From 9d4eab63a02c50c2e240943075e67aab4fa307cc Mon Sep 17 00:00:00 2001 From: gianmarcomennecozzi Date: Fri, 24 Apr 2020 16:14:42 +0200 Subject: [PATCH 1/3] implemented mock server for crt.sh --- richkit/retrieve/x509.py | 3 + richkit/test/retrieve/crtsh_response.txt | 472 +++++++++++++++++++++++ richkit/test/retrieve/test_ctlogs.py | 73 +++- 3 files changed, 539 insertions(+), 9 deletions(-) create mode 100644 richkit/test/retrieve/crtsh_response.txt diff --git a/richkit/retrieve/x509.py b/richkit/retrieve/x509.py index 11a3469..735c361 100644 --- a/richkit/retrieve/x509.py +++ b/richkit/retrieve/x509.py @@ -58,6 +58,9 @@ def get_certificate_features(self): except: time.sleep(10) + if text is None: + raise Exception("Certificate not found") + sans = SANList() # Used to store the SANs policy_list = [] # Used to store the policies in order to get the Validation Level diff --git a/richkit/test/retrieve/crtsh_response.txt b/richkit/test/retrieve/crtsh_response.txt new file mode 100644 index 0000000..baace04 --- /dev/null +++ b/richkit/test/retrieve/crtsh_response.txt @@ -0,0 +1,472 @@ +[{"issuer_ca_id":1191,"issuer_name":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","name_value":"example.com\nwww.example.com","id":987119772,"entry_timestamp":"2018-11-29T13:44:14.118","not_before":"2018-11-28T00:00:00","not_after":"2020-12-02T12:00:00"},{"issuer_ca_id":1191,"issuer_name":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","name_value":"example.com\nwww.example.com","id":984858191,"entry_timestamp":"2018-11-28T21:20:12.606","not_before":"2018-11-28T00:00:00","not_after":"2020-12-02T12:00:00"},{"issuer_ca_id":537,"issuer_name":"emailAddress=pki_admin@sungard.com, O=SunGard Availability Services, CN=SAS Public CA v1","name_value":"subjectname@example.com","id":34083306,"entry_timestamp":"2016-09-23T09:27:06.583","not_before":"2010-09-02T16:36:49","not_after":"2011-10-01T16:31:00"},{"issuer_ca_id":537,"issuer_name":"emailAddress=pki_admin@sungard.com, O=SunGard Availability Services, CN=SAS Public CA v1","name_value":"subjectname@example.com","id":34001389,"entry_timestamp":"2016-09-23T03:15:34.309","not_before":"2010-09-02T16:37:43","not_after":"2011-10-01T16:32:00"},{"issuer_ca_id":1465,"issuer_name":"C=US, O=\"thawte, Inc.\", CN=thawte SSL CA - G2","name_value":"example.com\nm.testexample.com\nwww.example.com","id":24564717,"entry_timestamp":"2016-07-14T07:55:01.55","not_before":"2016-07-14T00:00:00","not_after":"2017-07-14T23:59:59"},{"issuer_ca_id":1465,"issuer_name":"C=US, O=\"thawte, Inc.\", CN=thawte SSL CA - G2","name_value":"*.example.com\nexample.com","id":24560643,"entry_timestamp":"2016-07-14T07:30:08.461","not_before":"2016-07-14T00:00:00","not_after":"2018-07-14T23:59:59"},{"issuer_ca_id":1465,"issuer_name":"C=US, O=\"thawte, Inc.\", CN=thawte SSL CA - G2","name_value":"*.example.com\nexample.com\nm.example.com\nwww.example.com","id":24560621,"entry_timestamp":"2016-07-14T07:25:01.93","not_before":"2016-07-14T00:00:00","not_after":"2017-07-14T23:59:59"},{"issuer_ca_id":1449,"issuer_name":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","name_value":"dev.example.com\nexample.com\nproducts.example.com\nsupport.example.com\nwww.example.com","id":24558997,"entry_timestamp":"2016-07-14T06:40:02.4","not_before":"2016-07-14T00:00:00","not_after":"2018-07-14T23:59:59"},{"issuer_ca_id":1397,"issuer_name":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","name_value":"example.com\nwww.example.com","id":10557607,"entry_timestamp":"2015-11-05T14:51:33.941","not_before":"2015-11-03T00:00:00","not_after":"2018-11-28T12:00:00"},{"issuer_ca_id":1397,"issuer_name":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","name_value":"example.com\nwww.example.com","id":5857507,"entry_timestamp":"2014-12-11T14:36:57.201","not_before":"2014-11-06T00:00:00","not_after":"2015-11-13T12:00:00"}] +------------ + + + + + crt.sh | 987119772 + + + + + + crt.sh  Certificate Search +

+ + + + + +
CriteriaID = '987119772'
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
crt.sh ID987119772
SummaryLeaf certificate
Certificate
Transparency
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TimestampEntry #Log OperatorLog URL
2018-11-29  13:44:14 UTC64639342Googlehttps://ct.googleapis.com/skydiver
2018-11-29  13:44:14 UTC2986577Googlehttps://ct.googleapis.com/logs/argon2020
2018-11-30  17:56:01 UTC3648246Googlehttps://ct.googleapis.com/submariner
2018-11-30  18:01:20 UTC446264426Googlehttps://ct.googleapis.com/pilot
2018-11-30  18:29:07 UTC515225631Googlehttps://ct.googleapis.com/rocketeer
2020-01-25  23:18:00 UTC22197028DigiCerthttps://ct1.digicert-ct.com/log
+
Revocation

+
Report a problem with
this certificate to the CA
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
MechanismProviderStatusRevocation DateLast Observed in CRLLast Checked (Error)
OCSPThe CACheck?n/a?
CRLThe CANot Revokedn/an/a2020-04-24  09:31:36 UTC
CRLSet/BlacklistGoogleNot Revokedn/an/an/a
disallowedcert.stlMicrosoftNot Revokedn/an/an/a
OneCRLMozillaNot Revokedn/an/an/a
+
SHA-256(Certificate)9250711C54DE546F4370E0C3D3A3EC45BC96092A25A4A71A1AFA396AF7047EB8
SHA-1(Certificate)7BB698386970363D2919CC5772846984FFD4A889
Certificate | ASN.1 | pv +
+

Hide metadata +

Run cablint +

Run x509lint +

Run zlint +


Download Certificate: PEM +
+
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d0:78:dd:48:f1:a2:bd:4d:0f:2b:a9:6b:60:38:fe
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: (CA ID: 1191)
            commonName                = DigiCert SHA2 Secure Server CA
            organizationName          = DigiCert Inc
            countryName               = US
        Validity
            Not Before: Nov 28 00:00:00 2018 GMT
            Not After : Dec  2 12:00:00 2020 GMT
        Subject:
            commonName                = www.example.org
            organizationalUnitName    = Technology
            organizationName          = Internet Corporation for Assigned Names and Numbers
            localityName              = Los Angeles
            stateOrProvinceName       = California
            countryName               = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f0:12:74:a0:96:20:72:08:65:19:12:5a:5d:
                    4a:d0:3a:8c:66:8f:a0:29:2b:a7:db:d5:ac:0c:cf:
                    a5:71:92:15:42:15:b0:07:92:76:31:75:d7:27:8e:
                    4d:50:6a:75:d1:7b:53:5e:27:aa:ed:eb:a4:60:3a:
                    f2:8e:45:18:6b:45:33:5c:85:11:aa:20:12:fe:60:
                    ac:9d:4c:45:8f:dd:d3:0e:3e:77:0f:09:c2:85:65:
                    34:c7:22:fb:74:13:b9:42:9f:f7:21:f6:f0:9c:44:
                    74:6d:c9:df:b3:1f:8f:60:b7:71:11:06:90:63:41:
                    9d:8f:34:7b:24:49:46:ac:f2:f0:8d:0b:48:f4:d3:
                    92:1a:f7:a2:45:ee:cc:e5:d7:83:7f:2e:82:bd:71:
                    dd:28:19:58:33:6e:11:a1:3a:a0:6a:72:60:92:01:
                    59:9f:63:17:7a:49:42:7b:9c:3f:db:d3:05:e8:cc:
                    87:7e:f8:aa:fc:9d:d1:05:50:ab:75:b1:1e:ba:20:
                    cb:89:d4:6d:6c:37:82:28:4c:c5:3f:7c:c1:10:f5:
                    a0:a5:66:6b:53:53:c9:db:ed:85:c3:6d:05:f8:64:
                    a7:c9:0e:eb:8f:e1:c4:b1:eb:2d:68:0e:15:3f:e5:
                    e2:dc:fc:21:64:2d:ee:69:2b:04:78:db:77:65:cb:
                    54:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:0F:80:61:1C:82:31:61:D5:2F:28:E7:8D:46:38:B4:2C:E1:C6:D9:E2

            X509v3 Subject Key Identifier:
                66:98:62:02:E0:09:91:A7:D9:E3:36:FB:76:C6:B0:BF:A1:6D:A7:BE
            X509v3 Subject Alternative Name: 
                DNS:www.example.org
                DNS:example.com
                DNS:example.edu
                DNS:example.net
                DNS:example.org
                DNS:www.example.com
                DNS:www.example.edu
                DNS:www.example.net
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl3.digicert.com/ssca-sha2-g6.crl

                Full Name:
                  URI:http://crl4.digicert.com/ssca-sha2-g6.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2

            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log Name  : Google Pilot
                    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
                    Timestamp : Nov 28 21:20:12.614 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:84:64:81:B7:21:1D:FA:1A:48:F5:76:
                                AE:4B:E8:46:86:57:27:17:B0:7B:E9:3B:B7:4A:57:42:
                                6C:A2:84:C4:6C:02:21:00:BB:93:B5:FE:30:C4:64:E4:
                                16:4C:7C:6E:58:53:57:EE:EC:7F:AA:45:4F:BF:0E:46:
                                8E:FE:70:FD:FD:8E:42:42
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log Name  : DigiCert 2
                    Log ID    : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
                                8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
                    Timestamp : Nov 28 21:20:12.821 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:6F:AA:77:D2:1C:A7:94:C0:63:2D:2E:B3:
                                86:DD:41:8B:40:8A:1A:2F:7F:AE:66:C1:93:5F:73:1F:
                                48:93:50:11:02:21:00:D2:F9:9D:48:86:05:1E:A0:97:
                                44:25:0B:3C:EA:CE:FA:2B:19:7C:81:FF:27:7B:9E:DB:
                                58:B6:DC:E8:F0:4A:4E
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log Name  : Comodo Mammoth
                    Log ID    : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
                                15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
                    Timestamp : Nov 28 21:20:12.956 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:E4:79:FB:43:84:8E:CA:A1:E4:4F:E9:
                                03:B0:7A:BB:92:EE:F3:44:3B:8C:EC:FE:14:0D:7D:9F:
                                B7:63:29:9F:2D:02:20:4D:77:5A:DC:49:01:4A:F4:68:
                                04:85:61:9F:D7:8D:20:0C:31:FA:C1:D3:F4:71:0A:5B:
                                D6:56:CB:3D:2C:72:8C
    Signature Algorithm: sha256WithRSAEncryption
         73:70:85:ef:40:41:a7:6a:43:d5:78:9c:7b:55:48:e6:bc:6b:
         99:86:ba:fb:0d:03:8b:78:fe:11:f0:29:a0:0c:cd:69:14:0b:
         c6:04:78:b2:ce:f0:87:d5:01:9d:c4:59:7a:71:fe:f0:6e:9e:
         c1:a0:b0:91:2d:1f:ea:3d:55:c5:33:05:0c:cd:c1:35:18:b0:
         6a:68:66:4c:bf:56:21:da:5b:d9:48:b9:8c:35:21:91:5d:dc:
         75:d7:7a:46:2c:22:27:a6:6f:d3:3a:17:eb:be:bd:13:c5:12:
         26:73:c0:5d:a3:35:89:6a:fb:27:d4:dd:aa:74:74:2e:37:e5:
         01:3b:a6:d0:30:b0:83:d0:a1:c4:75:21:85:b2:e5:fa:67:00:
         30:a2:bc:53:83:4d:bf:d6:a8:83:bb:bc:d6:ed:1c:b3:1e:f1:
         58:03:82:00:8e:9c:ef:90:f2:1a:5f:a2:a3:06:da:5d:be:9f:
         da:5d:a6:e6:2f:de:58:80:18:d3:f1:62:7b:a6:a3:9f:ae:a8:
         69:72:63:81:65:ae:82:83:a3:b5:97:8a:9b:20:51:ff:1a:3f:
         61:40:1e:48:d0:6b:38:f9:e1:fa:17:d8:77:4a:88:e6:3d:36:
         24:4f:ef:0a:b9:9f:70:f3:83:27:f8:cf:2a:05:75:10:a1:8a:
         0a:80:88:cd
+ +


+ + +
+ +   +
+ + +------------ + + + + + crt.sh | 984858191 + + + + + + crt.sh  Certificate Search +

+ + + + + +
CriteriaID = '984858191'
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
crt.sh ID984858191
SummaryPrecertificate
Certificate
Transparency
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TimestampEntry #Log OperatorLog URL
2018-11-28  21:20:12 UTC64036262Googlehttps://ct.googleapis.com/skydiver
2018-11-28  21:20:12 UTC444537546Googlehttps://ct.googleapis.com/pilot
2018-11-28  21:20:12 UTC513542700Googlehttps://ct.googleapis.com/rocketeer
2018-11-28  21:20:12 UTC19456323DigiCerthttps://ct2.digicert-ct.com/log
2018-11-28  21:20:12 UTC115077727Sectigohttps://mammoth.ct.comodo.com
2018-11-28  21:20:13 UTC120328765Sectigohttps://sabre.ct.comodo.com
+
Revocation

+
Report a problem with
this certificate to the CA
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
MechanismProviderStatusRevocation DateLast Observed in CRLLast Checked (Error)
OCSPThe CACheck?n/a?
CRLThe CANot Revokedn/an/a2020-04-24  09:31:36 UTC
CRLSet/BlacklistGoogleNot Revokedn/an/an/a
disallowedcert.stlMicrosoftNot Revokedn/an/an/a
OneCRLMozillaNot Revokedn/an/an/a
+
SHA-256(Certificate)EB101930A60B14B4B3F2D0EEC45E3AD21DA2FDAE12CA4FCEDFCFCB91173FAFFE
SHA-1(Certificate)0A553920BBE1683B17A5925453F5387206E8995F
Certificate | ASN.1 | pv +
+

Hide metadata +

Run cablint +

Run x509lint +

Run zlint +


Download Certificate: PEM +
+
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d0:78:dd:48:f1:a2:bd:4d:0f:2b:a9:6b:60:38:fe
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: (CA ID: 1191)
            commonName                = DigiCert SHA2 Secure Server CA
            organizationName          = DigiCert Inc
            countryName               = US
        Validity
            Not Before: Nov 28 00:00:00 2018 GMT
            Not After : Dec  2 12:00:00 2020 GMT
        Subject:
            commonName                = www.example.org
            organizationalUnitName    = Technology
            organizationName          = Internet Corporation for Assigned Names and Numbers
            localityName              = Los Angeles
            stateOrProvinceName       = California
            countryName               = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f0:12:74:a0:96:20:72:08:65:19:12:5a:5d:
                    4a:d0:3a:8c:66:8f:a0:29:2b:a7:db:d5:ac:0c:cf:
                    a5:71:92:15:42:15:b0:07:92:76:31:75:d7:27:8e:
                    4d:50:6a:75:d1:7b:53:5e:27:aa:ed:eb:a4:60:3a:
                    f2:8e:45:18:6b:45:33:5c:85:11:aa:20:12:fe:60:
                    ac:9d:4c:45:8f:dd:d3:0e:3e:77:0f:09:c2:85:65:
                    34:c7:22:fb:74:13:b9:42:9f:f7:21:f6:f0:9c:44:
                    74:6d:c9:df:b3:1f:8f:60:b7:71:11:06:90:63:41:
                    9d:8f:34:7b:24:49:46:ac:f2:f0:8d:0b:48:f4:d3:
                    92:1a:f7:a2:45:ee:cc:e5:d7:83:7f:2e:82:bd:71:
                    dd:28:19:58:33:6e:11:a1:3a:a0:6a:72:60:92:01:
                    59:9f:63:17:7a:49:42:7b:9c:3f:db:d3:05:e8:cc:
                    87:7e:f8:aa:fc:9d:d1:05:50:ab:75:b1:1e:ba:20:
                    cb:89:d4:6d:6c:37:82:28:4c:c5:3f:7c:c1:10:f5:
                    a0:a5:66:6b:53:53:c9:db:ed:85:c3:6d:05:f8:64:
                    a7:c9:0e:eb:8f:e1:c4:b1:eb:2d:68:0e:15:3f:e5:
                    e2:dc:fc:21:64:2d:ee:69:2b:04:78:db:77:65:cb:
                    54:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:0F:80:61:1C:82:31:61:D5:2F:28:E7:8D:46:38:B4:2C:E1:C6:D9:E2

            X509v3 Subject Key Identifier:
                66:98:62:02:E0:09:91:A7:D9:E3:36:FB:76:C6:B0:BF:A1:6D:A7:BE
            X509v3 Subject Alternative Name: 
                DNS:www.example.org
                DNS:example.com
                DNS:example.edu
                DNS:example.net
                DNS:example.org
                DNS:www.example.com
                DNS:www.example.edu
                DNS:www.example.net
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl3.digicert.com/ssca-sha2-g6.crl

                Full Name:
                  URI:http://crl4.digicert.com/ssca-sha2-g6.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2

            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate Poison: critical
                NULL
    Signature Algorithm: sha256WithRSAEncryption
         3a:01:84:3b:51:68:ee:e7:d9:be:47:45:52:ea:ee:14:d4:5e:
         da:f7:70:f6:66:6b:d9:a2:ff:b5:d5:dc:6f:eb:87:a2:02:c5:
         4f:9a:3d:cd:2a:f4:a6:2c:01:25:97:9a:a8:61:13:97:4b:b0:
         21:e5:c0:27:0d:87:a7:88:e4:5f:ba:03:20:b3:fd:00:6c:ad:
         14:31:49:97:0f:0f:5e:84:10:58:95:9e:62:05:c9:30:32:d8:
         e7:34:9a:3a:c1:6b:48:f2:2e:16:58:ec:ea:ce:18:c7:8e:62:
         94:56:6a:99:3c:ed:72:df:46:f7:ec:41:14:a8:65:ec:2f:87:
         66:bd:e3:e8:88:40:c5:a7:d1:bc:bb:d6:35:73:78:c1:4d:92:
         6a:4d:89:38:49:c6:e0:e7:e4:93:4a:3a:52:22:14:0f:4b:07:
         51:7e:39:be:9f:62:7c:b7:11:a9:5b:24:e0:76:ef:1e:2f:79:
         97:8a:2e:8b:bb:b8:3a:f4:47:85:c9:61:20:bb:35:23:bd:06:
         0d:c5:8a:03:a4:4d:3a:12:5f:c1:90:d3:b6:42:8c:70:51:78:
         56:24:86:1c:c6:74:9d:57:08:79:7d:7f:c5:43:cf:e8:fc:8b:
         3b:9f:61:8c:08:7c:b0:e2:40:ec:80:a8:33:2d:b5:8c:c5:06:
         08:42:5a:9b
+ +


+ + +
+ +   +
+ + +------------ + + + + + crt.sh | 24560621 + + + + + + crt.sh  Certificate Search +

+ + + + + +
CriteriaID = '24560621'
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
crt.sh ID24560621
SummaryPrecertificate
Certificate
Transparency
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TimestampEntry #Log OperatorLog URL
2016-07-14  07:25:01 UTC960382DigiCerthttps://ct.ws.symantec.com
2016-07-14  07:25:01 UTC22751634Googlehttps://ct.googleapis.com/pilot
2017-05-02  04:07:31 UTC17701073Let's Encrypthttps://clicky.ct.letsencrypt.org
2018-09-11  01:53:03 UTC416500458Googlehttps://ct.googleapis.com/rocketeer
+
Revocation

+
Report a problem with
this certificate to the CA
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
MechanismProviderStatusRevocation DateLast Observed in CRLLast Checked (Error)
OCSPThe CACheck?n/a?
CRLThe CARevoked2016-07-14  08:11:51 UTC2017-07-13  09:57:17 UTC2020-04-24  09:25:13 UTC
CRLSet/BlacklistGoogleNot Revokedn/an/an/a
disallowedcert.stlMicrosoftNot Revokedn/an/an/a
OneCRLMozillaNot Revokedn/an/an/a
+
SHA-256(Certificate)8B5956C57FDCF720B6907A4B1BC8CA2E46CD90EAD5C061A426CF48A6117BFBFA
SHA-1(Certificate)DE777605655E9B8501BB01A20A01EE7DEE32E9A1
Certificate | ASN.1 | pv +
+

Hide metadata +

Run cablint +

Run x509lint +

Run zlint +


Download Certificate: PEM +
+
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:54:7e:6f:9d:1c:6f:1b:60:22:7e:84:c9:d8:32:03
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: (CA ID: 1465)
            commonName                = thawte SSL CA - G2
            organizationName          = thawte, Inc.
            countryName               = US
        Validity
            Not Before: Jul 14 00:00:00 2016 GMT
            Not After : Jul 14 23:59:59 2017 GMT
        Subject:
            commonName                = www.example.com
            organizationalUnitName    = VCS test
            organizationName          = Crosscert Inc
            localityName              = Seocho-gu
            stateOrProvinceName       = Seoul
            countryName               = KR
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fd:d6:56:5e:bc:a7:33:15:3a:c3:20:e4:bf:
                    f8:48:be:a5:55:eb:64:e9:3f:14:4f:bb:0a:18:b3:
                    0d:46:98:88:91:74:20:a3:27:2a:b8:6d:ee:6b:76:
                    fd:e1:8d:50:75:41:07:27:c2:fe:b7:8b:46:65:0e:
                    7d:e6:42:b4:ab:c7:c6:aa:75:dc:cf:ea:c0:59:0a:
                    01:9a:ff:4c:a2:23:fe:22:83:6b:f5:9c:69:04:8c:
                    c0:7d:d4:1e:ee:d3:34:47:14:1b:af:a1:6c:a2:eb:
                    e7:9e:85:60:00:3d:7c:17:34:dd:b0:3a:37:32:59:
                    0d:62:2a:7e:5e:c0:23:e2:22:bc:ca:83:5f:de:7d:
                    cb:2f:f3:fc:46:48:ef:93:c6:57:9b:1e:d0:a2:6d:
                    2f:bc:16:d5:65:a7:d3:11:3d:bd:ef:31:b1:6a:84:
                    26:56:7c:8e:c0:02:ff:9d:4c:a7:8d:03:37:b2:0c:
                    ac:ef:33:13:03:29:e0:36:d7:1e:dc:65:62:d9:b0:
                    5d:55:dd:44:ec:56:88:1f:12:85:88:49:43:9b:48:
                    2f:24:df:bd:a9:cb:c6:4a:dc:48:ef:1b:b8:fe:77:
                    1c:8f:26:1c:89:47:d8:f8:78:32:23:ec:a3:c3:65:
                    1a:e9:15:3c:37:1f:81:d0:0d:9f:3e:ec:25:90:2e:
                    d0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:*.example.com
                DNS:m.example.com
                DNS:www.example.com
                DNS:example.com
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.2
                  CPS: https://www.thawte.com/cps
                  User Notice:
                    Explicit Text: https://www.thawte.com/repository

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Authority Key Identifier:
                keyid:C2:4F:48:57:FC:D1:4F:9A:C0:5D:38:7D:0E:05:DB:D9:2E:B5:52:60

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://tj.symcb.com/tj.crl

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Authority Information Access: 
                OCSP - URI:http://tj.symcd.com
                CA Issuers - URI:http://tj.symcb.com/tj.crt

            CT Precertificate Poison: critical
                NULL
    Signature Algorithm: sha256WithRSAEncryption
         9d:63:8f:61:30:ef:b8:5f:a3:4f:7c:c3:57:2c:62:cb:60:d3:
         f3:2e:03:de:a5:38:5e:59:eb:e9:2a:3f:eb:d2:67:d1:35:29:
         cd:95:5b:01:12:d1:cc:8e:04:52:21:d4:c5:e4:7c:cc:9f:97:
         79:16:a2:d0:0a:fe:d4:fc:b8:e9:7d:3c:49:52:99:5a:fe:fd:
         d4:8d:e9:e4:41:83:9a:37:9d:8c:84:07:24:b4:35:0d:94:5a:
         51:32:c9:2e:dc:82:84:72:b6:43:95:71:ac:ad:bf:5e:ff:29:
         8d:24:03:5b:3c:56:1f:e0:35:05:02:90:e2:d2:c2:73:27:29:
         c8:d0:f2:ce:30:bc:bd:d8:0e:74:da:45:b7:fe:22:ff:2a:88:
         bf:90:30:0f:5f:d9:7f:5f:a2:83:38:36:2c:90:99:19:fb:05:
         5a:6d:8f:43:2f:cc:73:e8:44:e8:76:ad:8c:9d:dd:86:e7:9d:
         23:1e:2a:d9:37:0d:9c:ef:31:ce:3a:0d:aa:fe:db:36:fd:50:
         f0:f4:7d:b7:b3:56:25:25:b3:4c:ff:97:4e:db:1a:4c:f4:30:
         aa:fa:2f:c0:61:97:95:3a:58:2c:dd:5c:f3:58:c7:d3:e2:69:
         96:4a:01:54:a2:0f:e8:2f:13:84:9b:46:01:46:c3:ba:e9:02:
         bb:fc:8b:7d
+ +


+ + +
+ +   +
+ + \ No newline at end of file diff --git a/richkit/test/retrieve/test_ctlogs.py b/richkit/test/retrieve/test_ctlogs.py index f6c7079..19807ff 100644 --- a/richkit/test/retrieve/test_ctlogs.py +++ b/richkit/test/retrieve/test_ctlogs.py @@ -1,12 +1,69 @@ import unittest +from http.server import BaseHTTPRequestHandler, HTTPServer +import re +import json +from urllib.parse import parse_qs +import socket +import threading +import requests import richkit.retrieve.ctlogs as ct from richkit.retrieve.cert_sh import DomainCertificates from richkit.retrieve.x509 import X509 +class MockServer(BaseHTTPRequestHandler): + + def do_GET(self): + if re.search("/api", self.path): + arguments_url = self.path.split('?', 1)[1] + arguments = parse_qs(arguments_url) + key = arguments.get('q')[0] + + with open("crtsh_response.txt", "r") as crt: + crt_response = crt.read() + crt_response = crt_response.replace("\n", "") + + crt_rr = crt_response.split("------------") + response_content = "

Certificate not found " + if key == "example.com": + response_content = crt_rr[0] + if key == "987119772": + response_content = crt_rr[1] + if key == "984858191": + response_content = crt_rr[2] + if key == "24560621": + response_content = crt_rr[3] + + self.send_response(requests.codes.ok) + + self.send_header('Content-Type', 'text/html; charset=UTF-8') + self.end_headers() + + # Put the dummy VT response here (maybe change the header ro json) --> application/json; charset=utf-8 + self.wfile.write(response_content.encode('utf-8')) + return + + +def get_free_port(): + s = socket.socket(socket.AF_INET, type=socket.SOCK_STREAM) + s.bind(('localhost', 0)) + address, port = s.getsockname() + s.close() + return port + + +def start_mock_server(port): + mock_server = HTTPServer(('localhost', port), MockServer) + mock_server_thread = threading.Thread(target=mock_server.serve_forever) + mock_server_thread.setDaemon(True) + mock_server_thread.start() + + class TestCTLogs(unittest.TestCase): def setUp(self): + self.port = get_free_port() + start_mock_server(self.port) self.domains = { 'example.com': { 'certs': [ @@ -35,31 +92,28 @@ def setUp(self): } } + def test_mock_server(self): + r = requests.get("http://localhost:{}/api/?q={}".format(self.port, "test.com")) + self.assertEqual(r.text, "ok") + def test_init_domain(self): obj = DomainCertificates("example.com") - if not obj.certificates: - self.skipTest("Server not available") self.assertIsNotNone(obj) def test_init_certificate(self): obj = X509("12345678") - if not obj.certificates_features: - self.skipTest("Server not available") self.assertIsNotNone(obj) - def test_domain_error(self): - with self.assertRaises(Exception): - DomainCertificates("this_domain_does_not_exist.com") - def test_certificate_error(self): + X509.crtSH_url = "http://localhost:" + str(self.port) + "/api/?q={}" with self.assertRaises(Exception): X509("this_id_does_not_exist.com") def test_get_all_certificate(self): for k, v in self.domains.items(): + DomainCertificates.crtSH_url = "http://localhost:{}/api/?q={}".format(self.port, k) certs = ct.get_logs(k) - print(certs) if certs is None: self.skipTest("Server not available") @@ -73,6 +127,7 @@ def test_get_certificate_features(self): for k, v in self.domains.items(): for cert in v["certs"]: + X509.crtSH_url = "http://localhost:{}/api/?q={}".format(self.port, cert["ID"]) cert_features = ct.get_certificates_features(cert["ID"]) if not cert_features: continue From f7bdd749cf4a83c69e296b93ae16b6d46b69cae0 Mon Sep 17 00:00:00 2001 From: gianmarcomennecozzi Date: Fri, 24 Apr 2020 16:27:38 +0200 Subject: [PATCH 2/3] fixed file path of crt results --- richkit/test/retrieve/test_ctlogs.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/richkit/test/retrieve/test_ctlogs.py b/richkit/test/retrieve/test_ctlogs.py index 19807ff..82a38b2 100644 --- a/richkit/test/retrieve/test_ctlogs.py +++ b/richkit/test/retrieve/test_ctlogs.py @@ -6,6 +6,7 @@ import socket import threading import requests +import os import richkit.retrieve.ctlogs as ct from richkit.retrieve.cert_sh import DomainCertificates from richkit.retrieve.x509 import X509 @@ -19,7 +20,8 @@ def do_GET(self): arguments = parse_qs(arguments_url) key = arguments.get('q')[0] - with open("crtsh_response.txt", "r") as crt: + path = os.getcwd() + with open(path+"/crtsh_response.txt", "r") as crt: crt_response = crt.read() crt_response = crt_response.replace("\n", "") @@ -94,7 +96,7 @@ def setUp(self): def test_mock_server(self): r = requests.get("http://localhost:{}/api/?q={}".format(self.port, "test.com")) - self.assertEqual(r.text, "ok") + self.assertEqual(r.text, "

Certificate not found ") def test_init_domain(self): obj = DomainCertificates("example.com") From bd1f561774a97017f83738f57ec69520ece9f6fd Mon Sep 17 00:00:00 2001 From: gianmarcomennecozzi Date: Mon, 27 Apr 2020 13:34:12 +0200 Subject: [PATCH 3/3] fixed path --- richkit/test/retrieve/test_ctlogs.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/richkit/test/retrieve/test_ctlogs.py b/richkit/test/retrieve/test_ctlogs.py index 82a38b2..ae863e8 100644 --- a/richkit/test/retrieve/test_ctlogs.py +++ b/richkit/test/retrieve/test_ctlogs.py @@ -1,16 +1,14 @@ import unittest from http.server import BaseHTTPRequestHandler, HTTPServer import re -import json from urllib.parse import parse_qs import socket import threading import requests -import os import richkit.retrieve.ctlogs as ct from richkit.retrieve.cert_sh import DomainCertificates from richkit.retrieve.x509 import X509 - +import pathlib class MockServer(BaseHTTPRequestHandler): @@ -20,8 +18,8 @@ def do_GET(self): arguments = parse_qs(arguments_url) key = arguments.get('q')[0] - path = os.getcwd() - with open(path+"/crtsh_response.txt", "r") as crt: + path = pathlib.Path(__file__).parent.absolute() + with open(str(path)+"/crtsh_response.txt", "r") as crt: crt_response = crt.read() crt_response = crt_response.replace("\n", "") @@ -116,8 +114,6 @@ def test_get_all_certificate(self): for k, v in self.domains.items(): DomainCertificates.crtSH_url = "http://localhost:{}/api/?q={}".format(self.port, k) certs = ct.get_logs(k) - if certs is None: - self.skipTest("Server not available") for cert in certs: for vx in v["certs"]: