certlint

X.509 certificate linter written in Go

General

This package is a work in progress.

Please keep in mind that:

This is an early release and may contain bugs or false reports
Not all checks have been fully implemented or verified against the standard
CLI flag, APIs and CSV export are subject to change

Code contributions and tests are highly welcome!

Installation

To install from source, just run:

go get -u github.com/globalsign/certlint
go install github.com/globalsign/certlint

CLI: Usage

The 'certlint' command line utility included with this package can be used to test a single certificate or a large pem container to bulk test millions of certificates. The command is used to test the linter on a large number of certificates but could use fresh up to reduce code complexity.

Usage of ./certlint:
  -bulk string
        Bulk certificates file
  -cert string
        Certificate file
  -errlevel string
        Exit non-zero for Errors at this level (default "error")
  -expired
        Test expired certificates
  -help
        Show this help
  -include
        Include certificates in report
  -issuer string
        Certificate file
  -pprof
        Generate pprof profile
  -report string
        Report filename (default "report.csv")
  -revoked
        Check if certificates are revoked

CLI: One certificate

$ certlint -cert certificate.pem

CLI: One certificate, exiting non-zero for Warning and above

$ certlint -errlevel warning -cert certificate.pem

CLI: A series of PEM encoded certificates

$ certlint -bulk largestore.pem

CLI: Testing expired certificates

$ certlint -expired -bulk largestore.pem

API: Usage

Import one or all of these packages:

import "github.com/globalsign/certlint/asn1"
import "github.com/globalsign/certlint/certdata"
import "github.com/globalsign/certlint/checks"

You can import all available checks:

_ "github.com/globalsign/certlint/checks/extensions/all"
_ "github.com/globalsign/certlint/checks/certificate/all"

Or you can just import a restricted set:

// Check for certificate (ext) KeyUsage extension
_ "github.com/globalsign/certlint/checks/extensions/extkeyusage"
_ "github.com/globalsign/certlint/checks/extensions/keyusage"

// Also check the parsed certificate (ext) keyusage content
_ "github.com/globalsign/certlint/checks/certificate/extkeyusage"
_ "github.com/globalsign/certlint/checks/certificate/keyusage"

API: Check ASN.1 value formatting

al := new(asn1.Linter)
e := al.CheckStruct(der)
if e != nil {
  for _, err := range e.List() {
    fmt.Println(err)
  }
}

API: Check certificate details

d, err := certdata.Load(der)
if err == nil {
  e := checks.Certificate.Check(d)
  if e != nil {
    for _, err := range e.List() {
      fmt.Println(err)
    }
  }
}

cpu / certlint Goto Github PK

certlint's Introduction

certlint

General

Installation

CLI: Usage

CLI: One certificate

CLI: One certificate, exiting non-zero for Warning and above

CLI: A series of PEM encoded certificates

CLI: Testing expired certificates

API: Usage

API: Check ASN.1 value formatting

API: Check certificate details

certlint's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent