Tools to Work with Certificate Transparency ('CT') Logs and Various 'CT' 'APIs'
The 'IETF' 'RFC' 6962 (https://tools.ietf.org/html/rfc6962) describes an experimental protocol for publicly logging the existence of 'Transport Layer Security' ('TLS') certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority ('CA') activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. Functions are provided as a wrapper around the log server 'API'. Tools are also provided to interface with other 'Certificate Transparency' 'APIs' including 'sslmate' https://sslmate.com/certspotter/api, 'Symantec' https://cryptoreport.websecurity.symantec.com/checker/views/ctsearch.jsp, Google, and others.
The following functions are implemented:
cs_get_cert
: Get Certificate Objectcs_list_certs
: List Certificatesget_entries
: Retrieve Entries from Logget_sth
: Retrieve Latest Signed Tree Headparse_x509_attributes
: Parse X.509/X.500 Attribute Strings into a Named Listread_log_list
: Retrieve Certificate Transparency Log Listsym_ct_search
: Search Certificate Transparency Logs via Symatec CryptoReporttr_log_summary
: Retrieve Certificate Transparency Log Server Summaries from the Google Transparency Report Projecttr_report
: Query Google's Transparency Repoirt for Certificate Informationdevtools::install_github("hrbrmstr/sslsaran")
options(width=120)
library(sslsaran) library(tidyverse) # current verison packageVersion("sslsaran") # Get available log servers ll <- read_log_list() glimpse(ll$logs) glimpse(ll$operators)
# How many certs? (we'll use a different list for this since Chrome is picky) # NOTE: This usually takes a bit of time to run as some CT servers are slow moar_logs <- read_log_list("https://www.gstatic.com/ct/log_list/all_logs_list.json") pull(moar_logs$logs, url) %>% map(get_sth) %>% map_dbl("tree_size") %>% sum(na.rm=TRUE) %>% scales::comma()
# Pick one from the google list ctl <- ll$logs$url[2] # Get picked latest signed tree head sth <- get_sth(ctl) # Get the last 30 entries x <- get_entries(ctl, sth$tree_size-30, sth$tree_size-1) # Take a look glimpse(x) map_chr(x$certificate, ~.x$issuer %||% NA) %>% discard(is.na) map_chr(x$certificate, ~.x$subject %||% NA) %>% discard(is.na) map(x$certificate, ~.x$alt_names %||% NA) %>% discard(~is.na(.x[1]))
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.