stashing certlib work

additional debugging for basic constraints
cmd: add die roller
2025-04-10 01:16:01 -07:00 · 2024-08-22 18:06:09 -07:00 · 2024-06-14 20:27:00 -07:00 · 2024-05-19 20:51:35 -07:00 · 2024-05-19 20:48:59 -07:00 · 2024-05-19 20:48:25 -07:00
7 changed files with 173 additions and 22 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,22 +2,6 @@
 # See: https://circleci.com/docs/2.0/configuration-reference
 version: 2.1

-commands:
-  setup-bazel:
-    description: |
-      Setup the Bazel build system used for building the repo
-    steps:
-      - run:
-          name: Add Bazel Apt repository
-          command: |
-            sudo apt install curl gnupg
-            curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor > bazel.gpg
-            sudo mv bazel.gpg /etc/apt/trusted.gpg.d/
-            echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list
-      - run:
-          name: Install Bazel from Apt
-          command: sudo apt update && sudo apt install bazel
-
 # Define a job to be invoked later in a workflow.
 # See: https://circleci.com/docs/2.0/configuration-reference/#jobs
 jobs:
@@ -26,12 +10,11 @@ jobs:
    # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub.
    # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor
    docker:
-      - image: circleci/golang:1.15.8
+      - image: cimg/go:1.22.2
    # Add steps to the job
    # See: https://circleci.com/docs/2.0/configuration-reference/#steps
    steps:
      - checkout
-      - setup-bazel
      - restore_cache:
          keys:
            - go-mod-v4-{{ checksum "go.sum" }}
@@ -44,10 +27,10 @@ jobs:
            - "/go/pkg/mod"
      - run:
          name: Run tests
-          command: bazel test //...
+          command: go test ./...
      - run:
          name: Run build
-          command: bazel build //...
+          command: go build ./...
      - store_test_results:
          path: /tmp/test-reports

--- a/certlib/sct.go
+++ b/certlib/sct.go
@@ -0,0 +1,36 @@
+package certlib
+
+import (
+	"crypto/x509"
+	"encoding/asn1"
+	"github.com/davecgh/go-spew/spew"
+	ct "github.com/google/certificate-transparency-go"
+)
+
+var sctExtension = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2}
+
+// SignedCertificateTimestampList is a list of signed certificate timestamps, from RFC6962 s3.3.
+type SignedCertificateTimestampList struct {
+	SCTList []ct.SignedCertificateTimestamp
+}
+
+func DumpSignedCertificateList(cert *x509.Certificate) ([]ct.SignedCertificateTimestamp, error) {
+	// x := x509.SignedCertificateTimestampList{}
+	var sctList []ct.SignedCertificateTimestamp
+
+	for _, extension := range cert.Extensions {
+		if extension.Id.Equal(sctExtension) {
+			spew.Dump(extension)
+
+			var rawSCT ct.SignedCertificateTimestamp
+			_, err := asn1.Unmarshal(extension.Value, &rawSCT)
+			if err != nil {
+				return nil, err
+			}
+
+			sctList = append(sctList, rawSCT)
+		}
+	}
+
+	return sctList, nil
+}
--- a/cmd/certdump/certdump.go
+++ b/cmd/certdump/certdump.go
@@ -110,6 +110,14 @@ func showBasicConstraints(cert *x509.Certificate) {

 	if cert.IsCA {
 		fmt.Printf(", is a CA certificate")
+		if !cert.BasicConstraintsValid {
+			fmt.Printf(" (basic constraint failure)")
+		}
+	} else {
+		fmt.Printf("is not a CA certificate")
+		if cert.KeyUsage&x509.KeyUsageKeyEncipherment != 0 {
+			fmt.Printf(" (key encipherment usage enabled!)")
+		}
 	}

 	if (cert.MaxPathLen == 0 && cert.MaxPathLenZero) || (cert.MaxPathLen > 0) {
@@ -206,6 +214,17 @@ func displayCert(cert *x509.Certificate) {
 			wrapPrint(fmt.Sprintf("- %s\n", ocspServer), 2)
 		}
 	}
+
+	fmt.Println("SCTs:")
+	sctList, err := certlib.DumpSignedCertificateList(cert)
+	if err != nil {
+		lib.Warn(err, "failed to dump signed certificate list")
+	} else {
+		for _, sct := range sctList {
+			fmt.Printf("\t- %s\n", sct)
+		}
+	}
+
 }

 func displayAllCerts(in []byte, leafOnly bool) {
--- a/cmd/cleankbf/main.go
+++ b/cmd/cleankbf/main.go
@@ -0,0 +1,65 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+
+	"git.wntrmute.dev/kyle/goutils/die"
+)
+
+var reUUID = regexp.MustCompile(`^\w{8}-\w{4}-\w{4}-\w{4}-\w{12}_(.+)$`)
+
+func renamePath(path string, dryRun bool) error {
+	dir, base := filepath.Split(path)
+
+	base = reUUID.ReplaceAllString(base, "$1")
+	newPath := filepath.Join(dir, base)
+
+	if dryRun {
+		fmt.Println(path, "->", newPath)
+		return nil
+	}
+
+	err := os.Rename(path, newPath)
+	if err != nil {
+		return fmt.Errorf("renaming %s to %s failed: %v", path, newPath, err)
+	}
+
+	return nil
+}
+
+func test() bool {
+	const testFilePath = "48793683-8568-47c2-9e2d-eecab3c4b639_Whispers of Chernobog.pdf"
+	const expected = "Whispers of Chernobog.pdf"
+
+	actual := reUUID.ReplaceAllString(testFilePath, "$1")
+	return actual == expected
+}
+
+func main() {
+	var err error
+
+	if !test() {
+		die.With("test failed")
+	}
+
+	dryRun := false
+	flag.BoolVar(&dryRun, "n", dryRun, "don't rename files, just print what would be done")
+	flag.Parse()
+
+	paths := flag.Args()
+	if len(paths) == 0 {
+		paths, err = filepath.Glob("*")
+		die.If(err)
+	}
+
+	for _, file := range paths {
+		err = renamePath(file, dryRun)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "%s: %v\n", file, err)
+		}
+	}
+}
--- a/cmd/host/main.go
+++ b/cmd/host/main.go
@@ -35,7 +35,7 @@ func main() {

 	for _, arg := range flag.Args() {
 		if err := lookupHost(arg); err != nil {
-			log.Println("%s: %s", arg, err)
+			log.Printf("%s: %s", arg, err)
 		}
 	}
 }
--- a/cmd/rolldie/main.go
+++ b/cmd/rolldie/main.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"math/rand"
+	"os"
+	"regexp"
+	"strconv"
+
+	"git.wntrmute.dev/kyle/goutils/die"
+)
+
+var dieRollFormat = regexp.MustCompile(`^(\d+)[dD](\d+)$`)
+
+func rollDie(count, sides int) []int {
+	sum := 0
+	var rolls []int
+
+	for i := 0; i < count; i++ {
+		roll := rand.Intn(sides) + 1
+		sum += roll
+		rolls = append(rolls, roll)
+	}
+
+	rolls = append(rolls, sum)
+	return rolls
+}
+
+func main() {
+	flag.Parse()
+
+	for _, arg := range flag.Args() {
+		if !dieRollFormat.MatchString(arg) {
+			fmt.Fprintf(os.Stderr, "invalid die format %s: should be XdY\n", arg)
+			os.Exit(1)
+		}
+
+		dieRoll := dieRollFormat.FindAllStringSubmatch(arg, -1)
+		count, err := strconv.Atoi(dieRoll[0][1])
+		die.If(err)
+
+		sides, err := strconv.Atoi(dieRoll[0][2])
+		die.If(err)
+
+		fmt.Println(rollDie(count, sides))
+	}
+}
--- a/cmd/zsearch/main.go
+++ b/cmd/zsearch/main.go
@@ -68,7 +68,7 @@ func showFile(path string) {
 func searchFile(path string, search *regexp.Regexp) error {
 	file, err := os.Open(path)
 	if err != nil {
-		errorf("%v")
+		errorf("%v", err)
 		return err
 	}
 	defer file.Close()
Author	SHA1	Message	Date
Kyle Isom	e0edf35c53	stashing certlib work	2025-04-10 01:16:01 -07:00
Kyle Isom	c761d98b82	additional debugging for basic constraints	2024-08-22 18:06:09 -07:00
Kyle Isom	e68d22337b	cmd: add die roller	2024-06-14 20:27:00 -07:00
Kyle Isom	4cb6f5b6f0	fix minor issues in Print calls.	2024-05-19 20:51:35 -07:00
Kyle Isom	6d5708800f	circleci: Some days I really hate computers.	2024-05-19 20:48:59 -07:00
Kyle Isom	fa3eb821e6	circleci: Update go container.	2024-05-19 20:48:25 -07:00
Kyle Isom	dd5ed403b9	circleci: Update go version.	2024-05-19 20:46:28 -07:00
Kyle Isom	b4fde22c31	circleci: don't use bazel	2024-05-19 20:45:32 -07:00