Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ASN1Certificate ¶
type ASN1Certificate struct { Raw asn1.RawContent TBSCertificate asn1.RawValue SignatureAlgorithm pkix.AlgorithmIdentifier SignatureValue asn1.BitString }
ASN1Certificate holds the top-level asn1 fields in a certificate.
It is used to determine if a certificate contains well-formed asn1 data or is corrupted.
type MatchAll ¶
type MatchAll struct{}
MatchAll is a Matcher which will match every possible Certificate and Precertificate.
func (MatchAll) CertificateMatches ¶
func (m MatchAll) CertificateMatches(_ *x509.Certificate) bool
func (MatchAll) PrecertificateMatches ¶
func (m MatchAll) PrecertificateMatches(_ *ct.Precertificate) bool
type MatchIssuerRegex ¶
type MatchIssuerRegex struct { CertificateIssuerRegex *regexp.Regexp PrecertificateIssuerRegex *regexp.Regexp }
Matches on issuer cn by regex
func (MatchIssuerRegex) CertificateMatches ¶
func (m MatchIssuerRegex) CertificateMatches(c *x509.Certificate) bool
func (MatchIssuerRegex) PrecertificateMatches ¶
func (m MatchIssuerRegex) PrecertificateMatches(p *ct.Precertificate) bool
type MatchNone ¶
type MatchNone struct{}
MatchNone is a Matcher which will never match any Certificate or Precertificate.
func (MatchNone) CertificateMatches ¶
func (m MatchNone) CertificateMatches(_ *x509.Certificate) bool
func (MatchNone) PrecertificateMatches ¶
func (m MatchNone) PrecertificateMatches(_ *ct.Precertificate) bool
type MatchSerialNumber ¶
func (MatchSerialNumber) CertificateMatches ¶
func (m MatchSerialNumber) CertificateMatches(c *x509.Certificate) bool
func (MatchSerialNumber) PrecertificateMatches ¶
func (m MatchSerialNumber) PrecertificateMatches(p *ct.Precertificate) bool
type MatchSubjectRegex ¶
type MatchSubjectRegex struct { CertificateSubjectRegex *regexp.Regexp PrecertificateSubjectRegex *regexp.Regexp }
MatchSubjectRegex is a Matcher which will use |CertificateSubjectRegex| and |PrecertificateSubjectRegex| to determine whether Certificates and Precertificates are interesting. The two regexes are tested against Subject Common Name as well as all Subject Alternative Names
func (MatchSubjectRegex) CertificateMatches ¶
func (m MatchSubjectRegex) CertificateMatches(c *x509.Certificate) bool
Returns true if either CN or any SAN of |c| matches |CertificateSubjectRegex|.
func (MatchSubjectRegex) PrecertificateMatches ¶
func (m MatchSubjectRegex) PrecertificateMatches(p *ct.Precertificate) bool
Returns true if either CN or any SAN of |p| matches |PrecertificatesubjectRegex|.
type Matcher ¶
type Matcher interface { // CertificateMatches is called by the scanner for each X509 Certificate found in the log. // The implementation should return |true| if the passed Certificate is interesting, and |false| otherwise. CertificateMatches(*x509.Certificate) bool // PrecertificateMatches is called by the scanner for each CT Precertificate found in the log. // The implementation should return |true| if the passed Precertificate is interesting, and |false| otherwise. PrecertificateMatches(*ct.Precertificate) bool }
Clients wishing to implement their own Matchers should implement this interface:
type Scanner ¶
type Scanner struct {
// contains filtered or unexported fields
}
Scanner is a tool to scan all the entries in a CT Log.
func NewScanner ¶
Creates a new Scanner instance using |client| to talk to the log, and taking configuration options from |opts|.
func (*Scanner) Scan ¶
func (s *Scanner) Scan(foundCert func(*ct.LogEntry, string), foundPrecert func(*ct.LogEntry, string), updater chan int64) (int64, error)
Performs a scan against the Log. For each x509 certificate found, |foundCert| will be called with the index of the entry and certificate itself as arguments. For each precert found, |foundPrecert| will be called with the index of the entry and the raw precert string as the arguments.
This method blocks until the scan is complete.
type ScannerOptions ¶
type ScannerOptions struct { // Custom matcher for x509 Certificates, functor will be called for each // Certificate found during scanning. Matcher Matcher // Match precerts only (Matcher still applies to precerts) PrecertOnly bool // Number of entries to request in one batch from the Log BatchSize int64 // Number of concurrent matchers to run NumWorkers int // Number of concurrent fethers to run ParallelFetch int // Log entry index to start fetching & matching at StartIndex int64 // Don't print any status messages to stdout Quiet bool // The name of the CT server we're pulling certs from Name string MaximumIndex int64 // Always output encountered certificates, so long as they are valid ASN.1 IgnoreParsingErrors bool }
ScannerOptions holds configuration options for the Scanner
func DefaultScannerOptions ¶
func DefaultScannerOptions() *ScannerOptions
Creates a new ScannerOptions struct with sensible defaults