Skip to content

Instantly share code, notes, and snippets.

@arianvp
Created January 26, 2023 10:12
Show Gist options
  • Save arianvp/1a1306dd2ae5439e3ab20acd20e41ab6 to your computer and use it in GitHub Desktop.
Save arianvp/1a1306dd2ae5439e3ab20acd20e41ab6 to your computer and use it in GitHub Desktop.
Fulcio watcher
package main
import (
"context"
"fmt"
"log"
"net/http"
"time"
ct "github.com/google/certificate-transparency-go"
"github.com/google/certificate-transparency-go/client"
"github.com/google/certificate-transparency-go/jsonclient"
"github.com/google/certificate-transparency-go/scanner"
)
func main() {
logURI := "https://ctfe.sigstore.dev/2022/"
logClient, err := client.New(logURI, &http.Client{
Timeout: 10 * time.Second,
Transport: &http.Transport{
TLSHandshakeTimeout: 30 * time.Second,
ResponseHeaderTimeout: 30 * time.Second,
MaxIdleConnsPerHost: 10,
DisableKeepAlives: false,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
},
}, jsonclient.Options{UserAgent: "ct-go-scanlog/1.0"})
if err != nil {
log.Fatal(err)
}
opts := scanner.ScannerOptions{
FetcherOptions: scanner.FetcherOptions{
BatchSize: 8096,
ParallelFetch: 2,
// StartIndex: 0,
StartIndex: 5290468, // 25 january
EndIndex: 0,
Continuous: true,
},
Matcher: scanner.MatchAll{},
NumWorkers: 8,
}
s := scanner.NewScanner(logClient, opts)
ctx := context.Background()
s.Scan(ctx, func(e *ct.RawLogEntry) {
e2, err := e.ToLogEntry()
if err != nil {
return
}
crt := e2.X509Cert
for _, v := range crt.EmailAddresses {
log.Print(crt)
log.Println(v)
}
}, func(e *ct.RawLogEntry) {
e2, err := e.ToLogEntry()
if err != nil {
return
}
crt := e2.Precert.TBSCertificate
// this is spamming the results; filter it out
if len(crt.EmailAddresses) != 0 && crt.EmailAddresses[0] != "sigstore-prod-prometheus-sa@project-rekor.iam.gserviceaccount.com" {
fmt.Println(crt.NotBefore, crt.EmailAddresses[0])
}
if len(crt.URIs) != 0 {
fmt.Println(crt.NotBefore, crt.URIs)
}
})
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment