certificate-transparency-go用例
文章目录
- 证书的SCT列表
- 验证SCT
- 依赖包
- 加载证书
- 初始化log机构信息
- 离线验证+在线验证
证书的SCT列表
浏览器对证书链的合法性检查通过后,会再检查服务端证书附件里的SCT列表(Signed Certificate Timestamp);
浏览器内置了一批certificate transparency log机构的公钥和访问地址,如果SCT申明证书在某个log机构注册了,但是SCT里的签名通过不了log机构的公钥验证,则抛出错误NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
验证SCT
依赖包
使用github.com/google/certificate-transparency-go工具
import ("context""encoding/base64""encoding/pem""errors""io""log""net/http""os""time"ct "github.com/google/certificate-transparency-go""github.com/google/certificate-transparency-go/ctutil""github.com/google/certificate-transparency-go/loglist3"ctX509 "github.com/google/certificate-transparency-go/x509""github.com/google/certificate-transparency-go/x509util"
)
加载证书
假设服务端证书以及签发该证书的上级CA证书,已保存为PEM格式的文件
func VerifySCT(certLocation string, issuerLocation string) error {// 服务端证书certByte, err := os.ReadFile(certLocation)if err != nil {return err}block, _ := pem.Decode(certByte)if block == nil || len(block.Bytes) == 0 {return errors.New("error decoding certificate")}cert, err := ctX509.ParseCertificate(block.Bytes)if err != nil {return err}// 上级CAcertByte, _ = os.ReadFile(issuerLocation)block, _ = pem.Decode(certByte)if block == nil || len(block.Bytes) == 0 {return errors.New("error decoding issuer CA")}issuer, _ := ctX509.ParseCertificate(block.Bytes)err = cert.CheckSignatureFrom(issuer)if err != nil {log.Printf("证书%s的签名算法是%s,CA签名没有验证成功", cert.Subject, cert.SignatureAlgorithm.String())return err}// 生成merkle tree leaf,用于验证sct(Signed Certificate Timestamp)merkleLeaf, err := ct.MerkleTreeLeafForEmbeddedSCT([]*ctX509.Certificate{cert, issuer}, 0)if err != nil {return err}// 获取证书里附带的sct列表sctList, err := x509util.ParseSCTsFromSCTList(&cert.SCTList)if err != nil {log.Printf("ParseCertificate failed %v", err)return err}log.Printf("验证证书%s的SCT列表", cert.Subject)
初始化log机构信息
使用和chrome一致的机构列表:https://www.gstatic.com/ct/log_list/v3/log_list.json
// 获取chrome使用的certificate transparency log机构列表,包含机构使用的公钥和查询api地址resp, err := http.DefaultClient.Get(loglist3.LogListURL)if err != nil {return errors.New("下载certificate transparency log地址列表失败")}defer resp.Body.Close()body, err := io.ReadAll(resp.Body)if err != nil {return errors.New("下载certificate transparency log地址列表失败")}loglistEntry, _ := loglist3.NewFromJSON(body)logsByHash, _ := ctutil.LogInfoByKeyHash(loglistEntry, http.DefaultClient)
离线验证+在线验证
logInfo.VerifySCTSignature方法不需要和log机构在线交互,是使用已知的log机构公钥对SCT进行离线验证
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)defer cancel()for _, sct := range sctList {// 验证sct,参考https://github.com/google/certificate-transparency-go/blob/master/ctutil/sctscan/sctscan.golog.Printf("sct signature: %s, %s", base64.StdEncoding.EncodeToString(sct.Signature.Signature), time.Unix(0, int64(sct.Timestamp)*int64(time.Millisecond)).Format(time.RFC3339Nano))logInfo, ok := logsByHash[sct.LogID.KeyID]if !ok {log.Printf("sct key_hash: %s,不存在对应certificate transparency log机构", base64.StdEncoding.EncodeToString(sct.LogID.KeyID[:]))continue}log.Printf("颁发sct的certificate transparency log机构是: %s,地址:%s, 公钥哈希:%s", logInfo.Description,logInfo.Client.BaseURI(), base64.StdEncoding.EncodeToString(sct.LogID.KeyID[:]))err = logInfo.VerifySCTSignature(*sct, *merkleLeaf)if err != nil {log.Printf("Verify SCT failed %v", err)continue}log.Println("Verify SCT offline OK")// 线上验证,非必须if _, err := logInfo.VerifyInclusionLatest(ctx, *merkleLeaf, sct.Timestamp); err != nil {sth := logInfo.LastSTH()if sth != nil {delta := time.Duration(sth.Timestamp-sct.Timestamp) * time.Millisecondif delta < logInfo.MMD {// 如果生效时间(logInfo.MMD)还未到,那么机构查询不到该sct的merkle tree leaf信息是正常的log.Printf("SCT's MMD has not passed %d -> %d < %v", sct.Timestamp, sth.Timestamp, logInfo.MMD)continue}}log.Printf("Failed to verify SCT online: %v", err)} else {log.Println("Verify SCT online OK")}}每个SCT分别是不同log机构签发的,如果一个证书附带的两个SCT是由同一个log机构签发,或者SCT列表涉及的log机构合计不足3个,浏览器似乎也会报错;
目前,证书检查通过后,chrome的F12里才显示解析的SCT列表;ERR_CERTIFICATE_TRANSPARENCY_REQUIRED错误发生时,需要使用这个程序来查看SCT列表里是否存在重复注册、注册的log机构数量不足,甚至是否无法通过SCT签名检查