Documentation
¶
Overview ¶
Package trust defines type Store, a unified interface for TRC and Certificate retrieval.
Index ¶
- Constants
- Variables
- type Store
- func (store *Store) GetChain(ctx context.Context, ia addr.IA, version uint64) (*cert.Chain, error)
- func (store *Store) GetTRC(ctx context.Context, isd addr.ISD, version uint64) (*trc.TRC, error)
- func (store *Store) GetValidChain(ctx context.Context, ia addr.IA, trail ...addr.ISD) (*cert.Chain, error)
- func (store *Store) GetValidTRC(ctx context.Context, isd addr.ISD, trail ...addr.ISD) (*trc.TRC, error)
- func (store *Store) NewChainReqHandler(recurse bool) infra.Handler
- func (store *Store) NewTRCReqHandler(recurse bool) infra.Handler
- func (store *Store) SetMessenger(msger infra.Messenger)
- type ValidateChainF
- type ValidateTRCF
Constants ¶
const ( // Handler lifetime HandlerTimeout = 3 * time.Second )
Variables ¶
var (
ErrEndOfTrail = "Reached end of trail, but no trusted TRC found"
)
Functions ¶
This section is empty.
Types ¶
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store manages requests for TRC and Certificate Chain objects.
Chain and TRC requests from the local process (running the trust store) are handled by GetValidChain/GetChain and GetValidTRC/GetTRC respectively, while requests from other services can be handled via NewXxxReqHandler methods.
By default, a Store object can only return objects that are already present in the database. To allow a Store to use the SCION network to retrieve objects from other infrastructure services, an infra.Messenger must be set with SetMessenger.
Store is backed by a sqlite3 database in package go/lib/infra/modules/trust/trustdb.
func NewStore ¶
NewStore initializes a TRC/Certificate Chain cache/resolver backed by db. Parameter local must specify the AS in which the trust store resides (which is used during request forwarding decisions). When sending infra messages, the trust store will use IDs starting from startID, and increment by one for each message.
func (*Store) GetChain ¶
GetChain asks the trust store to return a certificate chain of requested version without performing any verification. If the certificate chain is not available, it is requested from the authoritative CS.
func (*Store) GetTRC ¶
GetTRC asks the trust store to return a TRC of the requested version without performing any verification. If the TRC is not available, it is requested from the authoritative CS.
func (*Store) GetValidChain ¶
func (store *Store) GetValidChain(ctx context.Context, ia addr.IA, trail ...addr.ISD) (*cert.Chain, error)
GetValidChain asks the trust store to return a valid certificate chain for ia. Trail should contain a sequence of cross-signing ISDs to be used during validation, with the ISD of the certificate chain being the first one.
func (*Store) GetValidTRC ¶
func (store *Store) GetValidTRC(ctx context.Context, isd addr.ISD, trail ...addr.ISD) (*trc.TRC, error)
GetValidTRC asks the trust store to return a valid TRC for isd. Trail should contain a sequence of cross-signing ISDs to be used during validation, with the requested TRC being the first one.
func (*Store) NewChainReqHandler ¶
NewChainReqHandler returns an infra.Handler for Certificate Chain requests coming from a peer, backed by the trust store. If recurse is set to true, the handler is allowed to issue new TRC and Certificate Chain requests over the network. This method should only be used when servicing requests coming from remote nodes.
func (*Store) NewTRCReqHandler ¶
NewTRCReqHandler returns an infra.Handler for TRC requests coming from a peer, backed by the trust store. If recurse is set to true, the handler is allowed to issue new TRC requests over the network. This method should only be used when servicing requests coming from remote nodes.
func (*Store) SetMessenger ¶
SetMessenger enables network access for the trust store via msger.
Source Files
Directories