Implement in go

Author: bakito

.gitignore

@@ -0,0 +1,4 @@
+*.jks
+*.pem
+.vscode
+cert-fetcher

README.md

@@ -0,0 +1,16 @@
+# cert-fetcher
+
+Fetch ssl certificates from https urls and store them in different formats.
+
+## Supported output formats
+
+- pem
+- jks (java keystore)
+
+## usage
+
+see
+
+```bash
+cert-fetcher --help
+```

cmd/jks.go

@@ -0,0 +1,66 @@
+package cmd
+
+import (
+	"crypto/x509"
+	"fmt"
+	"log"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	keystore "github.com/pavel-v-chernykh/keystore-go"
+	"github.com/spf13/cobra"
+)
+
+var (
+	jskPassword = "changeit"
+)
+
+// jksCmd represents the jks command
+var jksCmd = &cobra.Command{
+	Use:   "jks",
+	Short: "store the certificates into an java keystore",
+	Long:  "store the certificates into an java keystore",
+	Run: func(cmd *cobra.Command, args []string) {
+		certs := fetchCertificates()
+		ks := keystore.KeyStore{}
+
+		for _, cert := range certs {
+			ce := &keystore.TrustedCertificateEntry{
+				Entry: keystore.Entry{
+					CreationDate: time.Now(),
+				},
+				Certificate: keystore.Certificate{
+					Content: cert.Raw,
+					Type:    "X.509",
+				},
+			}
+			ce.CreationDate = time.Now()
+			ks[alias(cert)] = ce
+		}
+
+		var fileName string
+		if outputFile != "" {
+			fileName = outputFile
+		} else {
+			u, _ := url.Parse(targetURL)
+			fileName = u.Host + ".jks"
+		}
+
+		k, _ := os.Create(fileName)
+		defer k.Close()
+		keystore.Encode(k, ks, []byte(jskPassword))
+		log.Printf("java keystore file %s created.", fileName)
+
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(jksCmd)
+	jksCmd.PersistentFlags().StringVarP(&jskPassword, "password", "p", "changeit", "the password to be used for the java keystore")
+}
+
+func alias(cert *x509.Certificate) string {
+	return fmt.Sprintf("%s (%s)", strings.ToLower(cert.Subject.CommonName), strings.ToLower(cert.Issuer.CommonName))
+}

cmd/pem.go

@@ -0,0 +1,58 @@
+package cmd
+
+import (
+	"bytes"
+	"crypto/x509"
+	"encoding/pem"
+	"log"
+	"net/url"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+// pemCmd represents the pem command
+var pemCmd = &cobra.Command{
+	Use:   "pem",
+	Short: "store the certificates ad pem file",
+	Long:  "store the certificates ad pem file",
+
+	Run: func(cmd *cobra.Command, args []string) {
+
+		certs := fetchCertificates()
+		pem, err := certChainToPEM(certs)
+
+		if err != nil {
+			log.Fatal(err)
+			os.Exit(1)
+		}
+
+		var fileName string
+		if outputFile != "" {
+			fileName = outputFile
+		} else {
+			u, _ := url.Parse(targetURL)
+			fileName = u.Host + ".pem"
+		}
+		f, _ := os.Create(fileName)
+
+		defer f.Close()
+		f.Write(pem)
+		log.Printf("pem file %s created.", fileName)
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(pemCmd)
+}
+
+// CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed
+func certChainToPEM(certChain []*x509.Certificate) ([]byte, error) {
+	var pemBytes bytes.Buffer
+	for _, cert := range certChain {
+		if err := pem.Encode(&pemBytes, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}); err != nil {
+			return nil, err
+		}
+	}
+	return pemBytes.Bytes(), nil
+}

cmd/root.go

@@ -0,0 +1,77 @@
+package cmd
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+)
+
+const (
+	certTemplate string = `Certificate %d:
+Subject: %s 
+Issuer: %s
+NotBefore: %s
+NotAfter: %s
+
+`
+)
+
+var (
+	targetURL  string
+	outputFile string
+)
+
+// rootCmd represents the base command when called without any subcommands
+var rootCmd = &cobra.Command{
+	Use:   "cert-fetcher",
+	Short: "Fetch client certificates from https urls",
+	Long:  `A go application that fetches public certificates from https sites and stores them into different output formates.`,
+	Run: func(cmd *cobra.Command, args []string) {
+
+		certs := fetchCertificates()
+		loc := time.Local
+		for i, cert := range certs {
+			fmt.Printf(certTemplate, i, cert.Subject.CommonName, cert.Issuer.CommonName, cert.NotBefore.In(loc).String(), cert.NotAfter.In(loc).String())
+		}
+	},
+}
+
+// Execute adds all child commands to the root command and sets flags appropriately.
+// This is called by main.main(). It only needs to happen once to the rootCmd.
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}
+
+func init() {
+	rootCmd.PersistentFlags().StringVarP(&targetURL, "url", "u", "", "the URL to fetch the certificate from")
+	rootCmd.MarkPersistentFlagRequired("url")
+	rootCmd.PersistentFlags().StringVarP(&outputFile, "out-file", "o", "", "the output file")
+}
+
+func fetchCertificates() []*x509.Certificate {
+
+	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+
+	resp, err := http.Get(targetURL)
+
+	if err != nil {
+		log.Fatal(err)
+		os.Exit(1)
+	}
+
+	if resp.TLS != nil {
+		return resp.TLS.PeerCertificates
+	}
+	log.Fatal(fmt.Errorf("Could not find any certificates"))
+	os.Exit(1)
+	return nil
+}

go.mod

@@ -0,0 +1,13 @@
+module github.com/bakito/cert-fetcher
+
+require (
+	github.com/google/pprof v0.0.0-20190109223431-e84dfd68c163 // indirect
+	github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6 // indirect
+	github.com/mitchellh/go-homedir v1.0.0
+	github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible
+	github.com/spf13/cobra v0.0.3
+	github.com/spf13/viper v1.3.1
+	golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045 // indirect
+	golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc // indirect
+	golang.org/x/sys v0.0.0-20190116161447-11f53e031339 // indirect
+)

go.sum

@@ -0,0 +1,35 @@
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/google/pprof v0.0.0-20190109223431-e84dfd68c163/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible h1:Jd6xfriVlJ6hWPvYOE0Ni0QWcNTLRehfGPFxr3eSL80=
+github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible/go.mod h1:xlUlxe/2ItGlQyMTstqeDv9r3U4obH7xYd26TbDQutY=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190116161447-11f53e031339/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=