func CertToJSON()

in certificate/certificate.go [484:584]


func CertToJSON(cert *x509.Certificate) Certificate {
	var (
		domain   string
		ip       string
		err      error
		certJson = Certificate{}
	)
	// initialize []string to never store them as null
	certJson.IPs = make([]string, 0)

	certJson.Version = cert.Version

	// If there's an error, we just store the zero value ("")
	serial, _ := GetHexASN1Serial(cert)
	certJson.Serial = serial

	certJson.SignatureAlgorithm = SignatureAlgorithm[cert.SignatureAlgorithm]

	certJson.Key, err = getPublicKeyInfo(cert)
	if err != nil {
		log.Printf("Failed to retrieve public key information: %v. Continuing anyway.", err)
	}

	// Handle uncommon attributes for Issuer
	certJson.Issuer = GetSubjectAttributes(cert.Issuer.Names)

	// Handle Domain Components properly
	certJson.Issuer.DomainComponent = GetDomainComponent(cert.Issuer.Names)

	// Handle common attributes for Issuer
	certJson.Issuer.Country = cert.Issuer.Country
	certJson.Issuer.Organization = cert.Issuer.Organization
	certJson.Issuer.OrganizationalUnit = cert.Issuer.OrganizationalUnit
	certJson.Issuer.Locality = cert.Issuer.Locality
	certJson.Issuer.StateOrProvince = cert.Issuer.Province
	certJson.Issuer.StreetAddress = cert.Issuer.StreetAddress
	certJson.Issuer.PostalCode = cert.Issuer.PostalCode
	certJson.Issuer.SerialNumber = cert.Issuer.SerialNumber
	certJson.Issuer.CommonName = cert.Issuer.CommonName

	// Handle uncommon attributes for Subject
	certJson.Subject = GetSubjectAttributes(cert.Subject.Names)

	// Handle Domain Components properly
	certJson.Subject.DomainComponent = GetDomainComponent(cert.Subject.Names)

	// Handle common attributes for Subject
	certJson.Subject.Country = cert.Subject.Country
	certJson.Subject.Organization = cert.Subject.Organization
	certJson.Subject.OrganizationalUnit = cert.Subject.OrganizationalUnit
	certJson.Subject.Locality = cert.Subject.Locality
	certJson.Subject.StateOrProvince = cert.Subject.Province
	certJson.Subject.StreetAddress = cert.Subject.StreetAddress
	certJson.Subject.PostalCode = cert.Subject.PostalCode
	certJson.Subject.SerialNumber = cert.Subject.SerialNumber
	certJson.Subject.CommonName = cert.Subject.CommonName

	certJson.Validity.NotBefore = cert.NotBefore.UTC()
	certJson.Validity.NotAfter = cert.NotAfter.UTC()

	certJson.X509v3Extensions = getCertExtensions(cert)

	certJson.MozillaPolicyV25 = getMozillaPolicyV25(cert)
	certJson.MozillaPolicyV29 = getMozillaPolicyV29(cert)

	//below check tries to hack around the basic constraints extension
	//not being available in versions < 3.
	//Only the IsCa variable is set, as setting X509v3BasicConstraints
	//messes up the validation procedure.
	if cert.Version < 3 {
		certJson.CA = cert.IsCA
	} else {
		if cert.BasicConstraintsValid {
			certJson.X509v3BasicConstraints = "Critical"
			certJson.CA = cert.IsCA
		} else {
			certJson.X509v3BasicConstraints = ""
			certJson.CA = false
		}
	}

	t := time.Now().UTC()

	certJson.FirstSeenTimestamp = t
	certJson.LastSeenTimestamp = t

	if !cert.IsCA {
		certJson.ScanTarget = domain
		certJson.IPs = append(certJson.IPs, ip)
	}

	certJson.Hashes.SHA1 = SHA1Hash(cert.Raw)
	certJson.Hashes.SHA256 = SHA256Hash(cert.Raw)
	certJson.Hashes.SPKISHA256 = SPKISHA256(cert)
	certJson.Hashes.SubjectSPKISHA256 = SubjectSPKISHA256(cert)
	certJson.Hashes.PKPSHA256 = PKPSHA256Hash(cert)

	certJson.Raw = base64.StdEncoding.EncodeToString(cert.Raw)

	return certJson
}