A library to build custom search tools for X.509 certificates
Here's an example of using x509search to scan through a tiled CT log for precertificates issued by Let's Encrypt:
package main
import (
"context"
"crypto/x509"
"fmt"
"os"
"time"
"github.com/letsencrypt/x509search"
"github.com/letsencrypt/x509search/staticctapi"
)
func main() {
rome2025h1, err := staticctapi.NewLog("https://rome2025h1.fly.storage.tigris.dev/")
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
now := time.Now()
search := x509search.Search{
// Filter by the Organization Name of the certificate issuer
Filter: func(cert *x509.Certificate) bool {
if len(cert.Issuer.Organization) != 1 {
return false
}
return cert.Issuer.Organization[0] == "Let's Encrypt"
},
// Print out the issuer and subject info every time there's a match
MatchCallback: func(cert *x509.Certificate) {
fmt.Printf("Issuer: %s Subject: %s\n", cert.Issuer.String(), cert.Subject.String())
},
// Configure a single data source: the Rome2025h1 tiled log
DataSources: []x509search.Sourcer{
staticctapi.DataSource{
Log: rome2025h1,
IncludePrecertificates: true,
IncludeCertificates: false,
StartTimeInclusive: now.Add(-3*time.Hour - 1*time.Minute),
EndTimeInclusive: now.Add(-3 * time.Hour),
MaxConnections: 10,
},
},
}
search.Execute(context.Background())
}