Skip to content

Commit

Permalink
Use public cryptography API in SSL certificate normalizer (#2796)
Browse files Browse the repository at this point in the history
Co-authored-by: Jan Klopper <[email protected]>
  • Loading branch information
dekkers and underdarknl authored Apr 8, 2024
1 parent f6677f5 commit 5273eaa
Show file tree
Hide file tree
Showing 5 changed files with 310 additions and 25 deletions.
6 changes: 3 additions & 3 deletions boefjes/boefjes/plugins/kat_ssl_certificates/normalize.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
import re
from collections.abc import Iterable

import cryptography
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec, rsa
from dateutil.parser import parse

from boefjes.job_models import NormalizerMeta
Expand Down Expand Up @@ -126,11 +126,11 @@ def read_certificates(
logging.info("Parsing certificate of type %s", type(cert.public_key()))
if isinstance(
cert.public_key(),
cryptography.hazmat.backends.openssl.rsa.RSAPublicKey,
rsa.RSAPublicKey,
):
pk_algorithm = str(AlgorithmType.RSA)
pk_number = cert.public_key().public_numbers().n.to_bytes(pk_size // 8, "big").hex()
elif isinstance(cert.public_key(), cryptography.hazmat.backends.openssl.ec._EllipticCurvePublicKey):
elif isinstance(cert.public_key(), ec.EllipticCurvePublicKey):
pk_algorithm = str(AlgorithmType.ECC)
pk_number = hex(cert.public_key().public_numbers().x) + hex(cert.public_key().public_numbers().y)
else:
Expand Down
62 changes: 53 additions & 9 deletions boefjes/tests/examples/ssl-certificates-normalize.json
Original file line number Diff line number Diff line change
@@ -1,13 +1,57 @@
{
"id": "10f392a7-a21b-428a-9ba1-7d39018d58a7",
"organization": "_dev",
"arguments": {
"domain": "example.nl"
"id": "7134430c-8509-4944-b0be-27cb9bfb4bc2",
"raw_data": {
"id": "cf06e5fa-d038-43ca-848f-08528d1b5eb7",
"boefje_meta": {
"id": "b3806b37-f51e-448b-901a-5fa9c78607bc",
"started_at": "2024-04-05T08:12:14.001600Z",
"ended_at": "2024-04-05T08:12:14.647053Z",
"boefje": {
"id": "ssl-certificates",
"version": null
},
"input_ooi": "Website|internet|134.209.85.72|tcp|443|https|internet|mispo.es",
"arguments": {
"input": {
"object_type": "Website",
"scan_profile": "scan_profile_type='inherited' reference=Reference('Website|internet|134.209.85.72|tcp|443|https|internet|mispo.es') level=<ScanLevel.L2: 2>",
"primary_key": "Website|internet|134.209.85.72|tcp|443|https|internet|mispo.es",
"ip_service": {
"ip_port": {
"address": {
"network": {
"name": "internet"
},
"address": "134.209.85.72"
},
"protocol": "tcp",
"port": "443"
},
"service": {
"name": "https"
}
},
"hostname": {
"network": {
"name": "internet"
},
"name": "mispo.es"
},
"certificate": "None"
}
},
"organization": "test",
"runnable_hash": "31425d58d153e0cafcf8a0e558b690d48217fce6378acc65b3e361ae568802f2",
"environment": {}
},
"mime_types": [
{
"value": "boefje/ssl-certificates"
}
]
},
"started_at": "2021-07-27T11:26:42.679000+00:00",
"ended_at": "2021-07-27T11:26:44.679000+00:00",
"dispatches": {
"normalizers": [],
"boefjes": []
"normalizer": {
"id": "kat_dns_normalize",
"version": null
}
}
13 changes: 0 additions & 13 deletions boefjes/tests/examples/ssl-certificates.json

This file was deleted.

243 changes: 243 additions & 0 deletions boefjes/tests/examples/ssl-certificates.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,243 @@
CONNECTED(00000003)
---
Certificate chain
0 s:CN = mispo.es
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISBIEgUTAliVGEWSjvwigTdO8TMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjExMTUwODUyNTdaFw0yMzAyMTMwODUyNTZaMBMxETAPBgNVBAMT
CG1pc3BvLmVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHAjzeGB
jt/YWunF+X50xzCgTh6Fs71+QWckk17j6jFVB9YdKGdnkQOYaBoZdqjFs2ojtWZI
eqrSPEzHfS4mk5XlYllgQomR966Ly2IrPQkzqHo9xqpaILxiJIXa7K2cUbL9rdpB
il+7QtCCAWcmTBJItgdvj8r/jCNsUrrWp+Io4ojaVQs4VaYWcIbftSs5nnVtJ41/
i6OgrfvNthRfGT9W3afNqrAzAkLsGI/Qa3KT9KPEikItuEpa2VZEYRPBUY+KlhfK
dgCDBD1uIGAd8rlFwfMq65rRBPk8sYlT9eaBvoKde2oDI3oXfwv2lDUgts5i+hdk
R9VFOqcrPp2VUQIDAQABo4ICVzCCAlMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRd
UBy7LJ4dkCYqDP4fDk1a+BTKwjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+d
ixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxl
bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAnBgNV
HREEIDAegghtaXNwby5lc4ISdnVpbGUuc3RpbGxla2F0Lm5sMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAejKM
VNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGEerTBaQAABAMASDBGAiEA
pPIOE9cqiRsOXUGyFjDG6+WteI7U5e8ZEUFP5DvcPNACIQDWgqHT74Y8f13IM7bV
74rXaLbIbTaLAlSzyqBOOScO0wB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nh
d31tBr1uAAABhHq0wcwAAAQDAEYwRAIgEvvznbl7HfU1FI9HThTz4OpJh5L+0YpQ
SqeJw1TYcrUCIAjuTcePt5n9zAEzV0nKY3Knw+GJ40HS3fOjh3FXsa8BMA0GCSqG
SIb3DQEBCwUAA4IBAQAR6t0xjTZ3djYvafy9iDAYnrbq76xcViq58mAgZxcQIZ0x
LQyxKe44skPFaf9GgHJImqnL41twdZfvnidE4pIaYE5NIjbEA/lloMaMrzJ/f8ux
iC5doo1/r6wvRJqRmoIF4aC8y+WpTxogf01Ea4rV6rHMugBUfJLjx2gkxloMEguw
RElnErM9aL36GQz0j8yY4FHppzkcRerjRe/p9OALu81nWxG0K+7Xp42JzylYXvCj
idLA7MOqakHLt+O6Uf8DaJOIXdHYbhyijcqANzzG1jSixjHaBoM6inGVhJI+Mh5t
qXe6YQpcZ1a7Hdns92sUt1d8/6dihdDd1vVxcVmP
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = mispo.es

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4582 bytes and written 390 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Certificate chain
0 s:CN = mispo.es
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISBIEgUTAliVGEWSjvwigTdO8TMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjExMTUwODUyNTdaFw0yMzAyMTMwODUyNTZaMBMxETAPBgNVBAMT
CG1pc3BvLmVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHAjzeGB
jt/YWunF+X50xzCgTh6Fs71+QWckk17j6jFVB9YdKGdnkQOYaBoZdqjFs2ojtWZI
eqrSPEzHfS4mk5XlYllgQomR966Ly2IrPQkzqHo9xqpaILxiJIXa7K2cUbL9rdpB
il+7QtCCAWcmTBJItgdvj8r/jCNsUrrWp+Io4ojaVQs4VaYWcIbftSs5nnVtJ41/
i6OgrfvNthRfGT9W3afNqrAzAkLsGI/Qa3KT9KPEikItuEpa2VZEYRPBUY+KlhfK
dgCDBD1uIGAd8rlFwfMq65rRBPk8sYlT9eaBvoKde2oDI3oXfwv2lDUgts5i+hdk
R9VFOqcrPp2VUQIDAQABo4ICVzCCAlMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRd
UBy7LJ4dkCYqDP4fDk1a+BTKwjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+d
ixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxl
bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAnBgNV
HREEIDAegghtaXNwby5lc4ISdnVpbGUuc3RpbGxla2F0Lm5sMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAejKM
VNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGEerTBaQAABAMASDBGAiEA
pPIOE9cqiRsOXUGyFjDG6+WteI7U5e8ZEUFP5DvcPNACIQDWgqHT74Y8f13IM7bV
74rXaLbIbTaLAlSzyqBOOScO0wB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nh
d31tBr1uAAABhHq0wcwAAAQDAEYwRAIgEvvznbl7HfU1FI9HThTz4OpJh5L+0YpQ
SqeJw1TYcrUCIAjuTcePt5n9zAEzV0nKY3Knw+GJ40HS3fOjh3FXsa8BMA0GCSqG
SIb3DQEBCwUAA4IBAQAR6t0xjTZ3djYvafy9iDAYnrbq76xcViq58mAgZxcQIZ0x
LQyxKe44skPFaf9GgHJImqnL41twdZfvnidE4pIaYE5NIjbEA/lloMaMrzJ/f8ux
iC5doo1/r6wvRJqRmoIF4aC8y+WpTxogf01Ea4rV6rHMugBUfJLjx2gkxloMEguw
RElnErM9aL36GQz0j8yY4FHppzkcRerjRe/p9OALu81nWxG0K+7Xp42JzylYXvCj
idLA7MOqakHLt+O6Uf8DaJOIXdHYbhyijcqANzzG1jSixjHaBoM6inGVhJI+Mh5t
qXe6YQpcZ1a7Hdns92sUt1d8/6dihdDd1vVxcVmP
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = mispo.es

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4740 bytes and written 414 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
11 changes: 11 additions & 0 deletions boefjes/tests/test_sslcertificate_normalizer.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
from boefjes.job_models import NormalizerMeta
from boefjes.plugins.kat_ssl_certificates.normalize import run
from tests.loading import get_dummy_data


def test_ssl_certificates_normalizer():
meta = NormalizerMeta.model_validate_json(get_dummy_data("ssl-certificates-normalize.json"))

output = list(run(meta, get_dummy_data("ssl-certificates.txt")))

assert len([ooi for ooi in output if ooi.object_type == "X509Certificate"]) == 3

0 comments on commit 5273eaa

Please sign in to comment.