feat: initial working prototype

Author: cemulus

cmd/cmd.go

@@ -0,0 +1,96 @@
+package cmd
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/cemulus/crt/repository"
+	"github.com/cemulus/crt/result"
+)
+
+var (
+	filename = flag.String("o", "", "")
+	limit    = flag.Int("l", 1000, "")
+	jsonOut  = flag.Bool("json", false, "")
+	csvOut   = flag.Bool("csv", false, "")
+)
+
+var usage = `Usage: crt [options...] <domain name>
+
+Options:
+  -o <path> Output file path. Write to file instead of stdout.
+  -l <int>  Limit the number of results. (default: 1000) 
+  -json     Turn results to JSON.
+  -csv      Turn results to CSV.
+
+Examples:
+  crt example.com
+  crt -o logs.json -json example.com
+  crt -csv -o logs.csv -l 15 example.com
+`
+
+func Execute() {
+	flag.Usage = func() { fmt.Fprint(os.Stderr, usage) }
+
+	flag.Parse()
+
+	if flag.NArg() != 1 {
+		flag.Usage()
+		os.Exit(1)
+	}
+
+	domain := flag.Args()[0]
+	if domain == "" {
+		flag.Usage()
+		os.Exit(1)
+	}
+
+	repo, err := repository.New()
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer repo.Close()
+
+	var res result.CertResult
+
+	res, err = repo.GetCertLogs(domain, *limit)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if res.Size() == 0 {
+		fmt.Println("Found no results.")
+		os.Exit(0)
+	}
+
+	var out string
+
+	if *jsonOut {
+		out, err = res.JSON()
+	} else if *csvOut {
+		out, err = res.CSV()
+	} else {
+		out = res.Table()
+	}
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if *filename == "" {
+		fmt.Println(out)
+		os.Exit(0)
+	}
+
+	file, err := os.Create(*filename)
+	if err != nil {
+		log.Fatal("failed to create output file:", err)
+	}
+	defer file.Close()
+
+	if _, err = file.Write([]byte(out)); err != nil {
+		log.Fatal("failed to write to file:", err)
+	}
+}

go.mod

@@ -0,0 +1,10 @@
+module github.com/cemulus/crt
+
+go 1.17
+
+require (
+	github.com/lib/pq v1.10.4
+	github.com/olekukonko/tablewriter v0.0.5
+)
+
+require github.com/mattn/go-runewidth v0.0.9 // indirect

go.sum

@@ -0,0 +1,6 @@
+github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk=
+github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=

main.go

@@ -0,0 +1,7 @@
+package main
+
+import "github.com/cemulus/crt/cmd"
+
+func main() {
+	cmd.Execute()
+}

repository/database.go

@@ -0,0 +1,124 @@
+package repository
+
+import (
+	"database/sql"
+	"fmt"
+
+	_ "github.com/lib/pq"
+
+	"github.com/cemulus/crt/result"
+)
+
+var (
+	driver = "postgres"
+	host   = "crt.sh"
+	port   = 5432
+	user   = "guest"
+	dbname = "certwatch"
+	login  = fmt.Sprintf("host=%s port=%d user=%s dbname=%s", host, port, user, dbname)
+)
+
+const (
+	statement = `WITH ci AS (
+	SELECT min(sub.CERTIFICATE_ID) ID,
+		min(sub.ISSUER_CA_ID) ISSUER_CA_ID,
+		array_agg(DISTINCT sub.NAME_VALUE) NAME_VALUES,
+		x509_commonName(sub.CERTIFICATE) COMMON_NAME,
+		x509_notBefore(sub.CERTIFICATE) NOT_BEFORE,
+		x509_notAfter(sub.CERTIFICATE) NOT_AFTER,
+		encode(x509_serialNumber(sub.CERTIFICATE), 'hex') SERIAL_NUMBER
+	FROM (SELECT *
+			FROM certificate_and_identities cai
+			WHERE plainto_tsquery('certwatch', '%s') @@ identities(cai.CERTIFICATE)
+				AND cai.NAME_VALUE ILIKE ('%%' || '%s' || '%%')
+			LIMIT 10000
+		) sub
+	GROUP BY sub.CERTIFICATE
+)
+SELECT ci.ISSUER_CA_ID,
+	ca.NAME ISSUER_NAME,
+	ci.COMMON_NAME,
+	array_to_string(ci.NAME_VALUES, chr(10)) NAME_VALUE,
+	ci.ID ID,
+	le.ENTRY_TIMESTAMP,
+	ci.NOT_BEFORE,
+	ci.NOT_AFTER,
+	ci.SERIAL_NUMBER
+FROM ci
+	LEFT JOIN LATERAL (
+		SELECT min(ctle.ENTRY_TIMESTAMP) ENTRY_TIMESTAMP
+		FROM ct_log_entry ctle
+		WHERE ctle.CERTIFICATE_ID = ci.ID
+	) le ON TRUE,
+	ca
+WHERE ci.ISSUER_CA_ID = ca.ID
+ORDER BY le.ENTRY_TIMESTAMP DESC NULLS LAST
+LIMIT %d`
+)
+
+type Repository struct {
+	db *sql.DB
+}
+
+func New() (*Repository, error) {
+	db, err := sql.Open(driver, login)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open db: %s", err)
+	}
+
+	return &Repository{db}, nil
+}
+
+func (r *Repository) GetCertLogs(domain string, limit int) (result.CertResult, error) {
+	stmt := fmt.Sprintf(statement, domain, domain, limit)
+
+	rows, err := r.db.Query(stmt)
+	if err != nil {
+		return nil, fmt.Errorf("failed to query db: %s", err)
+	}
+	defer rows.Close()
+
+	var res result.CertResult
+
+	var (
+		issuerCaID                                      sql.NullInt32
+		id                                              sql.NullInt64
+		issuerName, commonName, nameValue, serialNumber sql.NullString
+		entryTimestamp, notBefore, notAfter             sql.NullTime
+	)
+
+	for rows.Next() {
+		err = rows.Scan(
+			&issuerCaID,
+			&issuerName,
+			&commonName,
+			&nameValue,
+			&id,
+			&entryTimestamp,
+			&notBefore,
+			&notAfter,
+			&serialNumber)
+		if err != nil {
+			return nil, fmt.Errorf("failed to scan row: %s", err)
+		}
+
+		certificate := result.Certificate{
+			IssuerCaID:     int((issuerCaID).Int32),
+			IssuerName:     issuerName.String,
+			CommonName:     commonName.String,
+			NameValue:      nameValue.String,
+			ID:             int((id).Int64),
+			EntryTimestamp: entryTimestamp.Time,
+			NotBefore:      notBefore.Time,
+			NotAfter:       notAfter.Time,
+			SerialNumber:   serialNumber.String}
+
+		res = append(res, certificate)
+	}
+
+	return res, nil
+}
+
+func (r *Repository) Close() error {
+	return r.db.Close()
+}

result/certificate.go

@@ -0,0 +1,103 @@
+package result
+
+import (
+	"bytes"
+	"encoding/csv"
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/olekukonko/tablewriter"
+)
+
+type Certificate struct {
+	IssuerCaID     int       `json:"issuer_ca_id"`
+	IssuerName     string    `json:"issuer_name"`
+	CommonName     string    `json:"common_name"`
+	NameValue      string    `json:"name_value"`
+	ID             int       `json:"id"`
+	EntryTimestamp time.Time `json:"entry_timestamp"`
+	NotBefore      time.Time `json:"not_before"`
+	NotAfter       time.Time `json:"not_after"`
+	SerialNumber   string    `json:"serial_number"`
+}
+
+type CertResult []Certificate
+
+func (r CertResult) Table() string {
+	res := new(bytes.Buffer)
+	table := tablewriter.NewWriter(res)
+
+	info := []string{"Matching", "Logged At", "Not Before", "Not After", "Issuer"}
+	table.SetHeader(info)
+	table.SetFooter(info)
+
+	blue := tablewriter.Color(tablewriter.FgHiBlueColor)
+	yellow := tablewriter.Color(tablewriter.FgHiYellowColor)
+	white := tablewriter.Color(tablewriter.FgWhiteColor)
+
+	table.SetHeaderColor(blue, blue, blue, blue, blue)
+	table.SetFooterColor(blue, blue, blue, blue, blue)
+	table.SetColumnColor(yellow, white, white, white, white)
+
+	for _, cert := range r {
+		table.Append([]string{
+			cert.NameValue,
+			cert.EntryTimestamp.String()[0:10],
+			cert.NotBefore.String()[0:10],
+			cert.NotAfter.String()[0:10],
+			strings.Trim(strings.Split(strings.Split(cert.IssuerName, "O=")[1], ",")[0], "\""),
+		})
+	}
+
+	table.SetRowLine(true)
+	table.SetRowSeparator("—")
+	table.Render()
+
+	return res.String()
+}
+
+func (r CertResult) JSON() (string, error) {
+	res, err := json.MarshalIndent(r, "", "\t")
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal results: %s", err)
+	}
+
+	return string(res), nil
+}
+
+func (r CertResult) CSV() (string, error) {
+	res := new(bytes.Buffer)
+	w := csv.NewWriter(res)
+
+	err := w.Write([]string{
+		"issuer_ca_id", "issuer_name", "common_name", "name_value", "id",
+		"entry_timestamp", "not_before", "not_after", "serial_number",
+	})
+	if err != nil {
+		return "", fmt.Errorf("failed to write CSV headers: %s", err)
+	}
+
+	for _, v := range r {
+		err = w.Write([]string{
+			strconv.Itoa(v.IssuerCaID),
+			v.IssuerName,
+			v.CommonName,
+			v.NameValue,
+			strconv.Itoa(v.ID),
+			v.EntryTimestamp.String(),
+			v.NotBefore.String(),
+			v.NotAfter.String(),
+			v.SerialNumber})
+		if err != nil {
+			return "", fmt.Errorf("failed to write CSV content: %s", err)
+		}
+	}
+	w.Flush()
+
+	return res.String(), nil
+}
+
+func (r CertResult) Size() int { return len(r) }