Commits · bf260e575a563a63f794dfb07fcf21000194226f · KIT / KIT-CA / websearch

Mar 20, 2025
- fix: better detection of issuing CA · bf260e57
  Heiko Reese authored 1 month ago
  
  bf260e57
- fix: Jetbrains linter complaint · 43dae03c
  Heiko Reese authored 1 month ago
  
  43dae03c
Mar 19, 2025
- fix: fully deprecated io/ioutil · 636b5fe0
  Heiko Reese authored 1 month ago
  
  636b5fe0
- fix: fsnotify API changes · f2c5ee74
  Heiko Reese authored 1 month ago
  
  f2c5ee74
- fix: removed ancient names · 131415f2
  Heiko Reese authored 1 month ago
  
  131415f2
- fix: small grievances raised by various linters · 73511a7e
  Heiko Reese authored 1 month ago
  
  73511a7e
- feat: return user certs from HARICA as type Benutzer · cd9d7be2
  Heiko Reese authored 1 month ago
  
  cd9d7be2
- go get -u · ef0be765
  Heiko Reese authored 1 month ago
  
  ef0be765
Mar 07, 2025
- fix: colon-seperated hex serial was not zero-padded · f21c9c55
  Peter Oettig authored 1 month ago
  
  f21c9c55
Feb 07, 2025

feat: search fingerprints and ignore 0-prefixes in search terms · 747a8ec8

Heiko Reese authored 2 months ago

# Conflicts:
#	webroot/index.html

diff --git a/Makefile b/Makefile
index 8c91b7e..1ebc279 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 .DEFAULT_GOAL := default

 getdeps:
-	go get git.scc.kit.edu/KIT-CA/websearch/ca-websearch...
+	go get gitlab.kit.edu/kit/kit-ca/lib/certificatestats/ca-websearch...

 default: *.go ca-websearch/*.go
-	go install -v  -ldflags="-s -w" git.scc.kit.edu/KIT-CA/websearch/ca-websearch
+	go install -v  -ldflags="-s -w" gitlab.kit.edu/kit/kit-ca/lib/certificatestats/ca-websearch
diff --git a/debian/control b/debian/control
index d3b76bb..1eb30e4 100644
--- a/debian/control
+++ b/debian/control
@@ -22,9 +22,9 @@ Build-Depends: debhelper-compat (= 13),
                golang-github-hreese-go-humanreltime-dev,
                golang-git.scc.kit.edu-heiko.reese-certificatestats-dev
 Standards-Version: 4.5.0
-Homepage: https://git.scc.kit.edu/KIT-CA/websearch
+Homepage: https://gitlab.kit.edu/kit/kit-ca/lib/certificatestats
 Rules-Requires-Root: no
-XS-Go-Import-Path: git.scc.kit.edu/KIT-CA/websearch
+XS-Go-Import-Path: gitlab.kit.edu/kit/kit-ca/lib/certificatestats

 Package: kit-ca-websearch
 Architecture: any
diff --git a/debian/kit-ca-websearch-static.install b/debian/kit-ca-websearch-static.install
index b5ecf8b..3ffa454 100644
--- a/debian/kit-ca-websearch-static.install
+++ b/debian/kit-ca-websearch-static.install
@@ -1 +1 @@
-usr/share/gocode/src/git.scc.kit.edu/KIT-CA/websearch/webroot/ usr/share/KIT-CA/search
+usr/share/gocode/src/gitlab.kit.edu/kit/kit-ca/lib/certificatestats/webroot/ usr/share/KIT-CA/search
diff --git a/debian/rules b/debian/rules
index 6d08c91..051ce31 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,7 +3,7 @@
 #DH_VERBOSE = 1
 #export DH_OPTIONS=-v

-export DH_GOLANG_BUILDPKG := git.scc.kit.edu/KIT-CA/websearch/ca-websearch
+export DH_GOLANG_BUILDPKG := gitlab.kit.edu/kit/kit-ca/lib/certificatestats/ca-websearch

 export DH_GOLANG_INSTALL_EXTRA := webroot

diff --git a/go.mod b/go.mod
index 86bb3f0..c7085f8 100644
--- a/go.mod
+++ b/go.mod
@@ -15,15 +15,11 @@ require (
 	golang.org/x/text v0.13.0
 )

-require (
-	git.scc.kit.edu/KIT-CA/websearch v0.0.0-20231011192005-88398b4c
-	git.scc.kit.edu/heiko.reese/CertificateStats v0.0.0-20240104024726-431b94dc953a
-)
-
 require (
 	github.com/gorilla/securecookie v1.1.1 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
+	gitlab.kit.edu/kit/kit-ca/lib/certificatestats v0.0.0-20250207165819-6c3517b36c80 // indirect
 	golang.org/x/sys v0.16.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 25c89c7..e754831 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,3 @@
-git.scc.kit.edu/KIT-CA/websearch v0.0.0-20231011192005-88398b4c h1:hGl/e1gWmY+vKoNAeLK+5VMwcj7HHUaDFj5OEiWvaUg=
-git.scc.kit.edu/KIT-CA/websearch v0.0.0-20231011192005-88398b4c/go.mod h1:/9a19NicVTGlMnNoGUSB3LbcFW2zbEuqItQUzUVd4E0=
-git.scc.kit.edu/heiko.reese/CertificateStats v0.0.0-20240104024726-431b94dc953a h1:Gr52dAxQIEBKw2vKRH8YekzCcq7gx29r9haHR+IdQZI=
-git.scc.kit.edu/heiko.reese/CertificateStats v0.0.0-20240104024726-431b94dc953a/go.mod h1:IJS5YS382p82clOBzOsCH07gug4PWSEGU8z0i3/NcAI=
 github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
 github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -35,6 +31,10 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+gitlab.kit.edu/kit/kit-ca/lib/certificatestats v0.0.0-20231011192005-88398b4c h1:hGl/e1gWmY+vKoNAeLK+5VMwcj7HHUaDFj5OEiWvaUg=
+gitlab.kit.edu/kit/kit-ca/lib/certificatestats v0.0.0-20231011192005-88398b4c/go.mod h1:/9a19NicVTGlMnNoGUSB3LbcFW2zbEuqItQUzUVd4E0=
+gitlab.kit.edu/kit/kit-ca/lib/certificatestats v0.0.0-20250207165819-6c3517b36c80 h1:DB8oM+0GoEQ7S6a8syyk0y0wpgX2svXG41IexWdWsHw=
+gitlab.kit.edu/kit/kit-ca/lib/certificatestats v0.0.0-20250207165819-6c3517b36c80/go.mod h1:M0d24E/8e9FI1qEpPvWQhGr4KiqXS3V6dZ0iYRm+5II=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/searchablecert.go b/searchablecert.go
index eb2adfd..49c8c08 100644
--- a/searchablecert.go
+++ b/searchablecert.go
@@ -2,12 +2,16 @@ package websearch

 import (
 	"bytes"
+	"crypto/md5"
 	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
-	"git.scc.kit.edu/heiko.reese/CertificateStats"
+	"fmt"
 	"github.com/hreese/go-humanreltime"
+	"gitlab.kit.edu/kit/kit-ca/lib/certificatestats"
 	"golang.org/x/text/runes"
 	"golang.org/x/text/transform"
 	"golang.org/x/text/unicode/norm"
@@ -35,6 +39,7 @@ var (
 		"ul":  true,
 	}
 	publicQuerySplitter = regexp.MustCompile("[[:space:],]+")
+	ZeroPrefix          = regexp.MustCompile("^(?:0x)?0*([0-9a-fA-F]+)$")
 )

 const (
@@ -187,6 +192,9 @@ type SearchableCert struct {
 	searchablestring   string
 	pubsearchToken     []string
 	rawCertificate     *x509.Certificate
+	FingerprintSHA1    string
+	FingerprintSHA256  string
+	FingerprintMD5     string
 }

 func (c *SearchableCert) GetPEM() []byte {
@@ -213,12 +221,12 @@ func CleanupQueryString(query string) string {
 	query = strings.ToLower(query)
 	// remove leading and trailing white space
 	query = strings.TrimSpace(query)
-	// DNF-Rules
-	query = strings.Replace(query, "ä", "ae", -1)
-	query = strings.Replace(query, "ö", "oe", -1)
-	query = strings.Replace(query, "ü", "ue", -1)
-	query = strings.Replace(query, "ß", "ss", -1)
-	// remove diacrits and thelike
+	// DFN-Rules (removed for Sectigo and HARICA/TBD)
+	//query = strings.Replace(query, "ä", "ae", -1)
+	//query = strings.Replace(query, "ö", "oe", -1)
+	//query = strings.Replace(query, "ü", "ue", -1)
+	//query = strings.Replace(query, "ß", "ss", -1)
+	// remove diacritics and the like
 	unicodeSimplification := transform.Chain(norm.NFD, runes.Remove(runes.In(unicode.Mn)), norm.NFC)
 	result, _, _ := transform.String(unicodeSimplification, query)
 	return result
@@ -232,6 +240,17 @@ func MakeInternalSearchFilter(query string) SCFilter {
 	cleaned := CleanupQueryString(query)
 	token := tokenizeQuery(cleaned)

+	// remove colons and leading zeros from strings that look like hex numbers
+	for idx, t := range token {
+		if strings.Count(t, ":") > 1 {
+			t = strings.Replace(t, ":", "", -1)
+			m := ZeroPrefix.FindStringSubmatch(t)
+			if len(m) > 1 && len(m[1]) > 0 {
+				token[idx] = m[1]
+			}
+		}
+	}
+
 	// return zero results on empty query
 	if len(token) == 0 {
 		return NeverMatch
@@ -440,6 +459,11 @@ func CertToSearchable(c *x509.Certificate) SearchableCert {
 		cert.CAGeneration = &unknown
 	}

+	// add serials
+	cert.FingerprintSHA1 = fmt.Sprintf("0x%x", sha1.Sum(c.Raw))
+	cert.FingerprintSHA256 = fmt.Sprintf("0x%x", sha256.Sum256(c.Raw))
+	cert.FingerprintMD5 = fmt.Sprintf("0x%x", md5.Sum(c.Raw))
+
 	// build string used for simple search
 	var buffer bytes.Buffer
 	buffer.WriteString(cert.Serial)
@@ -452,6 +476,13 @@ func CertToSearchable(c *x509.Certificate) SearchableCert {
 	buffer.WriteString(strings.Join(cert.DNSNames, " "))
 	buffer.WriteString(strings.Join(cert.EmailAddresses, " "))
 	buffer.WriteString(strings.Join(cert.IPAddresses, " "))
+	buffer.WriteString(" ")
+	buffer.WriteString(cert.FingerprintSHA256)
+	buffer.WriteString(" ")
+	buffer.WriteString(cert.FingerprintSHA1)
+	buffer.WriteString(" ")
+	buffer.WriteString(cert.FingerprintMD5)
+
 	cert.searchablestring = strings.ToLower(buffer.String())

 	// build array for public search
@@ -530,6 +561,9 @@ type JSONResult struct {
 	Expired            bool     `json:"expired"`
 	Validity           string   `json:"valid"`
 	Public             string   `json:"public"`
+	FingerprintSHA1    string   `json:"fingerprintsha1"`
+	FingerprintSHA256  string   `json:"fingerprintsha256"`
+	FingerprintMD5     string   `json:"fingerprintmd5"`
 }

 func (c *SearchableCert) JSONResult(watchers map[int]*AttributeState) *JSONResult {
@@ -557,6 +591,9 @@ func (c *SearchableCert) JSONResult(watchers map[int]*AttributeState) *JSONResul
 		Expired:            c.NotAfter.Before(time.Now()),
 		Validity:           ValidityToName(watchers[WatchValid].Get(c.Serial)),
 		Public:             VisibilityToName(watchers[WatchVisibile].Get(c.Serial)),
+		FingerprintMD5:     c.FingerprintMD5,
+		FingerprintSHA1:    c.FingerprintSHA1,
+		FingerprintSHA256:  c.FingerprintSHA256,
 	}

 	return r
diff --git a/testing/Format/main.go b/testing/Format/main.go
index 650fed0..d8e64be 100644
--- a/testing/Format/main.go
+++ b/testing/Format/main.go
@@ -2,8 +2,8 @@ package main

 import (
 	"flag"
-	. "git.scc.kit.edu/KIT-CA/websearch"
 	"github.com/k0kubun/pp"
+	. "gitlab.kit.edu/kit/kit-ca/lib/certificatestats"
 )

 func main() {
diff --git a/testing/boltdb/main.go b/testing/boltdb/main.go
index 60fbf67..3030de3 100644
--- a/testing/boltdb/main.go
+++ b/testing/boltdb/main.go
@@ -5,10 +5,10 @@ import (
 	"encoding/gob"
 	"flag"
 	"fmt"
-	. "git.scc.kit.edu/heiko.reese/CertificateStats"
 	_ "github.com/k0kubun/pp"
+	. "gitlab.kit.edu/kit/kit-ca/lib/certificatestats"
 	"log"
-	//. "git.scc.kit.edu/KIT-CA/websearch"
+	//. "gitlab.kit.edu/kit/kit-ca/lib/certificatestats"
 	"github.com/boltdb/bolt"
 )

diff --git a/testing/getoids/getoids.go b/testing/getoids/getoids.go
index e36d729..560dbf3 100644
--- a/testing/getoids/getoids.go
+++ b/testing/getoids/getoids.go
@@ -4,8 +4,8 @@ import (
 	_ "crypto/x509"
 	"crypto/x509/pkix"
 	"flag"
-	. "git.scc.kit.edu/heiko.reese/CertificateStats"
 	"github.com/k0kubun/pp"
+	. "gitlab.kit.edu/kit/kit-ca/lib/certificatestats"
 )

 func main() {
diff --git a/testing/gomemdb/main.go b/testing/gomemdb/main.go
index 5075c26..e228718 100644
--- a/testing/gomemdb/main.go
+++ b/testing/gomemdb/main.go
@@ -5,12 +5,11 @@ import (
 	_ "encoding/gob"
 	"flag"
 	_ "fmt"
-	. "git.scc.kit.edu/heiko.reese/CertificateStats"
+	"github.com/hashicorp/go-memdb"
 	_ "github.com/k0kubun/pp"
+	. "gitlab.kit.edu/kit/kit-ca/lib/certificatestats"
+	"gitlab.kit.edu/kit/kit-ca/websearch"
 	_ "log"
-	//. "git.scc.kit.edu/KIT-CA/websearch"
-	"git.scc.kit.edu/KIT-CA/websearch"
-	"github.com/hashicorp/go-memdb"
 )

 var (
diff --git a/webroot/index.html b/webroot/index.html
index d68d7b7..9436d52 100644
--- a/webroot/index.html
+++ b/webroot/index.html
@@ -203,6 +203,9 @@
                             <div>
                                 <small><em>Serial&nbsp;(hex)</em>:&nbsp;{{entry.hexserial.replace("0x", "").toLocaleUpperCase()}}</small>
                             </div>
+                            <div>
+                                <small><em>Fingerprint</em>:&nbsp;{{entry.fingerprintsha1.replace("0x", "").match(/.{1,2}/g).join(":").toLocaleUpperCase()}}</small>
+                            </div>
                             <div v-if="entry.cageneration"><small><em>CA</em>:&nbsp;{{entry.cageneration}}</small></div>
                         </td>
                         <td>

747a8ec8

Mar 18, 2024
- feat: Able to log out of the website, bigger hint for login · 1c1ba41f
  Peter Oettig authored 1 year ago
  
  1c1ba41f
- fix: Empty name if certificate has no CN · ca8811c3
  Peter Oettig authored 1 year ago
  
  ca8811c3
Feb 05, 2024
- Changed “Generation” to “CA” because we have more than one CA now · 6bf825e5
  Heiko Reese authored 1 year ago
  
  6bf825e5
Feb 02, 2024
- Added serial display as hex. · f9bcd069
  Heiko Reese authored 1 year ago
  
  f9bcd069
Oct 11, 2023
- Fix that sectigo functional certs were detected as user instead of group · 88398b4c
  Peter Oettig authored 1 year ago
  
  88398b4c
Sep 28, 2023
- Removed retired function transform.RemoveFunc · c9a0a0a5
  Heiko Reese authored 1 year ago
  
  c9a0a0a5
- Reeable search for hex serials · f0778b3b
  Peter Oettig authored 1 year ago
  
  f0778b3b
- Added sectigo as possible CA · 688b320e
  Peter Oettig authored 1 year ago
  
  688b320e
Sep 22, 2023
- Fix that nothing is shown for logged in user · 86597434
  Peter Oettig authored 1 year ago
  
  86597434
- Fix Vue 2.3.6 problems, switch to hub.cert · 417ebd58
  Peter Oettig authored 1 year ago
  
  417ebd58
- go get -v -u ./... · 3bd0af01
  Heiko Reese authored 1 year ago
  
  3bd0af01
- Added easy hack to distinguish TCS user certs · 7dd5312f
  Heiko Reese authored 1 year ago
  
  7dd5312f
Dec 06, 2022
- … · 1ff80765
  Heiko Reese authored 2 years ago
  
  1ff80765
Jan 26, 2022
- Removed old vue.js libs · 47fc30ac
  Heiko Reese authored 3 years ago
  
  47fc30ac
- Removed reference to non-existing favicon · 9cbc376c
  Heiko Reese authored 3 years ago
  
  9cbc376c
- Added generic favicon. · 32497be5
  Heiko Reese authored 3 years ago
  
  32497be5
- Switched of vue.js dev mode. Google fonts are now hosted locally. · fb66ecde
  Heiko Reese authored 3 years ago
  
  fb66ecde
Jan 03, 2022
- force gitlab ci to be same state as origin/master branch · 5c43d076
  Konstantin Zangerle authored 3 years ago
  
  5c43d076
- Build new deb kit-ca-websearch-static and golang-git.scc.kit.edu-kit-ca-websearch · 0b2c59a0
  Konstantin Zangerle authored 3 years ago
  
  0b2c59a0
- Fix systemd service file · 19a6221d
  Konstantin Zangerle authored 3 years ago
  
  19a6221d
Dec 30, 2021
- fix executable path in systemd service · 1ef7c62e
  Konstantin Zangerle authored 3 years ago
  
  1ef7c62e
- add home directory, enable dh syuser · 05d1f412
  Konstantin Zangerle authored 3 years ago
  
  05d1f412
- changelog must include source pkg name · 9e7a75cb
  Konstantin Zangerle authored 3 years ago
  
  9e7a75cb
- fix debian/control · b68689eb
  Konstantin Zangerle authored 3 years ago
  
  b68689eb
- Create user and systemd service · 888287e2
  Konstantin Zangerle authored 3 years ago
  
  888287e2
Dec 22, 2021
- gitlab-ci | install build dependencies · 52e5a694
  Konstantin Zangerle authored 3 years ago
  
  52e5a694
- checkout master before pull · 027bb92a
  Konstantin Zangerle authored 3 years ago
  
  027bb92a
- remove checkouts of debian/sid and upstream · 03670faf
  Konstantin Zangerle authored 3 years ago
  
  03670faf
- include only binary in package · cab316be
  Konstantin Zangerle authored 3 years ago
  
  cab316be
- fix testing · 0c9bc6e5
  Konstantin Zangerle authored 3 years ago
  
  0c9bc6e5