From 20376a66d52ea418213bb5ac7e9328cd0d513851 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@datawire.io>
Date: Wed, 26 Dec 2018 15:40:10 -0500
Subject: pem-diff: Learn about precertificates

---
 bin-src/crtsh-pem2html.go |  6 ++----
 bin-src/pem-diff.go       |  5 +++++
 bin-src/util/oid.go       | 10 ----------
 bin-src/util/rfc6962.go   | 26 ++++++++++++++++++++++++++
 4 files changed, 33 insertions(+), 14 deletions(-)
 delete mode 100644 bin-src/util/oid.go
 create mode 100644 bin-src/util/rfc6962.go

diff --git a/bin-src/crtsh-pem2html.go b/bin-src/crtsh-pem2html.go
index c0b815c..2c9debb 100644
--- a/bin-src/crtsh-pem2html.go
+++ b/bin-src/crtsh-pem2html.go
@@ -29,10 +29,8 @@ func handleBool(ok bool, str string, a ...interface{}) {
 }
 
 func rfc6962type(certX509 *x509.Certificate) string {
-	for _, ext := range certX509.Extensions {
-		if ext.Id.Equal(util.OID_RFC6962_Poison) {
-			return "Precertificate"
-		}
+	if util.IsPrecertificate(certX509) {
+		return "Precertificate"
 	}
 	return "Certificate"
 }
diff --git a/bin-src/pem-diff.go b/bin-src/pem-diff.go
index da27a62..0159349 100644
--- a/bin-src/pem-diff.go
+++ b/bin-src/pem-diff.go
@@ -10,6 +10,8 @@ import (
 	"os"
 	"sort"
 	"strings"
+
+	"./util"
 )
 
 func handleErr(err error, str string, a ...interface{}) {
@@ -89,6 +91,9 @@ func readCrtSh(filename string, hosts []string) (map[string]Cert, error) {
 		if err != nil {
 			return nil, err
 		}
+		if util.IsPrecertificate(certX509) {
+			continue
+		}
 		for _, host := range hosts {
 			if certX509.VerifyHostname(host) == nil {
 				if old, haveold := ret[host]; !haveold || certX509.NotBefore.After(old.X509.NotBefore) {
diff --git a/bin-src/util/oid.go b/bin-src/util/oid.go
deleted file mode 100644
index b9fee4c..0000000
--- a/bin-src/util/oid.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package util
-
-import (
-	"encoding/asn1"
-)
-
-var (
-	OID_RFC6962_SCTs   = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2}
-	OID_RFC6962_Poison = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3}
-)
diff --git a/bin-src/util/rfc6962.go b/bin-src/util/rfc6962.go
new file mode 100644
index 0000000..46a531b
--- /dev/null
+++ b/bin-src/util/rfc6962.go
@@ -0,0 +1,26 @@
+package util
+
+import (
+	"crypto/x509"
+	"encoding/asn1"
+
+	//"fmt"
+	//"os"
+)
+
+var (
+	oidSCTs                 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2}
+	oidPrecertificatePoison = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3}
+)
+
+func IsPrecertificate(certX509 *x509.Certificate) bool {
+	for _, ext := range certX509.Extensions {
+		//fmt.Fprintln(os.Stderr, "ext", ext)	
+		if ext.Id.Equal(oidPrecertificatePoison) {
+			//fmt.Fprintln(os.Stderr, "t")
+			return true
+		}
+	}
+	//fmt.Fprintln(os.Stderr, "f")
+	return false
+}
-- 
cgit v1.2.3