In hrbrmstr/sslsaran: Tools to Work with Certificate Transparency ('CT') Logs and Various 'CT' 'APIs'
sslsaran
Tools to Work with Certificate Transparency ('CT') Logs and Various 'CT' 'APIs'
Description
The 'IETF' 'RFC' 6962 (https://tools.ietf.org/html/rfc6962) describes an
experimental protocol for publicly logging the existence of 'Transport Layer
Security' ('TLS') certificates as they are issued or observed, in a manner
that allows anyone to audit certificate authority ('CA') activity and notice
the issuance of suspect certificates as well as to audit the certificate logs
themselves. Functions are provided as a wrapper around the log server 'API'.
Tools are also provided to interface with other 'Certificate Transparency'
'APIs' including 'sslmate' https://sslmate.com/certspotter/api,
'Symantec' https://cryptoreport.websecurity.symantec.com/checker/views/ctsearch.jsp,
Google, and others.
What's Inside The Tin
The following functions are implemented:
cs_get_cert: Get Certificate Objectcs_list_certs: List Certificatesget_entries: Retrieve Entries from Logget_sth: Retrieve Latest Signed Tree Headparse_x509_attributes: Parse X.509/X.500 Attribute Strings into a Named Listread_log_list: Retrieve Certificate Transparency Log Listsym_ct_search: Search Certificate Transparency Logs via Symatec CryptoReporttr_log_summary: Retrieve Certificate Transparency Log Server Summaries from the Google Transparency Report Projecttr_report: Query Google's Transparency Repoirt for Certificate Information
Installation
devtools::install_github("hrbrmstr/sslsaran")
options(width=120)
Usage
library(sslsaran)
library(tidyverse)
# current verison
packageVersion("sslsaran")
# Get available log servers
ll <- read_log_list()
glimpse(ll$logs)
glimpse(ll$operators)
# How many certs? (we'll use a different list for this since Chrome is picky)
# NOTE: This usually takes a bit of time to run as some CT servers are slow
moar_logs <- read_log_list("https://www.gstatic.com/ct/log_list/all_logs_list.json")
pull(moar_logs$logs, url) %>%
map(get_sth) %>%
map_dbl("tree_size") %>%
sum(na.rm=TRUE) %>%
scales::comma()
# Pick one from the google list
ctl <- ll$logs$url[2]
# Get picked latest signed tree head
sth <- get_sth(ctl)
# Get the last 30 entries
x <- get_entries(ctl, sth$tree_size-30, sth$tree_size-1)
# Take a look
glimpse(x)
map_chr(x$certificate, ~.x$issuer %||% NA) %>%
discard(is.na)
map_chr(x$certificate, ~.x$subject %||% NA) %>%
discard(is.na)
map(x$certificate, ~.x$alt_names %||% NA) %>%
discard(~is.na(.x[1]))
hrbrmstr/sslsaran documentation built on May 28, 2019, 12:59 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
sslsaran
Tools to Work with Certificate Transparency ('CT') Logs and Various 'CT' 'APIs'
Description
The 'IETF' 'RFC' 6962 (https://tools.ietf.org/html/rfc6962) describes an experimental protocol for publicly logging the existence of 'Transport Layer Security' ('TLS') certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority ('CA') activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. Functions are provided as a wrapper around the log server 'API'. Tools are also provided to interface with other 'Certificate Transparency' 'APIs' including 'sslmate' https://sslmate.com/certspotter/api, 'Symantec' https://cryptoreport.websecurity.symantec.com/checker/views/ctsearch.jsp, Google, and others.
What's Inside The Tin
The following functions are implemented:
cs_get_cert: Get Certificate Objectcs_list_certs: List Certificatesget_entries: Retrieve Entries from Logget_sth: Retrieve Latest Signed Tree Headparse_x509_attributes: Parse X.509/X.500 Attribute Strings into a Named Listread_log_list: Retrieve Certificate Transparency Log Listsym_ct_search: Search Certificate Transparency Logs via Symatec CryptoReporttr_log_summary: Retrieve Certificate Transparency Log Server Summaries from the Google Transparency Report Projecttr_report: Query Google's Transparency Repoirt for Certificate Information
Installation
devtools::install_github("hrbrmstr/sslsaran")
options(width=120)
Usage
library(sslsaran) library(tidyverse) # current verison packageVersion("sslsaran") # Get available log servers ll <- read_log_list() glimpse(ll$logs) glimpse(ll$operators)
# How many certs? (we'll use a different list for this since Chrome is picky) # NOTE: This usually takes a bit of time to run as some CT servers are slow moar_logs <- read_log_list("https://www.gstatic.com/ct/log_list/all_logs_list.json") pull(moar_logs$logs, url) %>% map(get_sth) %>% map_dbl("tree_size") %>% sum(na.rm=TRUE) %>% scales::comma()
# Pick one from the google list ctl <- ll$logs$url[2] # Get picked latest signed tree head sth <- get_sth(ctl) # Get the last 30 entries x <- get_entries(ctl, sth$tree_size-30, sth$tree_size-1) # Take a look glimpse(x) map_chr(x$certificate, ~.x$issuer %||% NA) %>% discard(is.na) map_chr(x$certificate, ~.x$subject %||% NA) %>% discard(is.na) map(x$certificate, ~.x$alt_names %||% NA) %>% discard(~is.na(.x[1]))
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.