Initial commit of RSA CLI tool, still very much WIP
This commit is contained in:
parent
6b6866077c
commit
5ac63352a7
12 changed files with 827 additions and 0 deletions
111
cmd/inspect/display_coloured.go
Normal file
111
cmd/inspect/display_coloured.go
Normal file
|
|
@ -0,0 +1,111 @@
|
|||
package inspect
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"unicode/utf8"
|
||||
|
||||
"github.com/logrusorgru/aurora/v4"
|
||||
"src.lwithers.me.uk/go/rsa/pkg/inspect"
|
||||
)
|
||||
|
||||
var (
|
||||
displayedFingerprints = map[string]int{}
|
||||
)
|
||||
|
||||
func displayColoured(src string, info []inspect.Info) {
|
||||
// compute max key length, for nicely aligning columns
|
||||
var maxKey int
|
||||
for _, item := range info {
|
||||
for _, section := range item.Info() {
|
||||
for _, field := range section.Fields {
|
||||
l := utf8.RuneCountInString(field.Key)
|
||||
if l > maxKey {
|
||||
maxKey = l
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// output options
|
||||
var auroraHyper bool
|
||||
switch os.Getenv("TERM") {
|
||||
case "xterm-kitty":
|
||||
auroraHyper = true
|
||||
}
|
||||
a := aurora.New(aurora.WithColors(true), aurora.WithHyperlinks(auroraHyper))
|
||||
|
||||
// display loop
|
||||
for _, item := range info {
|
||||
fmt.Printf("════════ %s:%s ════════\n",
|
||||
a.BrightBlue(src), a.Blue(item.Location()))
|
||||
for _, section := range item.Info() {
|
||||
fmt.Println(aurora.Underline(section.Title))
|
||||
for _, field := range section.Fields {
|
||||
fmt.Printf(" %*s: ", maxKey, a.Yellow(field.Key))
|
||||
switch v := field.Value.(type) {
|
||||
case int:
|
||||
fmt.Print(a.Blue(v))
|
||||
|
||||
case bool:
|
||||
fmt.Print(a.Blue(v))
|
||||
|
||||
case time.Time:
|
||||
var note string
|
||||
switch {
|
||||
case strings.Contains(field.Key, "from"):
|
||||
if v.After(time.Now()) {
|
||||
note = aurora.Red("not valid yet").String()
|
||||
} else {
|
||||
note = aurora.Green("ok").String()
|
||||
}
|
||||
case strings.Contains(field.Key, "until"):
|
||||
if v.After(time.Now()) {
|
||||
note = aurora.Green("ok").String()
|
||||
} else {
|
||||
note = aurora.Red("expired").String()
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Printf("%s %s", v.Format(time.RFC3339), note)
|
||||
|
||||
case []string:
|
||||
for i, s := range v {
|
||||
fmt.Print(s)
|
||||
if i < len(v)-1 {
|
||||
fmt.Printf("\n%*s", maxKey+4, "")
|
||||
}
|
||||
}
|
||||
|
||||
case inspect.Fingerprint:
|
||||
f := v.String()
|
||||
fidx := displayedFingerprints[f]
|
||||
var firstSeen bool
|
||||
if fidx == 0 {
|
||||
firstSeen = true
|
||||
fidx = 1 + len(displayedFingerprints)
|
||||
displayedFingerprints[f] = fidx
|
||||
}
|
||||
|
||||
var note string
|
||||
if firstSeen {
|
||||
note = fmt.Sprintf("#%d %s", a.Blue(fidx),
|
||||
a.Magenta("first occurrence"))
|
||||
} else {
|
||||
note = fmt.Sprintf("#%d %s", a.Blue(fidx),
|
||||
a.Green("already seen"))
|
||||
}
|
||||
|
||||
fmt.Printf("%v [%s]", f, note)
|
||||
|
||||
default:
|
||||
fmt.Print(v)
|
||||
}
|
||||
fmt.Println("")
|
||||
}
|
||||
}
|
||||
fmt.Println("")
|
||||
}
|
||||
}
|
||||
162
cmd/inspect/inspect.go
Normal file
162
cmd/inspect/inspect.go
Normal file
|
|
@ -0,0 +1,162 @@
|
|||
package inspect
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"net"
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/mattn/go-isatty"
|
||||
"github.com/spf13/cobra"
|
||||
"src.lwithers.me.uk/go/rsa/pkg/inspect"
|
||||
)
|
||||
|
||||
var (
|
||||
outputFormat string = "text"
|
||||
display func(src string, info []inspect.Info)
|
||||
)
|
||||
|
||||
// Register the "keygen" subcommand.
|
||||
func Register(root *cobra.Command) {
|
||||
cmd := &cobra.Command{
|
||||
Use: "inspect",
|
||||
Short: "Inspect files and TLS servers",
|
||||
RunE: Inspect,
|
||||
Args: cobra.MinimumNArgs(1),
|
||||
}
|
||||
|
||||
if isatty.IsTerminal(1) {
|
||||
outputFormat = "coloured"
|
||||
}
|
||||
|
||||
cmd.Flags().StringVarP(&outputFormat, "output", "o", outputFormat,
|
||||
"Output format (coloured, text, json, yaml)")
|
||||
|
||||
root.AddCommand(cmd)
|
||||
}
|
||||
|
||||
// Keygen will generate a new RSA private key and save it to a file.
|
||||
func Inspect(cmd *cobra.Command, args []string) error {
|
||||
switch outputFormat {
|
||||
case "coloured":
|
||||
display = displayColoured
|
||||
case "text":
|
||||
display = displayText
|
||||
case "json":
|
||||
display = displayJSON
|
||||
case "yaml":
|
||||
display = displayYAML
|
||||
default:
|
||||
return errors.New("invalid --output format (try: coloured, text, json or yaml)")
|
||||
}
|
||||
|
||||
for _, arg := range args {
|
||||
switch {
|
||||
case arg == "-":
|
||||
inspectStdin()
|
||||
|
||||
case strings.HasPrefix(arg, "https://"):
|
||||
inspectHTTPS(arg)
|
||||
|
||||
case strings.IndexByte(arg, ':') != 0:
|
||||
_, _, err := net.SplitHostPort(arg)
|
||||
if err == nil {
|
||||
inspectHost(arg)
|
||||
break
|
||||
}
|
||||
fallthrough
|
||||
|
||||
default:
|
||||
inspectFile(arg)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func inspectStdin() {
|
||||
// TODO
|
||||
}
|
||||
|
||||
func inspectHTTPS(addr string) {
|
||||
u, err := url.Parse(addr)
|
||||
if err != nil {
|
||||
// TODO
|
||||
}
|
||||
|
||||
inspectHost(u.Host)
|
||||
// TODO: need to add default port
|
||||
}
|
||||
|
||||
func inspectHost(addr string) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
|
||||
// TODO: context dial
|
||||
|
||||
conn, err := tls.Dial("tcp", addr, &tls.Config{
|
||||
// we want to skip verification so we can inspect invalid certs too
|
||||
InsecureSkipVerify: true,
|
||||
|
||||
// we only enable RSA ciphersuites, but we do allow old ones, again
|
||||
// so that we can report about bad / invalid servers
|
||||
CipherSuites: []uint16{
|
||||
tls.TLS_RSA_WITH_RC4_128_SHA,
|
||||
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_AES_128_GCM_SHA256,
|
||||
tls.TLS_AES_256_GCM_SHA384,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
},
|
||||
|
||||
// we enable TLSv1.0 so that we can complain about it
|
||||
MinVersion: tls.VersionTLS10,
|
||||
})
|
||||
if err != nil {
|
||||
// TODO
|
||||
}
|
||||
|
||||
if err := conn.HandshakeContext(ctx); err != nil {
|
||||
// TODO
|
||||
}
|
||||
|
||||
display(addr, inspect.ConnectionState(conn.ConnectionState()))
|
||||
}
|
||||
|
||||
func inspectFile(filename string) {
|
||||
raw, err := os.ReadFile(filename)
|
||||
if err != nil {
|
||||
// TODO
|
||||
}
|
||||
|
||||
info := inspect.LoadPEM(raw)
|
||||
if len(info) == 0 {
|
||||
// TODO
|
||||
}
|
||||
|
||||
display(filename, info)
|
||||
}
|
||||
|
||||
func displayText(src string, info []inspect.Info) {
|
||||
}
|
||||
|
||||
func displayJSON(src string, info []inspect.Info) {
|
||||
}
|
||||
|
||||
func displayYAML(src string, info []inspect.Info) {
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue