#----------------------------------------------------------
# xcert -  Cert stacks of all TLS sessions in capture file
#
#  usage: xcert <capture-filename>
#
#---------------------------------------------------------
require 'win32ole'

raise "xcert <capture-filename>" unless ARGV.length ==1 

UnsniffDB = WIN32OLE.new("Unsniff.Database")
UnsniffDB.OpenForRead(ARGV[0])


# enumerable helper
class UWrap
  include Enumerable
  def initialize(w)
    @wrapped=w
  end
  def each(&block)
    @wrapped.each { |m| block.call(m) }
  end

end




# print cert stack of each cerficate pdu
UnsniffDB.PDUIndex.each  do |pdu|
        next unless pdu.Description =~ /Server Certificate/  


  print "\nCertificate chain for " + pdu.SenderAddress   + " to " + pdu.ReceiverAddress + "\n"


  handshake = UWrap.new(pdu.Fields).find do |f|
	  hst = f.FindField("Handshake Type")
	  hst and  hst.Value() == "11 (certificate)"
  end

  next unless handshake

  certstack = handshake.FindField("Certificate")


  certs = UWrap.new(certstack.SubFields).select { |f| f.Name == "ASN.1Cert" }

  indent =  4
  certs.each do |cert|
    subject = cert.FindField("subject")
    issuer = cert.FindField("issuer")

    sub,iss = {},{}

    [ [subject, sub], [issuer, iss] ].each do |a|
      a[0].SubFields.each  do |rdn|

        case rdn.FindField("type").Value 
          when /commonName/ 
            a[1][:cn]=rdn.FindField("DirectoryString").Value 
            ;
              
          when /organizationName/ 
            a[1][:on]=rdn.FindField("DirectoryString").Value 
            ;
        end
      end
    end
    print "  "*indent     + "#{sub[:cn]} (#{sub[:on]})\n"
    print "  "*(indent+1) +  "#{iss[:cn]} (#{iss[:on]})\n"
    indent = indent + 1

  end

end


UnsniffDB.Close