aljaz/certspotter
1
1
Fork 0
mirror of https://github.com/SSLMate/certspotter.git synced 2026-01-16 02:04:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support for IDNs

Browse Source 
IDNs can be specified in either Unicode or ASCII (as Punycode).
Certs can specify the DNS name either way, and we'll match it.
This commit is contained in:
Andrew Ayer
2016-04-26 14:38:09 -07:00
parent 19c5f86d23
commit 4132ed5e9f
1 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
cmd/ctwatch/main.go
View File

@@ -7,6 +7,8 @@ import (
"bufio"
"strings"
"golang.org/x/net/idna"
"src.agwa.name/ctwatch"
"src.agwa.name/ctwatch/ct"
"src.agwa.name/ctwatch/cmd"
@@ -24,17 +26,38 @@ var stateDir = flag.String("state_dir", DefaultStateDir(), "Directory for storin
var watchDomains []string
var watchDomainSuffixes []string
func setWatchDomains (domains []string) {
func addWatchDomain (domain string) {
watchDomains = append(watchDomains, strings.ToLower(domain))
watchDomainSuffixes = append(watchDomainSuffixes, "." + strings.ToLower(domain))
}
func setWatchDomains (domains []string) error {
for _, domain := range domains {
if domain == "." { // "." as in root zone (matches everything)
watchDomains = []string{}
watchDomainSuffixes = []string{""}
break
} else {
watchDomains = append(watchDomains, strings.ToLower(domain))
watchDomainSuffixes = append(watchDomainSuffixes, "." + strings.ToLower(domain))
addWatchDomain(domain)
asciiDomain, err := idna.ToASCII(domain)
if err != nil {
return fmt.Errorf("Invalid domain `%s': %s", domain, err)
}
if asciiDomain != domain {
addWatchDomain(asciiDomain)
}
unicodeDomain, err := idna.ToUnicode(domain)
if err != nil {
return fmt.Errorf("Invalid domain `%s': %s", domain, err)
}
if unicodeDomain != domain {
addWatchDomain(unicodeDomain)
}
}
}
return nil
}
func dnsNameMatches (dnsName string) bool {
@@ -105,9 +128,15 @@ func main() {
fmt.Fprintf(os.Stderr, "%s: Error reading standard input: %s\n", os.Args[0], err)
os.Exit(1)
}
setWatchDomains(domains)
if err := setWatchDomains(domains); err != nil {
fmt.Fprintf(os.Stderr, "%s: %s\n", os.Args[0], err)
os.Exit(1)
}
} else {
setWatchDomains(flag.Args())
if err := setWatchDomains(flag.Args()); err != nil {
fmt.Fprintf(os.Stderr, "%s: %s\n", os.Args[0], err)
os.Exit(1)
}
}
cmd.Main(*stateDir, processEntry)