client

package

v0.0.0-...-6776cc2 Latest Latest Go to latest Published: Oct 18, 2016 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ckennelly/certificate-transparency

Links

Open Source Insights

Documentation ¶

Overview ¶

Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. See http://tools.ietf.org/html/rfc6962 for details

Index ¶

Constants
type GetEntriesResponse
- func GetRawEntries(ctx context.Context, httpClient *http.Client, logURL string, start, end int64) (*GetEntriesResponse, error)
type GetProofByHashResponse
type LeafEntry
type LogClient
- func New(uri string, hc *http.Client) *LogClient
- func NewWithPubKey(uri string, hc *http.Client, pemEncodedKey string) (*LogClient, error)

Constants ¶

View Source

const (
	AddChainPath          = "/ct/v1/add-chain"
	AddPreChainPath       = "/ct/v1/add-pre-chain"
	AddJSONPath           = "/ct/v1/add-json"
	GetSTHPath            = "/ct/v1/get-sth"
	GetEntriesPath        = "/ct/v1/get-entries"
	GetProofByHashPath    = "/ct/v1/get-proof-by-hash"
	GetSTHConsistencyPath = "/ct/v1/get-sth-consistency"
)

URI paths for CT Log endpoints

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type GetEntriesResponse ¶

type GetEntriesResponse struct {
	Entries []LeafEntry `json:"entries"` // the list of returned entries
}

GetEntriesResponse respresents the JSON response to the CT get-entries method.

func GetRawEntries ¶

func GetRawEntries(ctx context.Context, httpClient *http.Client, logURL string, start, end int64) (*GetEntriesResponse, error)

GetRawEntries exposes the /ct/v1/get-entries result with only the JSON parsing done.

type GetProofByHashResponse ¶

type GetProofByHashResponse struct {
	LeafIndex int64    `json:"leaf_index"` // The 0-based index of the end entity corresponding to the "hash" parameter.
	AuditPath [][]byte `json:"audit_path"` // An array of base64-encoded Merkle Tree nodes proving the inclusion of the chosen certificate.
}

GetProofByHashResponse represents the JSON response to the CT get-proof-by-hash method.

type LogClient ¶

type LogClient struct {
	// contains filtered or unexported fields
}

LogClient represents a client for a given CT Log instance

func New ¶

func New(uri string, hc *http.Client) *LogClient

New constructs a new LogClient instance. |uri| is the base URI of the CT log instance to interact with, e.g. http://ct.googleapis.com/pilot |hc| is the underlying client to be used for HTTP requests to the CT log.

func NewWithPubKey ¶

func NewWithPubKey(uri string, hc *http.Client, pemEncodedKey string) (*LogClient, error)

NewWithPubKey constructs a new LogClient instance that includes public key information for the log; this instance will check signatures on responses from the log.

func (*LogClient) AddChain ¶

func (c *LogClient) AddChain(chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddChain adds the (DER represented) X509 |chain| to the log.

func (*LogClient) AddChainWithContext ¶

func (c *LogClient) AddChainWithContext(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddChainWithContext adds the (DER represented) X509 |chain| to the log and fails if the provided context expires before the chain is submitted.

func (*LogClient) AddJSON ¶

func (c *LogClient) AddJSON(data interface{}) (*ct.SignedCertificateTimestamp, error)

AddJSON submits arbitrary data to to XJSON server.

func (*LogClient) AddPreChain ¶

func (c *LogClient) AddPreChain(chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddPreChain adds the (DER represented) Precertificate |chain| to the log.

func (*LogClient) GetEntries ¶

func (c *LogClient) GetEntries(start, end int64) ([]ct.LogEntry, error)

GetEntries attempts to retrieve the entries in the sequence [|start|, |end|] from the CT log server. (see section 4.6.) Returns a slice of LeafInputs or a non-nil error.

func (*LogClient) GetProofByHash ¶

func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*GetProofByHashResponse, error)

GetProofByHash returns an audit path for the hash of an SCT.

func (*LogClient) GetSTH ¶

func (c *LogClient) GetSTH() (sth *ct.SignedTreeHead, err error)

GetSTH retrieves the current STH from the log. Returns a populated SignedTreeHead, or a non-nil error.

func (*LogClient) GetSTHConsistency ¶

func (c *LogClient) GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)

GetSTHConsistency retrieves the consistency proof between two snapshots.

func (*LogClient) VerifySCTSignature ¶

func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype ct.LogEntryType, certData []ct.ASN1Cert) error

VerifySCTSignature checks the signature in sct for the given LogEntryType, with associated certificate chain.

func (*LogClient) VerifySTHSignature ¶

func (c *LogClient) VerifySTHSignature(sth ct.SignedTreeHead) error

VerifySTHSignature checks the signature in sth, returning any error encountered or nil if verification is successful.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
ctclient

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL