Documentation ¶
Overview ¶
This file implements the checking of root key commitments for the Certificate Transparency API in v1.
Index ¶
- Variables
- func FetchAppleKnownLogs() error
- func FetchGoogleKnownLogs() error
- func GetLogClient(id string) (*client.LogClient, error)
- func ReadKnownLogs(pattern string) error
- func VerifyBinding(q CTQueryResult, issuer string, rootKey jwk.Key) error
- func VerifyInclusion(cl *client.LogClient, hash []byte) ([]string, error)
- type CTLog
- type CTQueryResult
- type KnownLogs
- type LogKey
- type Operator
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrCertNotForIss = errors.New("certificate is not valid for issuer OI")
View Source
var ErrCertNotForKey = errors.New("certificate is not valid for key")
View Source
var ErrIssNoHostName = errors.New("issuer has no hostname")
View Source
var ErrNoLogConfig = errors.New("no log claim")
View Source
var ErrUnknownLog = errors.New("unknown log")
View Source
var ErrWrongEntryType = errors.New("do not recognize entry type")
Functions ¶
func GetLogClient ¶
Get the log client associate to a CT log ID.
func ReadKnownLogs ¶
func VerifyBinding ¶
func VerifyBinding(q CTQueryResult, issuer string, rootKey jwk.Key) error
Verify that the rootKey is correctly bound to the issuer OI in the certificate's subjects referenced by the CT query.
Types ¶
type CTQueryResult ¶
type CTQueryResult struct { LogURL string LogID string Ok bool // contains filtered or unexported fields }
func VerifyBindingCerts ¶
Verify that the given key was correctly committed to the Certificate Transparency infrastructure for the given issuer.
func VerifyInclusionConfig ¶
func VerifyInclusionConfig(logs []*tokens.LogConfig) []CTQueryResult
Verify that the hashes in the log configs are included in the respective CT logs.
type KnownLogs ¶
type KnownLogs struct {
Operators []Operator `json:"operators"`
}
Partial JSON scheme of [log_list_google] and [log_list_apple].
type LogKey ¶
type LogKey struct {
// contains filtered or unexported fields
}
Wrapper type for JSON unmarshalling of CT log public keys.
func (*LogKey) UnmarshalJSON ¶
Decodes a base64-encoded JSON string into a CT log public key.
Click to show internal directories.
Click to hide internal directories.