canari 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: eed48dec494e225babfa73dca64d9c3cdabaa01de2db3b958e134bc1a5e100aa
+  data.tar.gz: a03a4f319a2056fa64e98b7561916063b081a467fe9f0a093b6c614e4e6cf20a
+SHA512:
+  metadata.gz: 48db2f2f19292c4f7d62a380b974dafc432f6c00d3b4f7a90fcc42c55ed58f7f0d51aa9279ad10e2f99b5baacbaa05c11f396dc341866c55e43c3d3821161e43
+  data.tar.gz: 16a8b3639454595049007a05146f511ea5dffa519b4caf6027bbedd535af931f19b9a30ca3708b157a9a03b714eae6365576619f2e2c79f9e37977e03a250e8c

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+domains.txt
+canari.yml

data/.ruby-version

@@ -0,0 +1 @@
+2.6.1

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.1
+before_install: gem install bundler -v 1.16.2

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in canari.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,58 @@
+PATH
+  remote: .
+  specs:
+    canari (0.1.0)
+      dalli (~> 2.7)
+      eventmachine (~> 1.2)
+      mail (~> 2.7)
+      permessage_deflate (~> 0.1)
+      thor (~> 0.19)
+      websocket-driver (~> 0.7)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coveralls (0.8.22)
+      json (>= 1.8, < 3)
+      simplecov (~> 0.16.1)
+      term-ansicolor (~> 1.3)
+      thor (~> 0.19.4)
+      tins (~> 1.6)
+    dalli (2.7.9)
+    docile (1.3.1)
+    eventmachine (1.2.7)
+    json (2.2.0)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    mini_mime (1.0.1)
+    minitest (5.11.3)
+    minitest-implicit-subject (1.4.0)
+      minitest
+    permessage_deflate (0.1.4)
+    rake (10.5.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    term-ansicolor (1.7.1)
+      tins (~> 1.0)
+    thor (0.19.4)
+    tins (1.20.2)
+    websocket-driver (0.7.0)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  canari!
+  coveralls (~> 0.8, >= 0.8.9)
+  minitest (~> 5.0)
+  minitest-implicit-subject (~> 1.4)
+  rake (~> 10.0)
+
+BUNDLED WITH
+   1.17.2

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Jef Mathiot
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,53 @@
+# Canari
+
+A gem to monitor TLS certificates using Cert Stream
+
+## Installation
+
+Install the gem (deployment to Rubygems coming soon) :
+
+```ruby
+gem install canari
+```
+
+Install memcached and create the `canari.yml` configuration file:
+
+```
+---
+:memcached:
+  :host: localhost
+  :port: 11211
+  :namespace: canari
+:smtp:
+  :address: smtp.server.example
+  :port: 25
+:notifier:
+  :from: your-email@example.com
+  :to: your-email@example.com
+```
+
+Create the `domains.txt` file containing the domain names you'd like to
+monitor, one name per line:
+
+```
+google.com
+gouv.fr
+fr
+...
+```
+
+Please notice each match, even a partial one, will trigger an
+email notification. In the example above, every certificate issued for the
+`.fr` TLD would result in a notification.
+
+Then execute:
+
+    $ canari start
+
+More options available using:
+
+    $ canari help
+
+Or:
+
+    $ canari help start

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'spec'
+  t.libs << 'lib'
+  t.test_files = FileList['spec/**/*_spec.rb']
+end
+
+task default: :test

data/bin/canari

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+require 'canari/cli'
+
+# See https://github.com/erikhuda/thor/issues/244
+Thor.send(:define_singleton_method, :exit_on_failure?) { true }
+Canari::CLI.start(ARGV)

data/canari.gemspec

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'canari/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'canari'
+  spec.version       = Canari::VERSION
+  spec.authors       = ['Jef Mathiot']
+  spec.email         = ['jef@nonblocking.info']
+
+  spec.summary       = 'A gem to monitor TLS certificates using Cert Stream.'
+  spec.description   = 'A gem to monitor TLS certificates using Cert Stream.'
+  spec.homepage      = 'https://github.com/jefmathiot/canari'
+  spec.license       = 'MIT'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'bin'
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'coveralls', '~> 0.8', '>= 0.8.9'
+  spec.add_development_dependency 'minitest', '~> 5.0'
+  spec.add_development_dependency 'minitest-implicit-subject', '~> 1.4'
+  spec.add_development_dependency 'rake', '~> 10.0'
+
+  spec.add_dependency 'dalli', '~> 2.7'
+  spec.add_dependency 'eventmachine', '~> 1.2'
+  spec.add_dependency 'mail', '~> 2.7'
+  spec.add_dependency 'permessage_deflate', '~> 0.1'
+  spec.add_dependency 'thor', '~> 0.19'
+  spec.add_dependency 'websocket-driver', '~> 0.7'
+end

data/docker-compose.yml

@@ -0,0 +1,7 @@
+version: "3"
+services:
+  memcached:
+    image: memcached
+    command: memcached -m 128
+    ports:
+      - "11211:11211"

data/lib/canari/cert_stream.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'websocket/driver'
+require 'permessage_deflate'
+require 'json'
+require 'uri'
+
+module Canari
+  module CertStream
+    attr_accessor :url
+
+    def connection_completed
+      @driver = WebSocket::Driver.client(self)
+      @driver.add_extension(PermessageDeflate)
+      attach_listeners
+      @driver.start
+    end
+
+    def receive_data(data)
+      @driver.parse(data)
+    end
+
+    def write(data)
+      send_data(data)
+    end
+
+    def finalize(event)
+      Canari.logger.info "Connection closed, #{event.code}: #{event.reason}"
+      close_connection
+      Canari.logger.info 'Reconnecting'
+      reconnect(uri.host, 443)
+    end
+
+    def uri
+      URI.parse(url)
+    end
+
+    def attach_listeners
+      @driver.on(:open)    { |_event| Canari.logger.info 'Connection opened' }
+      @driver.on(:message) do |event|
+        handle_message(event.data)
+      end
+      @driver.on(:close) { |event| finalize(event) }
+    end
+
+    def handle_message(data)
+      data = JSON.parse(data)
+      return unless data['message_type'] == 'certificate_update'
+
+      cert = data['data']['leaf_cert']
+      matching_names = DomainCache.fetch(cert['all_domains'])
+      return unless matching_names.any?
+
+      Canari.logger.info "Certificate matching #{matching_names}"
+      Notifier.notify(matching_names, data)
+    end
+  end
+end

data/lib/canari/cli.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'thor'
+require 'canari'
+require 'eventmachine'
+require 'net/http'
+require 'uri'
+require 'logger'
+require 'yaml'
+require 'dalli'
+
+module Canari
+  # Command-line interface.
+  class CLI < Thor
+    desc 'start', 'Start monitoring TLS certificates'
+    method_option :config, aliases: %i[c], default: 'canari.yml'
+    method_option :domains, aliases: %i[d], default: 'domains.txt'
+    def start
+      Canari.load_config(options[:config])
+      DomainCache.preload(options[:domains])
+      run(URI.parse('wss://certstream.calidog.io'))
+      loop do
+        sleep 1
+      end
+    end
+
+    def run(uri)
+      EM.run do
+        EM.connect(uri.host, 443, CertStream) do |stream|
+          stream.url = uri.to_s
+          stream.start_tls(sni_hostname: uri.host)
+        end
+      end
+    end
+  end
+
+  def self.logger
+    @logger ||= Logger.new(STDOUT)
+  end
+
+  def self.load_config(file)
+    config = @config = YAML.safe_load(
+      File.open(File.expand_path(file)), [Symbol]
+    )
+    Mail.defaults do
+      delivery_method :smtp, config[:smtp]
+    end
+  end
+
+  def self.config
+    @config
+  end
+end

data/lib/canari/domain_cache.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Canari
+  # Store and retrieve domains from Memcached
+  class DomainCache
+    class << self
+      def preload(domains_file)
+        cache.flush
+        count = 0
+        File.readlines(File.expand_path(domains_file)).each do |line|
+          line = line.strip
+          next if line.start_with?('#')
+
+          cache.set(line, 1)
+          count += 1
+        end
+        Canari.logger.info "Preloaded #{count} domains"
+      end
+
+      def fetch(domains)
+        keys = variants(domains)
+        cache.get_multi(keys).keys
+      end
+
+      def variants(domains)
+        domains.map do |domain|
+          domain = domain.split('.').reject { |part| part == '*' }.join('.')
+          [domain].tap do |values|
+            until domain.empty?
+              domain = domain.split('.').drop(1).join('.')
+              values << domain unless domain.empty?
+            end
+          end
+        end.flatten.uniq
+      end
+
+      def cache
+        return @cache if @cache
+
+        mconfig = Canari.config[:memcached]
+        @cache = Dalli::Client.new("#{mconfig[:host]}:#{mconfig[:port]}",
+                                   namespace: mconfig[:namespace])
+      end
+    end
+  end
+end

data/lib/canari/notifier.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'mail'
+
+module Canari
+  # Send email notifications.
+  module Notifier
+    class << self
+      def notify(matching, payload)
+        Mail.new do
+          from Canari.config[:notifier][:from]
+          to Canari.config[:notifier][:to]
+          subject 'New match in the Certificate Transparency Log network'
+          body 'A new certificate has been emitted matching: ' \
+               "#{matching.join(', ')}. See the attached file for details."
+          add_file filename: 'certificate.json',
+                   content: JSON.pretty_print(payload)
+        end.deliver
+      end
+    end
+  end
+end

data/lib/canari/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Canari
+  VERSION = '0.1.0'.freeze
+end

data/lib/canari.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'canari/version'
+require 'canari/cert_stream'
+require 'canari/domain_cache'
+require 'canari/notifier'
+
+module Canari
+  def self.version
+    VERSION
+  end
+end

metadata

@@ -0,0 +1,221 @@
+--- !ruby/object:Gem::Specification
+name: canari
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Jef Mathiot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-03-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.9
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.9
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: minitest-implicit-subject
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: dalli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: permessage_deflate
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+- !ruby/object:Gem::Dependency
+  name: websocket-driver
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+description: A gem to monitor TLS certificates using Cert Stream.
+email:
+- jef@nonblocking.info
+executables:
+- canari
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/canari
+- canari.gemspec
+- docker-compose.yml
+- lib/canari.rb
+- lib/canari/cert_stream.rb
+- lib/canari/cli.rb
+- lib/canari/domain_cache.rb
+- lib/canari/notifier.rb
+- lib/canari/version.rb
+homepage: https://github.com/jefmathiot/canari
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.1
+signing_key: 
+specification_version: 4
+summary: A gem to monitor TLS certificates using Cert Stream.
+test_files: []