in certificate/certificate.go [484:584]
func CertToJSON(cert *x509.Certificate) Certificate {
var (
domain string
ip string
err error
certJson = Certificate{}
)
// initialize []string to never store them as null
certJson.IPs = make([]string, 0)
certJson.Version = cert.Version
// If there's an error, we just store the zero value ("")
serial, _ := GetHexASN1Serial(cert)
certJson.Serial = serial
certJson.SignatureAlgorithm = SignatureAlgorithm[cert.SignatureAlgorithm]
certJson.Key, err = getPublicKeyInfo(cert)
if err != nil {
log.Printf("Failed to retrieve public key information: %v. Continuing anyway.", err)
}
// Handle uncommon attributes for Issuer
certJson.Issuer = GetSubjectAttributes(cert.Issuer.Names)
// Handle Domain Components properly
certJson.Issuer.DomainComponent = GetDomainComponent(cert.Issuer.Names)
// Handle common attributes for Issuer
certJson.Issuer.Country = cert.Issuer.Country
certJson.Issuer.Organization = cert.Issuer.Organization
certJson.Issuer.OrganizationalUnit = cert.Issuer.OrganizationalUnit
certJson.Issuer.Locality = cert.Issuer.Locality
certJson.Issuer.StateOrProvince = cert.Issuer.Province
certJson.Issuer.StreetAddress = cert.Issuer.StreetAddress
certJson.Issuer.PostalCode = cert.Issuer.PostalCode
certJson.Issuer.SerialNumber = cert.Issuer.SerialNumber
certJson.Issuer.CommonName = cert.Issuer.CommonName
// Handle uncommon attributes for Subject
certJson.Subject = GetSubjectAttributes(cert.Subject.Names)
// Handle Domain Components properly
certJson.Subject.DomainComponent = GetDomainComponent(cert.Subject.Names)
// Handle common attributes for Subject
certJson.Subject.Country = cert.Subject.Country
certJson.Subject.Organization = cert.Subject.Organization
certJson.Subject.OrganizationalUnit = cert.Subject.OrganizationalUnit
certJson.Subject.Locality = cert.Subject.Locality
certJson.Subject.StateOrProvince = cert.Subject.Province
certJson.Subject.StreetAddress = cert.Subject.StreetAddress
certJson.Subject.PostalCode = cert.Subject.PostalCode
certJson.Subject.SerialNumber = cert.Subject.SerialNumber
certJson.Subject.CommonName = cert.Subject.CommonName
certJson.Validity.NotBefore = cert.NotBefore.UTC()
certJson.Validity.NotAfter = cert.NotAfter.UTC()
certJson.X509v3Extensions = getCertExtensions(cert)
certJson.MozillaPolicyV25 = getMozillaPolicyV25(cert)
certJson.MozillaPolicyV29 = getMozillaPolicyV29(cert)
//below check tries to hack around the basic constraints extension
//not being available in versions < 3.
//Only the IsCa variable is set, as setting X509v3BasicConstraints
//messes up the validation procedure.
if cert.Version < 3 {
certJson.CA = cert.IsCA
} else {
if cert.BasicConstraintsValid {
certJson.X509v3BasicConstraints = "Critical"
certJson.CA = cert.IsCA
} else {
certJson.X509v3BasicConstraints = ""
certJson.CA = false
}
}
t := time.Now().UTC()
certJson.FirstSeenTimestamp = t
certJson.LastSeenTimestamp = t
if !cert.IsCA {
certJson.ScanTarget = domain
certJson.IPs = append(certJson.IPs, ip)
}
certJson.Hashes.SHA1 = SHA1Hash(cert.Raw)
certJson.Hashes.SHA256 = SHA256Hash(cert.Raw)
certJson.Hashes.SPKISHA256 = SPKISHA256(cert)
certJson.Hashes.SubjectSPKISHA256 = SubjectSPKISHA256(cert)
certJson.Hashes.PKPSHA256 = PKPSHA256Hash(cert)
certJson.Raw = base64.StdEncoding.EncodeToString(cert.Raw)
return certJson
}