certinfo MVP

Author: fileformat

.gitignore

@@ -4,6 +4,7 @@
 *.class
 crash.log
 _data/build.json
+dist
 .DS_Store
 .env
 Gemfile.lock

README.md

@@ -12,7 +12,8 @@
 - [ ] `anyascii`: converts to ASCII using [anyascii](https://github.com/anyascii/anyascii)
 - [ ] `asciitable`: prints out an table of ASCII characters
 - [ ] `bytecount`: counts the number of occurrences of each byte
-- [ ] `ghash`: calculate various hashes
+- [x] `certinfo`: print info about an x509 (aka SSL/HTTPS) certificate
+- [ ] `ghash`: calculate various [hashes available in the Go standard library](https://pkg.go.dev/crypto#Hash)
 - [x] `hexdumpc`: generate canonical hexdump (`hexdump -C`) output in case you don't have [`hexdump`](https://man7.org/linux/man-pages/man1/hexdump.1.html) installed
 - [ ] `trilobyte`: translates bytes according to a map
 - [ ] `ustrings`: like the standard [`strings`](https://man7.org/linux/man-pages/man1/strings.1.html) utility, but with Unicode support

bin/certdl.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+#
+# download a certificate chain from a URL
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
+mkdir -p "${REPO_DIR}/tmp"
+URL="${1:-www.fileformat.info}"
+CERT_FILE="${REPO_DIR}/tmp/cert.pem"
+
+echo "Downloading certificate chain from ${URL} to ${CERT_FILE}"
+
+openssl s_client -showcerts -connect "${URL}:443" </dev/null 2>/dev/null \
+	| awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/ { print }' > "${CERT_FILE}"

bin/certgen.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+#
+# generate a self-signed certificate with OpenSSL for testing certinfo
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
+
+mkdir -p "${REPO_DIR}/tmp"
+
+openssl req \
+	-x509 \
+	-newkey rsa:4096 \
+	-keyout "${REPO_DIR}/tmp/key.pem" \
+	-out "${REPO_DIR}/tmp/cert.pem" \
+	-sha256 \
+	-days 365 \
+	-nodes \
+	-subj "/C=US/ST=Pennsylvania/L=Philadelphia/O=ExampleCo/CN=example.com"

cmd/certinfo/certinfo.go

@@ -0,0 +1,102 @@
+package main
+
+import (
+	"bytes"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+)
+
+func usage() {
+	fmt.Fprintf(os.Stderr, "Usage: certinfo url|file\n")
+	fmt.Fprintf(os.Stderr, "Examples:\n")
+	fmt.Fprintf(os.Stderr, "          certinfo https://google.com\n")
+	fmt.Fprintf(os.Stderr, "          certinfo mycert.pem\n")
+	os.Exit(1)
+}
+
+func getHttpsCerts(url string) ([]*x509.Certificate, error) {
+
+	conf := &tls.Config{
+		InsecureSkipVerify: true,
+	}
+
+	host := strings.TrimPrefix(url, "https://")
+	if idx := strings.Index(host, "/"); idx != -1 {
+		host = host[:idx]
+	}
+	if idx := strings.Index(host, ":"); idx == -1 {
+		host += ":443" // Default to port 443 for HTTPS
+	}
+
+	conn, err := tls.Dial("tcp", host, conf)
+	if err != nil {
+		return nil, fmt.Errorf("error dialing %s: %w", host, err)
+	}
+	defer conn.Close()
+
+	return conn.ConnectionState().PeerCertificates, nil
+}
+
+func main() {
+
+	if len(os.Args) < 2 {
+		usage()
+	}
+
+	var certs []*x509.Certificate
+
+	for _, arg := range os.Args[1:] {
+		if strings.HasPrefix(arg, "https://") {
+			httpsCerts, httpsErr := getHttpsCerts(arg)
+			if httpsErr != nil {
+				log.Fatalf("Error getting HTTPS certificates: %v", httpsErr)
+			}
+			certs = httpsCerts
+		} else {
+			fileCert, fileErr := os.ReadFile(arg)
+			if fileErr != nil {
+				log.Fatalf("Error reading certificate file: %v", fileErr)
+			}
+			if bytes.HasPrefix(fileCert, []byte("-----BEGIN ")) {
+				var block *pem.Block
+				rest := fileCert
+				certs = make([]*x509.Certificate, 0)
+				for {
+					block, rest = pem.Decode(rest)
+					if block == nil {
+						break
+					}
+					cert, parseErr := x509.ParseCertificate(block.Bytes)
+					if parseErr != nil {
+						log.Fatalf("Error parsing PEM certificate: %v", parseErr)
+					}
+					certs = append(certs, cert)
+				}
+			} else {
+				cert, parseErr := x509.ParseCertificate(fileCert)
+				if parseErr != nil {
+					log.Fatalf("Error parsing certificate: %v", parseErr)
+				}
+				certs = make([]*x509.Certificate, 1)
+				certs[0] = cert
+			}
+		}
+
+		fmt.Printf("Certificate Information for %s:\n", arg)
+		for idx, cert := range certs {
+			fmt.Printf("\tCertificate %d:\n", idx+1)
+			fmt.Printf("\t\tIssuer      : %s\n", cert.Issuer)
+			fmt.Printf("\t\tCommon Name : %s \n", cert.Issuer.CommonName)
+			fmt.Printf("\t\tSubject     : %s\n", cert.Subject)
+			fmt.Printf("\t\tCommon Name : %s \n", cert.Subject.CommonName)
+			fmt.Printf("\t\tStart       : %s \n", cert.NotBefore.Format("2006-01-02"))
+			fmt.Printf("\t\tExpiry      : %s \n", cert.NotAfter.Format("2006-01-02"))
+			fmt.Printf("\t\tKey Usage   : %v \n", cert.KeyUsage)
+		}
+	}
+}

run.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+#
+# run locally
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+go build -o ./dist/certinfo ./cmd/certinfo
+
+./dist/certinfo https://www.fileformat.info/
+./dist/certinfo tmp/cert.pem
+./dist/certinfo tmp/cert.der