From 209e5eed241804d3de7f352fa3021316f94c9e0f Mon Sep 17 00:00:00 2001 From: Issif Date: Sat, 27 Jun 2020 21:43:48 +0200 Subject: [PATCH] IDN are now detected with subdomains + add unit tests for Slack Post and IDN + add spaces after comma in SAN and Addresses fields for Slack events + remove * for bold in Slack text --- lib/lib.go | 12 +++++++++--- lib/lib_test.go | 31 ++++++++++++++++++++++++++++--- lib/slack.go | 25 ++++++++++++++++--------- res/cert_idn.json | 2 +- 4 files changed, 54 insertions(+), 16 deletions(-) diff --git a/lib/lib.go b/lib/lib.go index c0c68cf..4a08258 100644 --- a/lib/lib.go +++ b/lib/lib.go @@ -89,7 +89,7 @@ func ParseResultCertificate(msg []byte) (*Result, error) { Domain: c.Data.LeafCert.Subject["CN"], Issuer: c.Data.Chain[0].Subject["O"], SAN: c.Data.LeafCert.AllDomains, - Addresses: []string{"N/A"}, + Addresses: []string{}, } r.Addresses = fetchIPAddresses(r.Domain) return r, nil @@ -119,7 +119,13 @@ func fetchIPAddresses(name string) []string { // isIDN checks if domain is an IDN func isIDN(domain string) bool { - return strings.HasPrefix(domain, "xn--") + s := strings.Split(domain, ".") + for _, i := range s { + if strings.HasPrefix(i, "xn--") { + return true + } + } + return false } // IsMatchingCert checks if certificate matches the regexp @@ -182,7 +188,7 @@ func Notifier(config *Configuration) { log.Infof("A certificate for '%v' has been issued : %v\n", result.Domain, string(j)) if config.SlackWebHookURL != "" { go func(c *Configuration, r *Result) { - newSlackPayload(c, result).post(c) + NewSlackPayload(c, result).post(c) }(config, result) } } diff --git a/lib/lib_test.go b/lib/lib_test.go index f2e5224..46601bc 100644 --- a/lib/lib_test.go +++ b/lib/lib_test.go @@ -11,7 +11,9 @@ import ( var _ = Describe("Handler", func() { config := &lib.Configuration{ - Homoglyph: lib.GetHomoglyphMap(), + Homoglyph: lib.GetHomoglyphMap(), + SlackUsername: "test", + SlackIconURL: "http://test", } reg, _ := regexp.Compile(".*test.*") Describe("isMatchingCert", func() { @@ -30,14 +32,25 @@ var _ = Describe("Handler", func() { }) }) Describe("If domain is IDN", func() { - cert := &lib.Result{Domain: "xn--tst-rdd.com"} + cert := &lib.Result{Domain: "www.xn--tst-rdd.com"} It("should return true", func() { result := lib.IsMatchingCert(config, cert, reg) Expect(result).To(BeTrue()) - Expect(cert.IDN).To(Equal("tеst.com")) // e is cyrillic + Expect(cert.IDN).To(Equal("www.tеst.com")) // e is cyrillic }) }) }) + Describe("postToSlack", func() { + msg, _ := ioutil.ReadFile("../res/cert.json") + It("should return a valid payload", func() { + result, err := lib.ParseResultCertificate(msg) + slackPayload := lib.NewSlackPayload(config, result) + Expect(slackPayload.Text).Should(Equal("A certificate for *baden-mueller.de* has been issued")) + Expect(slackPayload.Username).Should(Equal("test")) + Expect(slackPayload.IconURL).Should(Equal("http://test")) + Expect(err).ToNot(HaveOccurred()) + }) + }) Describe("parseResultCertificate", func() { Describe("If cannot marshall message", func() { msg := []byte("") @@ -67,5 +80,17 @@ var _ = Describe("Handler", func() { Expect(err).ToNot(HaveOccurred()) }) }) + Describe("If message is for IDN", func() { + msg, _ := ioutil.ReadFile("../res/cert_idn.json") + It("should return valid infos", func() { + result, err := lib.ParseResultCertificate(msg) + lib.IsMatchingCert(config, result, reg) + Expect(result.Domain).Should(Equal("xn--badn-mullr-msiec.de")) + Expect(result.IDN).Should(Equal("badеn-muеllеr.de")) // e is cyrillic + Expect(result.SAN).Should(Equal([]string{"xn--badn-mullr-msiec.de", "www.baden-mueller.de"})) + Expect(result.Issuer).Should(Equal("Let's Encrypt")) + Expect(err).ToNot(HaveOccurred()) + }) + }) }) }) diff --git a/lib/slack.go b/lib/slack.go index 719881c..42069b4 100644 --- a/lib/slack.go +++ b/lib/slack.go @@ -25,16 +25,16 @@ type slackAttachment struct { // FooterIcon string `json:"footer_icon,omitempty"` } -// slackPayload -type slackPayload struct { +// SlackPayload represents a message to send to Slack +type SlackPayload struct { Text string `json:"text,omitempty"` Username string `json:"username,omitempty"` IconURL string `json:"icon_url,omitempty"` Attachments []slackAttachment `json:"attachments,omitempty"` } -// newSlackPayload generates a new Slack Payload -func newSlackPayload(config *Configuration, r *Result) slackPayload { +// NewSlackPayload generates a new Slack Payload +func NewSlackPayload(config *Configuration, r *Result) SlackPayload { var attachments []slackAttachment var attachment slackAttachment var fields []slackAttachmentField @@ -50,14 +50,21 @@ func newSlackPayload(config *Configuration, r *Result) slackPayload { field.Short = true fields = append(fields, field) + if r.IDN != "" { + field.Title = "IDN" + field.Value = r.IDN + field.Short = true + fields = append(fields, field) + } + field.Title = "SAN" field.Short = false - field.Value = strings.Join(r.SAN, ",") + field.Value = strings.Join(r.SAN, ", ") fields = append(fields, field) field.Title = "Addresses" field.Short = false - field.Value = strings.Join(r.Addresses, ",") + field.Value = strings.Join(r.Addresses, ", ") fields = append(fields, field) attachment.Fields = fields @@ -71,8 +78,8 @@ func newSlackPayload(config *Configuration, r *Result) slackPayload { domain += " (" + r.IDN + ")" } - return slackPayload{ - Text: "A certificate for *" + domain + "* has been issued", + return SlackPayload{ + Text: "A certificate for " + domain + " has been issued", Username: config.SlackUsername, IconURL: config.SlackIconURL, Attachments: attachments, @@ -80,7 +87,7 @@ func newSlackPayload(config *Configuration, r *Result) slackPayload { } // post posts to Slack a Payload -func (s slackPayload) post(config *Configuration) { +func (s SlackPayload) post(config *Configuration) { body, _ := json.Marshal(s) req, _ := http.NewRequest(http.MethodPost, config.SlackWebHookURL, bytes.NewBuffer(body)) req.Header.Add("Content-Type", "application/json") diff --git a/res/cert_idn.json b/res/cert_idn.json index 7964f08..a5b53cc 100644 --- a/res/cert_idn.json +++ b/res/cert_idn.json @@ -1 +1 @@ -{"data":{"cert_index":612101919,"cert_link":"http://ct.googleapis.com/logs/argon2020/ct/v1/get-entries?start=612101919&end=612101919","chain":[{"as_der":"MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==","extensions":{"authorityInfoAccess":"CA Issuers - URI:http://apps.identrust.com/roots/dstrootcax3.p7c\nOCSP - URI:http://isrg.trustid.ocsp.identrust.com\n","authorityKeyIdentifier":"keyid:C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10\n","basicConstraints":"CA:TRUE","certificatePolicies":"Policy: 1.3.6.1.4.1.44947.1.1.1\n CPS: http://cps.root-x1.letsencrypt.org","crlDistributionPoints":"Full Name:\n URI:http://crl.identrust.com/DSTROOTCAX3CRL.crl","keyUsage":"Digital Signature, Key Cert Sign, C R L Sign","subjectKeyIdentifier":"A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1"},"fingerprint":"E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB","not_after":1615999246,"not_before":1458232846,"serial_number":"A0141420000015385736A0B85ECA708","subject":{"C":"US","CN":"Let's Encrypt Authority X3","L":null,"O":"Let's Encrypt","OU":null,"ST":null,"aggregated":"/C=US/CN=Let's Encrypt Authority X3/O=Let's Encrypt"}},{"as_der":"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ","extensions":{"basicConstraints":"CA:TRUE","keyUsage":"Key Cert Sign, C R L Sign","subjectKeyIdentifier":"C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10"},"fingerprint":"DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13","not_after":1633010475,"not_before":970348339,"serial_number":"44AFB080D6A327BA893039862EF8406B","subject":{"C":null,"CN":"DST Root CA X3","L":null,"O":"Digital Signature Trust Co.","OU":null,"ST":null,"aggregated":"/CN=DST Root CA X3/O=Digital Signature Trust Co."}}],"leaf_cert":{"all_domains":["baden-mueller.de","www.baden-mueller.de"],"as_der":"MIIEezCCA2OgAwIBAgISA1Gm0sew3z+8nJrpo5Jj1naBMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA1MjQxODE3NDhaFw0yMDA4MjIxODE3NDhaMBsxGTAXBgNVBAMTEGJhZGVuLW11ZWxsZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSDtXT7WQQaNmnaH6+BxHwEz7eqHdTx/02HV7x/q9oozIKfWnfc4A3glkMdnJtZUjLlbV4sgAO4MBDNo65Qsq4L/GesRsVTczmYcAxnrfp8e/eK7wF08oqCvdHddXSHD82aXe/6Y6a3hiLEG+oBMDfG1Skwyt7NGNySlenz3EYEbc35IVoFKIkp2CyMV/nkKQPCgQBL10niEiQd9Q9bHDQJZsBtW59VVCy5K5kIPo6P5v295PCt0WTUppXagY2G/YGpQOmvsjl9MFjMZc4yOOd3RhGhcr2jgd9iF04TvownTxvQAU1EbKcXDHcoPVmhH5zDeiN1JbLNpW2wMf5Vr9VAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFE8R8swxvB64KS8VqcCaUcMFpEjAMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wMQYDVR0RBCowKIIQYmFkZW4tbXVlbGxlci5kZYIUd3d3LmJhZGVuLW11ZWxsZXIuZGUwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAIUMEOxJNwvA/pWwFm0BR0HClGdzSC1vQprBaZ6cedUM6b/wfAiCPNJXCvJyrfhJp4T1GcnwU5VnMLPE1/nwJ6LY3My86/M+eQn/3HRuXu3p1GFpp5k2cXsHB7VRlw5X78XVvsnYKc6giwOan7L8fL136EcplQTZRc/5qu9hvazeBOBQQc/lCeWceWz0ZDDVbU2IGvY6aF/SAQREOSq8jLVpEoXB0zwq3dXeEi+PfC2Ea03eOpo1y11nmRYB5Usi/GjMi7oXuBxVQMolJXJj38ziJcp1TT1sv2Ha/00F+Pudo54w1NEo04DbDD9yB2H9wTlMM4YsArmD3K22OGA8wNE=","extensions":{"authorityInfoAccess":"CA Issuers - URI:http://cert.int-x3.letsencrypt.org/\nOCSP - URI:http://ocsp.int-x3.letsencrypt.org\n","authorityKeyIdentifier":"keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1\n","basicConstraints":"CA:FALSE","certificatePolicies":"Policy: 1.3.6.1.4.1.44947.1.1.1\n CPS: http://cps.letsencrypt.org","ctlPoisonByte":true,"extendedKeyUsage":"TLS Web server authentication, TLS Web client authentication","keyUsage":"Digital Signature, Key Encipherment","subjectAltName":"DNS:www.baden-mueller.de, DNS:baden-mueller.de","subjectKeyIdentifier":"4F:11:F2:CC:31:BC:1E:B8:29:2F:15:A9:C0:9A:51:C3:05:A4:48:C0"},"fingerprint":"64:BF:49:41:3B:7A:FD:5D:C1:04:D9:44:64:9D:1C:25:13:A2:49:86","not_after":1598120268,"not_before":1590344268,"serial_number":"351A6D2C7B0DF3FBC9C9AE9A39263D67681","subject":{"C":null,"CN":"baden-mueller.de","L":null,"O":null,"OU":null,"ST":null,"aggregated":"/CN=baden-mueller.de"}},"seen":1590347943.736608,"source":{"name":"Google 'Argon2020' log","url":"ct.googleapis.com/logs/argon2020/"},"update_type":"PrecertLogEntry"},"message_type":"certificate_update"} \ No newline at end of file +{"data":{"cert_index":612101919,"cert_link":"http://ct.googleapis.com/logs/argon2020/ct/v1/get-entries?start=612101919&end=612101919","chain":[{"as_der":"MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==","extensions":{"authorityInfoAccess":"CA Issuers - URI:http://apps.identrust.com/roots/dstrootcax3.p7c\nOCSP - URI:http://isrg.trustid.ocsp.identrust.com\n","authorityKeyIdentifier":"keyid:C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10\n","basicConstraints":"CA:TRUE","certificatePolicies":"Policy: 1.3.6.1.4.1.44947.1.1.1\n CPS: http://cps.root-x1.letsencrypt.org","crlDistributionPoints":"Full Name:\n URI:http://crl.identrust.com/DSTROOTCAX3CRL.crl","keyUsage":"Digital Signature, Key Cert Sign, C R L Sign","subjectKeyIdentifier":"A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1"},"fingerprint":"E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB","not_after":1615999246,"not_before":1458232846,"serial_number":"A0141420000015385736A0B85ECA708","subject":{"C":"US","CN":"Let's Encrypt Authority X3","L":null,"O":"Let's Encrypt","OU":null,"ST":null,"aggregated":"/C=US/CN=Let's Encrypt Authority X3/O=Let's Encrypt"}},{"as_der":"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ","extensions":{"basicConstraints":"CA:TRUE","keyUsage":"Key Cert Sign, C R L Sign","subjectKeyIdentifier":"C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10"},"fingerprint":"DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13","not_after":1633010475,"not_before":970348339,"serial_number":"44AFB080D6A327BA893039862EF8406B","subject":{"C":null,"CN":"DST Root CA X3","L":null,"O":"Digital Signature Trust Co.","OU":null,"ST":null,"aggregated":"/CN=DST Root CA X3/O=Digital Signature Trust Co."}}],"leaf_cert":{"all_domains":["xn--badn-mullr-msiec.de","www.baden-mueller.de"],"as_der":"MIIEezCCA2OgAwIBAgISA1Gm0sew3z+8nJrpo5Jj1naBMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA1MjQxODE3NDhaFw0yMDA4MjIxODE3NDhaMBsxGTAXBgNVBAMTEGJhZGVuLW11ZWxsZXIuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSDtXT7WQQaNmnaH6+BxHwEz7eqHdTx/02HV7x/q9oozIKfWnfc4A3glkMdnJtZUjLlbV4sgAO4MBDNo65Qsq4L/GesRsVTczmYcAxnrfp8e/eK7wF08oqCvdHddXSHD82aXe/6Y6a3hiLEG+oBMDfG1Skwyt7NGNySlenz3EYEbc35IVoFKIkp2CyMV/nkKQPCgQBL10niEiQd9Q9bHDQJZsBtW59VVCy5K5kIPo6P5v295PCt0WTUppXagY2G/YGpQOmvsjl9MFjMZc4yOOd3RhGhcr2jgd9iF04TvownTxvQAU1EbKcXDHcoPVmhH5zDeiN1JbLNpW2wMf5Vr9VAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFE8R8swxvB64KS8VqcCaUcMFpEjAMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wMQYDVR0RBCowKIIQYmFkZW4tbXVlbGxlci5kZYIUd3d3LmJhZGVuLW11ZWxsZXIuZGUwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAIUMEOxJNwvA/pWwFm0BR0HClGdzSC1vQprBaZ6cedUM6b/wfAiCPNJXCvJyrfhJp4T1GcnwU5VnMLPE1/nwJ6LY3My86/M+eQn/3HRuXu3p1GFpp5k2cXsHB7VRlw5X78XVvsnYKc6giwOan7L8fL136EcplQTZRc/5qu9hvazeBOBQQc/lCeWceWz0ZDDVbU2IGvY6aF/SAQREOSq8jLVpEoXB0zwq3dXeEi+PfC2Ea03eOpo1y11nmRYB5Usi/GjMi7oXuBxVQMolJXJj38ziJcp1TT1sv2Ha/00F+Pudo54w1NEo04DbDD9yB2H9wTlMM4YsArmD3K22OGA8wNE=","extensions":{"authorityInfoAccess":"CA Issuers - URI:http://cert.int-x3.letsencrypt.org/\nOCSP - URI:http://ocsp.int-x3.letsencrypt.org\n","authorityKeyIdentifier":"keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1\n","basicConstraints":"CA:FALSE","certificatePolicies":"Policy: 1.3.6.1.4.1.44947.1.1.1\n CPS: http://cps.letsencrypt.org","ctlPoisonByte":true,"extendedKeyUsage":"TLS Web server authentication, TLS Web client authentication","keyUsage":"Digital Signature, Key Encipherment","subjectAltName":"DNS:www.baden-mueller.de, DNS:xn--badn-mullr-msiec.de","subjectKeyIdentifier":"4F:11:F2:CC:31:BC:1E:B8:29:2F:15:A9:C0:9A:51:C3:05:A4:48:C0"},"fingerprint":"64:BF:49:41:3B:7A:FD:5D:C1:04:D9:44:64:9D:1C:25:13:A2:49:86","not_after":1598120268,"not_before":1590344268,"serial_number":"351A6D2C7B0DF3FBC9C9AE9A39263D67681","subject":{"C":null,"CN":"xn--badn-mullr-msiec.de","L":null,"O":null,"OU":null,"ST":null,"aggregated":"/CN=xn--badn-mullr-msiec.de"}},"seen":1590347943.736608,"source":{"name":"Google 'Argon2020' log","url":"ct.googleapis.com/logs/argon2020/"},"update_type":"PrecertLogEntry"},"message_type":"certificate_update"} \ No newline at end of file