ctool/cmd/ctfetch/main.go

// Command ctfetch fetches and dumps entries from a Static CT log.
//
// Two modes:
//
//	ctfetch [flags] <log-url> <leaf-index> [+sct] [+issuer] [+ctlog]   fetch one entry by leaf index
//	ctfetch [flags] <tile-url-or-file>     [+sct] [+issuer] [+ctlog]   dump all entries in a tile
//
// (C) Copyright 2026 Pim van Pelt <pim@ipng.ch>
package main

import (
	"encoding/json"
	"flag"
	"fmt"
	"os"
	"strconv"
	"strings"

	"ctfetch/internal/utils"

	"filippo.io/sunlight"
	"golang.org/x/mod/sumdb/tlog"
)

func main() {
	logsListURL := flag.String("logs-list-url", "https://www.gstatic.com/ct/log_list/v3/all_logs_list.json", "URL of the CT log list JSON")
	monitoringURL := flag.String("monitoring-url", "", "log root URL for issuer lookups when input is a file")
	flag.Usage = func() {
		fmt.Fprintf(os.Stderr, "Usage:\n")
		fmt.Fprintf(os.Stderr, "  %s [flags] <log-url> <leaf-index> [+sct] [+issuer] [+ctlog]  fetch one entry\n", os.Args[0])
		fmt.Fprintf(os.Stderr, "  %s [flags] <tile-url-or-file> [+sct] [+issuer] [+ctlog]      dump all entries in a tile\n", os.Args[0])
		fmt.Fprintf(os.Stderr, "\nExamples:\n")
		fmt.Fprintf(os.Stderr, "  %s https://halloumi2026h1.mon.ct.ipng.ch 457683896 +sct +issuer +ctlog\n", os.Args[0])
		fmt.Fprintf(os.Stderr, "  %s https://halloumi2026h1.mon.ct.ipng.ch/tile/data/x002/x460/135 +sct\n", os.Args[0])
		fmt.Fprintf(os.Stderr, "  %s --monitoring-url https://halloumi2026h1.mon.ct.ipng.ch tile.bin +issuer\n", os.Args[0])
		fmt.Fprintf(os.Stderr, "\nFlags:\n")
		flag.PrintDefaults()
	}
	flag.Parse()

	if flag.NArg() < 1 {
		flag.Usage()
		os.Exit(1)
	}

	// Determine mode: if second positional arg parses as an integer → leaf-index mode.
	_, secondIsInt := func() (int64, bool) {
		if flag.NArg() < 2 {
			return 0, false
		}
		v, err := strconv.ParseInt(flag.Arg(1), 10, 64)
		return v, err == nil
	}()

	var modifiers []string
	if secondIsInt {
		modifiers = flag.Args()[2:]
	} else {
		modifiers = flag.Args()[1:]
	}

	opts := utils.Options{}
	for _, arg := range modifiers {
		switch arg {
		case "+sct":
			opts.ShowSCT = true
		case "+issuer":
			opts.ShowIssuer = true
		case "+ctlog":
			opts.ShowCTLog = true
		default:
			fatal("unknown argument %q (expected +sct, +issuer, or +ctlog)", arg)
		}
	}

	if opts.ShowCTLog && *logsListURL != "" {
		ctlogs, err := utils.FetchCTLogList(*logsListURL)
		if err != nil {
			fmt.Fprintf(os.Stderr, "WARNING: could not fetch CT log list: %v\n", err)
		} else {
			opts.CTLogs = ctlogs
		}
	}

	if secondIsInt {
		runLeafIndex(flag.Arg(0), flag.Arg(1), opts)
	} else {
		runTileDump(flag.Arg(0), *monitoringURL, opts)
	}
}

func runLeafIndex(logURL, indexStr string, opts utils.Options) {
	logURL = strings.TrimSuffix(logURL, "/")
	opts.LogURL = logURL

	leafIndex, err := strconv.ParseInt(indexStr, 10, 64)
	if err != nil {
		fatal("invalid leaf index: %v", err)
	}

	tile := tlog.TileForIndex(sunlight.TileHeight, tlog.StoredHashIndex(0, leafIndex))
	tile.L = -1

	partialPath := sunlight.TilePath(tile)
	fullTile := tile
	fullTile.W = sunlight.TileWidth
	fullPath := sunlight.TilePath(fullTile)

	positionInTile := leafIndex % sunlight.TileWidth

	fmt.Fprintf(os.Stderr, "Leaf Index: %d\n", leafIndex)
	fmt.Fprintf(os.Stderr, "Position in tile: %d\n", positionInTile)
	fmt.Fprintf(os.Stderr, "Partial tile path: %s\n", partialPath)
	fmt.Fprintf(os.Stderr, "Full tile path: %s\n", fullPath)

	partialURL := logURL + "/" + partialPath
	fmt.Fprintf(os.Stderr, "Trying: %s\n", partialURL)
	tileData, err := utils.FetchTile(partialURL)
	if err != nil {
		fullURL := logURL + "/" + fullPath
		fmt.Fprintf(os.Stderr, "Partial tile failed, trying: %s\n", fullURL)
		tileData, err = utils.FetchURL(fullURL)
		if err != nil {
			fatal("failed to fetch tile: %v", err)
		}
		fmt.Fprintf(os.Stderr, "Successfully fetched full tile\n")
	} else {
		fmt.Fprintf(os.Stderr, "Successfully fetched partial tile\n")
	}

	tileData, err = utils.Decompress(tileData)
	if err != nil {
		fatal("failed to decompress tile: %v", err)
	}
	fmt.Fprintf(os.Stderr, "Tile size: %d bytes\n\n", len(tileData))

	entry, err := utils.DumpEntryAtPosition(tileData, int(positionInTile), leafIndex, opts)
	if err != nil {
		fatal("%v", err)
	}
	printJSON(entry)
}

func runTileDump(arg, monitoringURL string, opts utils.Options) {
	var tileData []byte
	var err error

	if strings.HasPrefix(arg, "http://") || strings.HasPrefix(arg, "https://") {
		// Derive log root from tile URL for issuer lookups.
		if opts.ShowIssuer {
			if idx := strings.Index(arg, "/tile/"); idx != -1 {
				opts.LogURL = strings.TrimSuffix(arg[:idx], "/")
			} else if monitoringURL != "" {
				opts.LogURL = strings.TrimSuffix(monitoringURL, "/")
			} else {
				fatal("+issuer requires a log root URL; none could be derived from %q and --monitoring-url is not set", arg)
			}
		}
		fmt.Fprintf(os.Stderr, "Fetching: %s\n", arg)
		tileData, err = utils.FetchTile(arg)
		if err != nil {
			fatal("failed to fetch tile: %v", err)
		}
		fmt.Fprintf(os.Stderr, "Fetched %d bytes\n", len(tileData))
	} else {
		// File input.
		if opts.ShowIssuer {
			if monitoringURL != "" {
				opts.LogURL = strings.TrimSuffix(monitoringURL, "/")
			} else {
				fatal("+issuer requires --monitoring-url when input is a file")
			}
		}
		tileData, err = os.ReadFile(arg)
		if err != nil {
			fatal("failed to read file: %v", err)
		}
		fmt.Fprintf(os.Stderr, "Read %d bytes from %s\n", len(tileData), arg)
	}

	tileData, err = utils.Decompress(tileData)
	if err != nil {
		fatal("failed to decompress tile: %v", err)
	}
	fmt.Fprintf(os.Stderr, "Tile size: %d bytes\n\n", len(tileData))

	result, err := utils.DumpAllEntries(tileData, opts)
	if err != nil {
		fatal("%v", err)
	}
	printJSON(result)
}

func printJSON(v interface{}) {
	data, err := json.MarshalIndent(v, "", "  ")
	if err != nil {
		fatal("failed to marshal JSON: %v", err)
	}
	fmt.Println(string(data))
}

func fatal(format string, args ...any) {
	fmt.Fprintf(os.Stderr, "Error: "+format+"\n", args...)
	os.Exit(1)
}