++ b/cmd/certdump/README @@ -0,0 +1,133 @@ +certdump + +Dump a PEM file containing certificates. + +It takes a number of files on the command line which should contain +at least one certificate, and dumps the certificates found in those +files. If the -l flag is given, it is assumed the file is a bundle and +only the leaf certificate will be shown. + +Example (kyleisom.pem and tyrfingr.pem are the bundled certificates +for two of my sites): + +$ certdump *.pem +--kyleisom.pem --- +CERTIFICATE +Subject: /*.kyleisom.net/OU=Domain Control Validated/OU=PositiveSSL Wildcard +Issuer: /COMODO RSA Domain Validation Secure Server CA/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester + Signature algorithm: RSA / SHA256 +Details: + Public key: RSA-2048 + Serial number: 140424811868659069090147614569911695367 + AKI: 90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7 + SKI: 64:07:29:EA:3A:FE:2C:00:48:62:FB:22:E4:E9:72:7E:2F:0F:C3:2D + Valid from: 2014-11-16T00:00:00+0000 + until: 2015-11-16T23:59:59+0000 + Key usages: key encipherment, digital signature + Extended usages: server auth, client auth + Basic constraints: valid + SANs: *.kyleisom.net, kyleisom.net +CERTIFICATE +Subject: /COMODO RSA Domain Validation Secure Server CA/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester +Issuer: /COMODO RSA Certification Authority/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester + Signature algorithm: RSA / SHA384 +Details: + Public key: RSA-2048 + Serial number: 57397899145990363081023081275480378375 + AKI: BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 + SKI: 90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7 + Valid from: 2014-02-12T00:00:00+0000 + until: 2029-02-11T23:59:59+0000 + Key usages: cert sign, crl sign, digital signature + Extended usages: server auth, client auth + Basic constraints: valid, is a CA certificate, max path length 0 + SANs: +---tyrfingr.pem --- +CERTIFICATE +Subject: /*.tyrfingr.is/OU=Domain Control Validated/OU=PositiveSSL Wildcard +Issuer: /COMODO RSA Domain Validation Secure Server CA/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester + Signature algorithm: RSA / SHA256 +Details: + Public key: RSA-2048 + Serial number: 129805972439942088783496286074667556011 + AKI: 90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7 + SKI: C6:25:79:D7:A7:9A:85:BE:7F:DE:3B:3D:7A:B7:2E:96:DE:46:05:D7 + Valid from: 2014-10-03T00:00:00+0000 + until: 2015-10-03T23:59:59+0000 + Key usages: key encipherment, digital signature + Extended usages: server auth, client auth + Basic constraints: valid + SANs: *.tyrfingr.is, tyrfingr.is +CERTIFICATE +Subject: /COMODO RSA Domain Validation Secure Server CA/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester +Issuer: /COMODO RSA Certification Authority/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester + Signature algorithm: RSA / SHA384 +Details: + Public key: RSA-2048 + Serial number: 57397899145990363081023081275480378375 + AKI: BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 + SKI: 90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7 + Valid from: 2014-02-12T00:00:00+0000 + until: 2029-02-11T23:59:59+0000 + Key usages: cert sign, digital signature, crl sign + Extended usages: server auth, client auth + Basic constraints: valid, is a CA certificate, max path length 0 + SANs: +CERTIFICATE +Subject: /COMODO RSA Certification Authority/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester +Issuer: /AddTrust External CA Root/C=SE/O=AddTrust AB/OU=AddTrust External TTP + Network + Signature algorithm: RSA / SHA384 +Details: + Public key: RSA-4096 + Serial number: 52374340215108295845375962883522092578 + AKI: AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A + SKI: BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 + Valid from: 2000-05-30T10:48:38+0000 + until: 2020-05-30T10:48:38+0000 + Key usages: digital signature, crl sign, cert sign + Basic constraints: valid, is a CA certificate + SANs: + +$ certdump *.pem +--kyleisom.pem --- +CERTIFICATE +Subject: /*.kyleisom.net/OU=Domain Control Validated/OU=PositiveSSL Wildcard +Issuer: /COMODO RSA Domain Validation Secure Server CA/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester + Signature algorithm: RSA / SHA256 +Details: + Public key: RSA-2048 + Serial number: 140424811868659069090147614569911695367 + AKI: 90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7 + SKI: 64:07:29:EA:3A:FE:2C:00:48:62:FB:22:E4:E9:72:7E:2F:0F:C3:2D + Valid from: 2014-11-16T00:00:00+0000 + until: 2015-11-16T23:59:59+0000 + Key usages: digital signature, key encipherment + Extended usages: server auth, client auth + Basic constraints: valid + SANs: *.kyleisom.net, kyleisom.net +--tyrfingr.pem --- +CERTIFICATE +Subject: /*.tyrfingr.is/OU=Domain Control Validated/OU=PositiveSSL Wildcard +Issuer: /COMODO RSA Domain Validation Secure Server CA/C=GB/O=COMODO CA + Limited/L=Salford/ST=Greater Manchester + Signature algorithm: RSA / SHA256 +Details: + Public key: RSA-2048 + Serial number: 129805972439942088783496286074667556011 + AKI: 90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7 + SKI: C6:25:79:D7:A7:9A:85:BE:7F:DE:3B:3D:7A:B7:2E:96:DE:46:05:D7 + Valid from: 2014-10-03T00:00:00+0000 + until: 2015-10-03T23:59:59+0000 + Key usages: digital signature, key encipherment + Extended usages: server auth, client auth + Basic constraints: valid + SANs: *.tyrfingr.is, tyrfingr.is diff --git a/cmd/fragment/README b/cmd/fragment/README new file mode 100644 index 0000000..8aa09fa --- /dev/null +++ b/cmd/fragment/README @@ -0,0 +1,40 @@ +fragment + +This is a program to print a fragment of a file. It takes a filename, +a starting line (lines are numbered starting at 1) and an optional +end line or offset. + +For example, compare the output to `nl -ba fragment.go`: + +$ fragment fragment.go 23 +6 +23: func main() { +24: flag.Parse() +25: +26: if flag.NArg() < 2 || flag.NArg() > 3 { +27: usage() +28: os.Exit(1) +29: } + +$ fragment fragment.go 25 30 +25: +26: if flag.NArg() < 2 || flag.NArg() > 3 { +27: usage() +28: os.Exit(1) +29: } +30: + +$ fragment fragment.go 80 +80 +80: if n > end { +81: return true +82: } +83: return false +84: } +85: +86: fmt.Println(start) +87: fmtStr += "\n" +88: for i := start; !endFunc(i); i++ { +89: fmt.Printf(fmtStr, i, lines[i]) +90: } +91: } + diff --git a/cmd/fragment/fragment.go b/cmd/fragment/fragment.go index cb96fcc..57fd2dd 100644 --- a/cmd/fragment/fragment.go +++ b/cmd/fragment/fragment.go @@ -46,13 +46,6 @@ func main() { } } - if end < start { - fmt.Println("[!] end < start, swapping values") - tmp := end - end = start - start = tmp - } - file, err := os.Open(flag.Arg(0)) die.If(err) defer file.Close() @@ -65,6 +58,17 @@ func main() { lines = append(lines, scanner.Text()) } + if end == 0 { + end = len(lines) - 1 + } + + if end < start { + fmt.Println("[!] end < start, swapping values") + tmp := end + end = start + start = tmp + } + maxLine := fmt.Sprintf("%d", len(lines)) fmtStr := fmt.Sprintf("%%0%dd: %%s", len(maxLine)) @@ -72,12 +76,14 @@ func main() { if n == 0 { return false } + if n > end { return true } return false } + fmt.Println(start) fmtStr += "\n" for i := start; !endFunc(i); i++ { fmt.Printf(fmtStr, i, lines[i])