Documentation ¶
Overview ¶
Package fixchain holds code to help fix the validation chains for certificates.
Index ¶
Constants ¶
const ( None errorType = iota ParseFailure CannotFetchURL FixFailed LogPostFailed // Posting to log failed VerifyFailed )
FixError types
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FixAndLog ¶
type FixAndLog struct {
// contains filtered or unexported fields
}
FixAndLog contains a Fixer and a Logger, for all your fix-then-log-chain needs!
func NewFixAndLog ¶
func NewFixAndLog(ctx context.Context, fixerWorkerCount int, loggerWorkerCount int, errors chan<- *FixError, client *http.Client, logClient client.AddLogClient, limiter Limiter, logStats bool) *FixAndLog
NewFixAndLog creates an object that will asynchronously fix any chains that are added to its queue, and then log them to the Certificate Transparency log found at the given url. Any errors encountered along the way are pushed to the given errors channel.
func (*FixAndLog) QueueAllCertsInChain ¶
func (fl *FixAndLog) QueueAllCertsInChain(chain []*x509.Certificate)
QueueAllCertsInChain adds every cert in the chain and the chain to the queue to be fixed and logged.
func (*FixAndLog) QueueChain ¶
func (fl *FixAndLog) QueueChain(chain []*x509.Certificate)
QueueChain queues the given chain to be fixed wrt the roots of the logger contained in fl, and then logged to the Certificate Transparency log represented by the logger. Note: chain is expected to be in the order of cert --> root.
type FixError ¶
type FixError struct { Type errorType Cert *x509.Certificate // The supplied leaf certificate Chain []*x509.Certificate // The supplied chain URL string // URL, if a URL is involved Bad []byte // The offending certificate bytes, if applicable Error error // The error }
FixError is the struct with which errors in the fixing process are reported
func Fix ¶
func Fix(cert *x509.Certificate, chain []*x509.Certificate, roots *x509.CertPool, client *http.Client) ([][]*x509.Certificate, []*FixError)
Fix attempts to fix the certificate chain for the certificate that is passed to it, with respect to the given roots. Fix returns a list of successfully constructed chains, and a list of errors it encountered along the way. The presence of FixErrors does not mean the fix was unsuccessful. Callers should check for returned chains to determine success.
func UnmarshalJSON ¶
UnmarshalJSON converts the JSON representation of a FixError back to a FixError
func (FixError) MarshalJSON ¶
MarshalJSON converts a FixError to JSON
func (FixError) TypeString ¶
TypeString returns a string describing e.Type
type Fixer ¶
type Fixer struct {
// contains filtered or unexported fields
}
Fixer contains methods to asynchronously fix certificate chains and properties to store information about each attempt that is made to fix a certificate chain.
func NewFixer ¶
func NewFixer(workerCount int, chains chan<- []*x509.Certificate, errors chan<- *FixError, client *http.Client, logStats bool) *Fixer
NewFixer creates a new asynchronous fixer and starts up a pool of workerCount workers. Errors are pushed to the errors channel, and fixed chains are pushed to the chains channel. client is used to try to get any missing certificates that are needed when attempting to fix chains.
func (*Fixer) QueueChain ¶
func (f *Fixer) QueueChain(cert *x509.Certificate, chain []*x509.Certificate, roots *x509.CertPool)
QueueChain adds the given cert and chain to the queue to be fixed by the fixer, with respect to the given roots. Note: chain is expected to be in the order of cert --> root.
type Logger ¶
type Logger struct {
// contains filtered or unexported fields
}
Logger contains methods to asynchronously log certificate chains to a Certificate Transparency log and properties to store information about each attempt that is made to post a certificate chain to said log.
func NewLogger ¶
func NewLogger(ctx context.Context, workerCount int, errors chan<- *FixError, client client.AddLogClient, limiter Limiter, logStats bool) *Logger
NewLogger creates a new asynchronous logger to log chains to the Certificate Transparency log at the given url. It starts up a pool of workerCount workers. Errors are pushed to the errors channel. client is used to post the chains to the log.
func (*Logger) IsPosted ¶
func (l *Logger) IsPosted(cert *x509.Certificate) bool
IsPosted tells the caller whether a chain for the given certificate has already been successfully posted to the log by this Logger.
func (*Logger) QueueChain ¶
func (l *Logger) QueueChain(chain []*x509.Certificate)
QueueChain adds the given chain to the queue to be posted to the log.