Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generalized parser and table for cryptographic materials (eg: certificates) #790

Merged
merged 7 commits into from Feb 4, 2022
Merged

Generalized parser and table for cryptographic materials (eg: certificates) #790

merged 7 commits into from Feb 4, 2022

Conversation

directionless
Copy link
Contributor

With pkg/keyidentifier, we've long had the ability to parse private keys. But we've often wanted to add certificates to that. Unfortunately that library and associated table hardcode several assumptions about the shape of the resultant data.

Thus, pkg/cryptoinfo and the associated kolide_cryptoinfo. This is designed to return nested data, suitable for being handed to dataflatten.

Right now, it only parses certificates, though it should handle both common formats (DER and PEM). I think it has the bones to grow into handling all other keys as needed. We could replace pkg/keyidentifier with it.

For example:

osquery> select count(*) from kolide_cryptoinfo where path = '/etc/ssl/cert.pem' ;
+----------+
| count(*) |
+----------+
| 7903     |
+----------+
osquery> select value from kolide_cryptoinfo where path = '/etc/ssl/cert.pem' and fullkey like '%/Subject/CommonName' limit 5;
+-----------------------------------------------------------+
| value                                                     |
+-----------------------------------------------------------+
| Autoridad de Certificacion Firmaprofesional CIF A62634068 |
| Chambers of Commerce Root - 2008                          |
| Global Chambersign Root - 2008                            |
| ACCVRAIZ1                                                 |
| Actalis Authentication Root CA                            |
+-----------------------------------------------------------+

blaedj
blaedj reviewed Feb 4, 2022
View reviewed changes
pkg/cryptoinfo/info.go Show resolved Hide resolved
pkg/cryptoinfo/parse_certificate.go Show resolved Hide resolved
@directionless directionless merged commit 88882ff into kolide:master Feb 4, 2022
@directionless directionless deleted the seph/certificates-flattenable branch February 4, 2022 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blaedj blaedj blaedj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@directionless @blaedj