client

package
v1.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 11, 2024 License: Apache-2.0 Imports: 16 Imported by: 329

Documentation

Overview

Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. See http://tools.ietf.org/html/rfc6962 for details

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func TemporalLogConfigFromFile

func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, error)

TemporalLogConfigFromFile creates a TemporalLogConfig object from the given filename, which should contain text-protobuf encoded configuration data.

Types

type AddLogClient

type AddLogClient interface {
	AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
	AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
	GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
}

AddLogClient is an interface that allows adding certificates and pre-certificates to a log. Both LogClient and TemporalLogClient implement this interface, which allows users to commonize code for adding certs to normal/temporal logs.

type CheckLogClient added in v1.0.12

type CheckLogClient interface {
	BaseURI() string
	GetSTH(context.Context) (*ct.SignedTreeHead, error)
	GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)
	GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)
}

CheckLogClient is an interface that allows (just) checking of various log contents.

type LogClient

type LogClient struct {
	jsonclient.JSONClient
}

LogClient represents a client for a given CT Log instance

func New

func New(uri string, hc *http.Client, opts jsonclient.Options) (*LogClient, error)

New constructs a new LogClient instance. |uri| is the base URI of the CT log instance to interact with, e.g. https://ct.googleapis.com/pilot |hc| is the underlying client to be used for HTTP requests to the CT log. |opts| can be used to provide a custom logger interface and a public key for signature verification.

func (*LogClient) AddChain

func (c *LogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddChain adds the (DER represented) X509 |chain| to the log.

func (*LogClient) AddPreChain

func (c *LogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddPreChain adds the (DER represented) Precertificate |chain| to the log.

func (*LogClient) GetAcceptedRoots

func (c *LogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)

GetAcceptedRoots retrieves the set of acceptable root certificates for a log.

func (*LogClient) GetEntries

func (c *LogClient) GetEntries(ctx context.Context, start, end int64) ([]ct.LogEntry, error)

GetEntries attempts to retrieve the entries in the sequence [start, end] from the CT log server (RFC6962 s4.6) as parsed [pre-]certificates for convenience, held in a slice of ct.LogEntry structures. However, this does mean that any certificate parsing failures will cause a failure of the whole retrieval operation; for more robust retrieval of parsed certificates, use GetRawEntries() and invoke ct.LogEntryFromLeaf() on each individual entry.

func (*LogClient) GetEntryAndProof added in v1.0.18

func (c *LogClient) GetEntryAndProof(ctx context.Context, index, treeSize uint64) (*ct.GetEntryAndProofResponse, error)

GetEntryAndProof returns a log entry and audit path for the index of a leaf.

func (*LogClient) GetProofByHash

func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)

GetProofByHash returns an audit path for the hash of an SCT.

func (*LogClient) GetRawEntries

func (c *LogClient) GetRawEntries(ctx context.Context, start, end int64) (*ct.GetEntriesResponse, error)

GetRawEntries exposes the /ct/v1/get-entries result with only the JSON parsing done.

func (*LogClient) GetSTH

func (c *LogClient) GetSTH(ctx context.Context) (*ct.SignedTreeHead, error)

GetSTH retrieves the current STH from the log. Returns a populated SignedTreeHead, or a non-nil error (which may be of type RspError if a raw http.Response is available).

func (*LogClient) GetSTHConsistency

func (c *LogClient) GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)

GetSTHConsistency retrieves the consistency proof between two snapshots.

func (*LogClient) VerifySCTSignature

func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype ct.LogEntryType, certData []ct.ASN1Cert) error

VerifySCTSignature checks the signature in sct for the given LogEntryType, with associated certificate chain.

func (*LogClient) VerifySTHSignature

func (c *LogClient) VerifySTHSignature(sth ct.SignedTreeHead) error

VerifySTHSignature checks the signature in sth, returning any error encountered or nil if verification is successful.

type RspError

type RspError = jsonclient.RspError

RspError represents a server error including HTTP information.

type TemporalLogClient

type TemporalLogClient struct {
	Clients []*LogClient
	// contains filtered or unexported fields
}

TemporalLogClient allows [pre-]certificates to be uploaded to a temporal log.

func NewTemporalLogClient

func NewTemporalLogClient(cfg *configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error)

NewTemporalLogClient builds a new client for interacting with a temporal log. The provided config should be contiguous and chronological.

func (*TemporalLogClient) AddChain

AddChain adds the (DER represented) X509 chain to the appropriate log.

func (*TemporalLogClient) AddPreChain

func (tlc *TemporalLogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddPreChain adds the (DER represented) Precertificate chain to the appropriate log.

func (*TemporalLogClient) GetAcceptedRoots

func (tlc *TemporalLogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)

GetAcceptedRoots retrieves the set of acceptable root certificates for all of the shards of a temporal log (i.e. the union).

func (*TemporalLogClient) IndexByDate

func (tlc *TemporalLogClient) IndexByDate(when time.Time) (int, error)

IndexByDate returns the index of the Clients entry that is appropriate for the given date.

Directories

Path Synopsis
ctclient is a command-line utility for interacting with CT logs.
ctclient is a command-line utility for interacting with CT logs.
cmd
Package cmd implements subcommands of ctclient, the command-line utility for interacting with CT logs.
Package cmd implements subcommands of ctclient, the command-line utility for interacting with CT logs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL