Fulcio watcher

main.go

package main

import (
	"context"
	"fmt"
	"log"
	"net/http"
	"time"

	ct "github.com/google/certificate-transparency-go"
	"github.com/google/certificate-transparency-go/client"
	"github.com/google/certificate-transparency-go/jsonclient"
	"github.com/google/certificate-transparency-go/scanner"
)

func main() {
	logURI := "https://ctfe.sigstore.dev/2022/"

	logClient, err := client.New(logURI, &http.Client{
		Timeout: 10 * time.Second,
		Transport: &http.Transport{
			TLSHandshakeTimeout:   30 * time.Second,
			ResponseHeaderTimeout: 30 * time.Second,
			MaxIdleConnsPerHost:   10,
			DisableKeepAlives:     false,
			MaxIdleConns:          100,
			IdleConnTimeout:       90 * time.Second,
			ExpectContinueTimeout: 1 * time.Second,
		},
	}, jsonclient.Options{UserAgent: "ct-go-scanlog/1.0"})
	if err != nil {
		log.Fatal(err)
	}

	opts := scanner.ScannerOptions{
		FetcherOptions: scanner.FetcherOptions{
			BatchSize:     8096,
			ParallelFetch: 2,
			// StartIndex:    0,
			StartIndex: 5290468, // 25 january
			EndIndex:   0,
			Continuous: true,
		},
		Matcher:    scanner.MatchAll{},
		NumWorkers: 8,
	}
	s := scanner.NewScanner(logClient, opts)
	ctx := context.Background()
	s.Scan(ctx, func(e *ct.RawLogEntry) {
		e2, err := e.ToLogEntry()
		if err != nil {
			return
		}
		crt := e2.X509Cert
		for _, v := range crt.EmailAddresses {
			log.Print(crt)
			log.Println(v)
		}
	}, func(e *ct.RawLogEntry) {
		e2, err := e.ToLogEntry()
		if err != nil {
			return
		}
		crt := e2.Precert.TBSCertificate
    // this is spamming the results; filter it out
		if len(crt.EmailAddresses) != 0 && crt.EmailAddresses[0] != "sigstore-prod-prometheus-sa@project-rekor.iam.gserviceaccount.com" {
			fmt.Println(crt.NotBefore, crt.EmailAddresses[0])
		}
		if len(crt.URIs) != 0 {
			fmt.Println(crt.NotBefore, crt.URIs)
		}
	})

}