roots

package

v0.0.0-...-142450a Latest Latest Go to latest Published: May 13, 2024 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/adem-wg/adem-proto

Links

Open Source Insights

Documentation ¶

Overview ¶

This file implements the checking of root key commitments for the Certificate Transparency API in v1.

Index ¶

Variables
func FetchAppleKnownLogs() error
func FetchGoogleKnownLogs() error
func GetLogClient(id string) (*client.LogClient, error)
func ReadKnownLogs(pattern string) error
func VerifyBinding(q CTQueryResult, issuer string, rootKey jwk.Key) error
func VerifyInclusion(cl *client.LogClient, hash []byte) ([]string, error)
type CTLog
type CTQueryResult
- func VerifyBindingCerts(iss string, key jwk.Key, logs []*tokens.LogConfig) []CTQueryResult
- func VerifyInclusionConfig(logs []*tokens.LogConfig) []CTQueryResult
type KnownLogs
type LogKey
- func (k *LogKey) UnmarshalJSON(bs []byte) (err error)
type Operator

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrCertNotForIss = errors.New("certificate is not valid for issuer OI")

View Source

var ErrCertNotForKey = errors.New("certificate is not valid for key")

View Source

var ErrIssNoHostName = errors.New("issuer has no hostname")

View Source

var ErrNoLogConfig = errors.New("no log claim")

View Source

var ErrUnknownLog = errors.New("unknown log")

View Source

var ErrWrongEntryType = errors.New("do not recognize entry type")

Functions ¶

func FetchAppleKnownLogs ¶

func FetchAppleKnownLogs() error

Load logs known to Apple.

func FetchGoogleKnownLogs ¶

func FetchGoogleKnownLogs() error

Load logs known to Google.

func GetLogClient ¶

func GetLogClient(id string) (*client.LogClient, error)

Get the log client associate to a CT log ID.

func ReadKnownLogs ¶

func ReadKnownLogs(pattern string) error

func VerifyBinding ¶

func VerifyBinding(q CTQueryResult, issuer string, rootKey jwk.Key) error

Verify that the rootKey is correctly bound to the issuer OI in the certificate's subjects referenced by the CT query.

func VerifyInclusion ¶

func VerifyInclusion(cl *client.LogClient, hash []byte) ([]string, error)

Verify that the given certificate hash is included in the log identified by the respective client.

Types ¶

type CTLog ¶

type CTLog struct {
	Key LogKey `json:"key"`
	Id  string `json:"log_id"`
	Url string `json:"url"`
}

type CTQueryResult ¶

type CTQueryResult struct {
	LogURL string
	LogID  string
	Ok     bool
	// contains filtered or unexported fields
}

func VerifyBindingCerts ¶

func VerifyBindingCerts(iss string, key jwk.Key, logs []*tokens.LogConfig) []CTQueryResult

Verify that the given key was correctly committed to the Certificate Transparency infrastructure for the given issuer.

func VerifyInclusionConfig ¶

func VerifyInclusionConfig(logs []*tokens.LogConfig) []CTQueryResult

Verify that the hashes in the log configs are included in the respective CT logs.

type KnownLogs ¶

type KnownLogs struct {
	Operators []Operator `json:"operators"`
}

Partial JSON scheme of [log_list_google] and [log_list_apple].

type LogKey ¶

type LogKey struct {
	// contains filtered or unexported fields
}

Wrapper type for JSON unmarshalling of CT log public keys.

func (*LogKey) UnmarshalJSON ¶

func (k *LogKey) UnmarshalJSON(bs []byte) (err error)

Decodes a base64-encoded JSON string into a CT log public key.

type Operator ¶

type Operator struct {
	Logs []CTLog `json:"logs"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL