trillian/

directory
v0.0.0-...-00b7a0f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 7, 2022 License: Apache-2.0

README

Trillian CT Personality

This directory holds code and scripts for running a Certificate Transparency (CT) Log based on the Trillian general transparency Log.

Codebase Structure

The main code for the CT personality is held in trillian/ctfe; this code responds to HTTP requests on the CT API paths and translates them to the equivalent gRPC API requests to the Trillian Log.

This obviously relies on the gRPC API definitions at github.com/google/trillian; the code also uses common libraries from the Trillian project for various things including:

  • exposing monitoring and statistics via an interface and corresponding Prometheus implementation (github.com/google/trillian/monitoring/...)
  • dealing with cryptographic keys (github.com/google/trillian/crypto/...).

The trillian/integration/ directory holds scripts and tests for running the whole system locally. In particular:

  • trillian/integration/ct_integration_test.sh brings up local processes running a Trillian Log server, signer and a CT personality, and exercises the complete set of RFC 6962 API entrypoints.
  • trillian/integration/ct_hammer_test.sh brings up a complete system and runs a continuous randomized test of the CT entrypoints.

These scripts require a local database instance to be configured as described in the Trillian instructions.

Deployment

Deploying a Trillian-based CT Log involves more than just the code contained in this directory.

The Manual Deployment document describes the components and process involved in manually setting up a CT Log instance on individual machines.

The Containerized Deployment document describes the sample container scripts which make CT Log deployment easier and more automatic. However, if you're planning to operate a trusted CT Log (rather than simply experimenting/playing with the code) then you should expect to understand all of the information in the manual version – even if you use the containerized variant for deployment convenience.

Operation

Once all of the components for a Trillian-based CT Log have been deployed, log operators need to monitor and maintain the Log. The Operation document describes key considerations and gotchas for this ongoing process.

Directories

Path Synopsis
Package ctfe contains a usage example by providing an implementation of an RFC6962 compatible CT log server using a Trillian log server as backend storage via its GRPC API.
Package ctfe contains a usage example by providing an implementation of an RFC6962 compatible CT log server using a Trillian log server as backend storage via its GRPC API.
ct_server
The ct_server binary runs the CT personality.
The ct_server binary runs the CT personality.
testonly
Package testonly contains code and data that should only be used by tests.
Package testonly contains code and data that should only be used by tests.
Package integration holds test-only code for running tests on an integrated system of the CT personality and a Trillian log.
Package integration holds test-only code for running tests on an integrated system of the CT personality and a Trillian log.
ct_hammer
ct_hammer is a stress/load test for a CT log.
ct_hammer is a stress/load test for a CT log.
Migrillian tool transfers certs from CT logs to Trillian pre-ordered logs in the same order.
Migrillian tool transfers certs from CT logs to Trillian pre-ordered logs in the same order.
core
Package core provides transport-agnostic implementation of Migrillian tool.
Package core provides transport-agnostic implementation of Migrillian tool.
Package mockclient provides a mockable version of the Trillian log client API.
Package mockclient provides a mockable version of the Trillian log client API.
Package util provides general utility functions for the CT personality.
Package util provides general utility functions for the CT personality.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL