Documentation
¶
Overview ¶
Package ctpolicy contains structs describing CT policy requirements and corresponding logic.
Index ¶
Constants ¶
const (
// BaseName is name for the group covering all logs.
BaseName = "All-logs"
)
Variables ¶
This section is empty.
Functions ¶
func GroupByLogs ¶
func GroupByLogs(lg LogPolicyData) map[string]GroupSet
GroupByLogs reverses match-map between Logs and Groups. Returns map from log-URLs to set of Group-names that contain the log.
Types ¶
type AppleCTPolicy ¶
type AppleCTPolicy struct{}
AppleCTPolicy implements logic for complying with Apple's CT log policy.
func (AppleCTPolicy) LogsByGroup ¶
func (appleP AppleCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist2.LogList) (LogPolicyData, error)
LogsByGroup describes submission requirements for embedded SCTs according to https://support.apple.com/en-us/HT205280. Returns an error if it's not possible to satisfy the policy with the provided loglist.
func (AppleCTPolicy) Name ¶
func (appleP AppleCTPolicy) Name() string
Name returns label for the submission policy.
type CTPolicy ¶
type CTPolicy interface {
// LogsByGroup provides info on Log-grouping. Returns an error if it's not
// possible to satisfy the policy with the provided loglist.
LogsByGroup(cert *x509.Certificate, approved *loglist2.LogList) (LogPolicyData, error)
Name() string
}
CTPolicy interface describes requirements determined for logs in terms of per-group-submit.
type ChromeCTPolicy ¶
type ChromeCTPolicy struct {
}
ChromeCTPolicy implements logic for complying with Chrome's CT log policy
func (ChromeCTPolicy) LogsByGroup ¶
func (chromeP ChromeCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist2.LogList) (LogPolicyData, error)
LogsByGroup describes submission requirements for embedded SCTs according to https://github.com/chromium/ct-policy/blob/master/ct_policy.md#qualifying-certificate. Returns an error if it's not possible to satisfy the policy with the provided loglist.
func (ChromeCTPolicy) Name ¶
func (chromeP ChromeCTPolicy) Name() string
Name returns label for the submission policy.
type LogGroupInfo ¶
type LogGroupInfo struct {
Name string
LogURLs map[string]bool // set of members
MinInclusions int // Required number of submissions.
IsBase bool // True only for Log-group covering all logs.
LogWeights map[string]float32 // weights used for submission, default weight is 1
// contains filtered or unexported fields
}
LogGroupInfo holds information on a single group of logs specified by Policy.
func BaseGroupFor ¶
func BaseGroupFor(approved *loglist2.LogList, incCount int) (*LogGroupInfo, error)
BaseGroupFor creates and propagates all-log group.
func (*LogGroupInfo) GetSubmissionSession ¶
func (group *LogGroupInfo) GetSubmissionSession() []string
GetSubmissionSession produces list of log-URLs of the Log-group. Order of the list is weighted random defined by Log-weights within the group
func (*LogGroupInfo) SetLogWeight ¶
func (group *LogGroupInfo) SetLogWeight(logURL string, w float32) error
SetLogWeight tries setting the weight for a single Log of the Log-group. Does not reset the weight and returns error if weight is non-positive and its setting will result in inability to reach minimal inclusion number.
func (*LogGroupInfo) SetLogWeights ¶
func (group *LogGroupInfo) SetLogWeights(weights map[string]float32) error
SetLogWeights applies suggested weights to the Log-group. Does not reset weights and returns error when there are not enough positive weights provided to reach minimal inclusion number.
type LogPolicyData ¶
type LogPolicyData map[string]*LogGroupInfo
LogPolicyData contains info on log-partition and submission requirements for a single cert. Key always matches value Name field.
func (LogPolicyData) TotalLogs ¶
func (groups LogPolicyData) TotalLogs() int
TotalLogs returns number of logs within set of Log-groups. Taking possible intersection into account.
Source Files