configpb

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 14, 2019 License: Apache-2.0 Imports: 6 Imported by: 74

Documentation

Overview

Package configpb holds a config protobuf for the CT personality.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type LogBackend added in v1.0.4

type LogBackend struct {
	// name defines the name of the log backend for use in LogConfig messages and must be unique.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// backend_spec defines the RPC endpoint that clients should use to send requests
	// to this log backend. These should be in the same format as rpcBackendFlag in the
	// CTFE main and must not be an empty string.
	BackendSpec          string   `protobuf:"bytes,2,opt,name=backend_spec,json=backendSpec,proto3" json:"backend_spec,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*LogBackend) Descriptor added in v1.0.4

func (*LogBackend) Descriptor() ([]byte, []int)

func (*LogBackend) GetBackendSpec added in v1.0.4

func (m *LogBackend) GetBackendSpec() string

func (*LogBackend) GetName added in v1.0.4

func (m *LogBackend) GetName() string

func (*LogBackend) ProtoMessage added in v1.0.4

func (*LogBackend) ProtoMessage()

func (*LogBackend) Reset added in v1.0.4

func (m *LogBackend) Reset()

func (*LogBackend) String added in v1.0.4

func (m *LogBackend) String() string

func (*LogBackend) XXX_DiscardUnknown added in v1.0.17

func (m *LogBackend) XXX_DiscardUnknown()

func (*LogBackend) XXX_Marshal added in v1.0.17

func (m *LogBackend) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LogBackend) XXX_Merge added in v1.0.17

func (m *LogBackend) XXX_Merge(src proto.Message)

func (*LogBackend) XXX_Size added in v1.0.17

func (m *LogBackend) XXX_Size() int

func (*LogBackend) XXX_Unmarshal added in v1.0.17

func (m *LogBackend) XXX_Unmarshal(b []byte) error

type LogBackendSet added in v1.0.4

type LogBackendSet struct {
	Backend              []*LogBackend `protobuf:"bytes,1,rep,name=backend,proto3" json:"backend,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

LogBackendSet supports a configuration where a single set of frontends handle requests for multiple backends. For example this could be used to run different backends in different geographic regions.

func (*LogBackendSet) Descriptor added in v1.0.4

func (*LogBackendSet) Descriptor() ([]byte, []int)

func (*LogBackendSet) GetBackend added in v1.0.4

func (m *LogBackendSet) GetBackend() []*LogBackend

func (*LogBackendSet) ProtoMessage added in v1.0.4

func (*LogBackendSet) ProtoMessage()

func (*LogBackendSet) Reset added in v1.0.4

func (m *LogBackendSet) Reset()

func (*LogBackendSet) String added in v1.0.4

func (m *LogBackendSet) String() string

func (*LogBackendSet) XXX_DiscardUnknown added in v1.0.17

func (m *LogBackendSet) XXX_DiscardUnknown()

func (*LogBackendSet) XXX_Marshal added in v1.0.17

func (m *LogBackendSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LogBackendSet) XXX_Merge added in v1.0.17

func (m *LogBackendSet) XXX_Merge(src proto.Message)

func (*LogBackendSet) XXX_Size added in v1.0.17

func (m *LogBackendSet) XXX_Size() int

func (*LogBackendSet) XXX_Unmarshal added in v1.0.17

func (m *LogBackendSet) XXX_Unmarshal(b []byte) error

type LogConfig

type LogConfig struct {
	// The ID of a Trillian tree that stores the log data. The tree type must be
	// LOG for regular CT logs. For mirror logs it must be either PREORDERED_LOG
	// or LOG, and can change at runtime. CTFE in mirror mode uses only read API
	// which is common for both types.
	LogId int64 `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
	// prefix is the name of the log. It will come after the global or
	// override handler prefix. For example if the handler prefix is "/logs"
	// and prefix is "vogon" the get-sth handler for this log will be
	// available at "/logs/vogon/ct/v1/get-sth". The prefix cannot be empty
	// and must not include "/" path separator characters.
	Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
	// override_handler_prefix if set to a non empty value overrides the global
	// handler prefix for an individual log. For example this field is set to
	// "/otherlogs" then a log with prefix "vogon" will make it's get-sth handler
	// available at "/otherlogs/vogon/ct/v1/get-sth" regardless of what the
	// global prefix is. Can be set to '/' to make the get-sth handler register
	// at "/vogon/ct/v1/get-sth".
	OverrideHandlerPrefix string `` /* 127-byte string literal not displayed */
	// Paths to the files containing root certificates that are acceptable to the
	// log. The certs are served through get-roots endpoint. Optional in mirrors.
	RootsPemFile []string `protobuf:"bytes,3,rep,name=roots_pem_file,json=rootsPemFile,proto3" json:"roots_pem_file,omitempty"`
	// The private key used for signing STHs etc. Not required for mirrors.
	PrivateKey *any.Any `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
	// The public key matching the above private key (if both are present). It is
	// used only by mirror logs for verifying the source log's signatures, but can
	// be specified for regular logs as well for the convenience of test tools.
	PublicKey *keyspb.PublicKey `protobuf:"bytes,5,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// If reject_expired is true then the certificate validity period will be
	// checked against the current time during the validation of submissions.
	// This will cause expired certificates to be rejected.
	RejectExpired bool `protobuf:"varint,6,opt,name=reject_expired,json=rejectExpired,proto3" json:"reject_expired,omitempty"`
	// If reject_unexpired is true then CTFE rejects certificates that are either
	// currently valid or not yet valid.
	RejectUnexpired bool `protobuf:"varint,17,opt,name=reject_unexpired,json=rejectUnexpired,proto3" json:"reject_unexpired,omitempty"`
	// If set, ext_key_usages will restrict the set of such usages that the
	// server will accept. By default all are accepted. The values specified
	// must be ones known to the x509 package.
	ExtKeyUsages []string `protobuf:"bytes,7,rep,name=ext_key_usages,json=extKeyUsages,proto3" json:"ext_key_usages,omitempty"`
	// not_after_start defines the start of the range of acceptable NotAfter
	// values, inclusive.
	// Leaving this unset implies no lower bound to the range.
	NotAfterStart *timestamp.Timestamp `protobuf:"bytes,8,opt,name=not_after_start,json=notAfterStart,proto3" json:"not_after_start,omitempty"`
	// not_after_limit defines the end of the range of acceptable NotAfter values,
	// exclusive.
	// Leaving this unset implies no upper bound to the range.
	NotAfterLimit *timestamp.Timestamp `protobuf:"bytes,9,opt,name=not_after_limit,json=notAfterLimit,proto3" json:"not_after_limit,omitempty"`
	// accept_only_ca controls whether or not *only* certificates with the CA bit
	// set will be accepted.
	AcceptOnlyCa bool `protobuf:"varint,10,opt,name=accept_only_ca,json=acceptOnlyCa,proto3" json:"accept_only_ca,omitempty"`
	// backend_name if set indicates which backend serves this log. The name must be
	// one of those defined in the LogBackendSet.
	LogBackendName string `protobuf:"bytes,11,opt,name=log_backend_name,json=logBackendName,proto3" json:"log_backend_name,omitempty"`
	// If set, the log is a mirror, i.e. it serves the data of another (source)
	// log. It doesn't handle write requests (add-chain, etc.), so it's not a
	// fully fledged RFC-6962 log, but the tree read requests like get-entries and
	// get-consistency-proof are compatible. A mirror doesn't have the source
	// log's key and can't sign STHs. Consequently, the log operator must ensure
	// to channel source log's STHs into CTFE.
	IsMirror bool `protobuf:"varint,12,opt,name=is_mirror,json=isMirror,proto3" json:"is_mirror,omitempty"`
	// The Maximum Merge Delay (MMD) of this log in seconds. See RFC6962 section 3
	// for definition of MMD. If zero, the log does not provide an MMD guarantee
	// (for example, it is a frozen log).
	MaxMergeDelaySec int32 `protobuf:"varint,14,opt,name=max_merge_delay_sec,json=maxMergeDelaySec,proto3" json:"max_merge_delay_sec,omitempty"`
	// The merge delay that the underlying log implementation is able/targeting to
	// provide. This option is exposed in CTFE metrics, and can be particularly
	// useful to catch when the log is behind but has not yet violated the strict
	// MMD limit.
	// Log operator should decide what exactly EMD means for them. For example, it
	// can be a 99-th percentile of merge delays that they observe, and they can
	// alert on the actual merge delay going above a certain multiple of this EMD.
	ExpectedMergeDelaySec int32 `` /* 130-byte string literal not displayed */
	// The STH that this log will serve permanently (if present). Frozen STH must
	// be signed by this log's private key, and will be verified using the public
	// key specified in this config.
	FrozenSth *SignedTreeHead `protobuf:"bytes,16,opt,name=frozen_sth,json=frozenSth,proto3" json:"frozen_sth,omitempty"`
	// A list of X.509 extension OIDs, in dotted string form (e.g. "2.3.4.5")
	// which should cause submissions to be rejected.
	RejectExtensions     []string `protobuf:"bytes,18,rep,name=reject_extensions,json=rejectExtensions,proto3" json:"reject_extensions,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

LogConfig describes the configuration options for a log instance.

NEXT_ID: 19

func (*LogConfig) Descriptor

func (*LogConfig) Descriptor() ([]byte, []int)

func (*LogConfig) GetAcceptOnlyCa

func (m *LogConfig) GetAcceptOnlyCa() bool

func (*LogConfig) GetExpectedMergeDelaySec added in v1.0.21

func (m *LogConfig) GetExpectedMergeDelaySec() int32

func (*LogConfig) GetExtKeyUsages

func (m *LogConfig) GetExtKeyUsages() []string

func (*LogConfig) GetFrozenSth added in v1.1.0

func (m *LogConfig) GetFrozenSth() *SignedTreeHead

func (*LogConfig) GetIsMirror added in v1.0.21

func (m *LogConfig) GetIsMirror() bool

func (*LogConfig) GetLogBackendName added in v1.0.4

func (m *LogConfig) GetLogBackendName() string

func (*LogConfig) GetLogId

func (m *LogConfig) GetLogId() int64

func (*LogConfig) GetMaxMergeDelaySec added in v1.0.21

func (m *LogConfig) GetMaxMergeDelaySec() int32

func (*LogConfig) GetNotAfterLimit

func (m *LogConfig) GetNotAfterLimit() *timestamp.Timestamp

func (*LogConfig) GetNotAfterStart

func (m *LogConfig) GetNotAfterStart() *timestamp.Timestamp

func (*LogConfig) GetOverrideHandlerPrefix added in v1.0.21

func (m *LogConfig) GetOverrideHandlerPrefix() string

func (*LogConfig) GetPrefix

func (m *LogConfig) GetPrefix() string

func (*LogConfig) GetPrivateKey

func (m *LogConfig) GetPrivateKey() *any.Any

func (*LogConfig) GetPublicKey

func (m *LogConfig) GetPublicKey() *keyspb.PublicKey

func (*LogConfig) GetRejectExpired

func (m *LogConfig) GetRejectExpired() bool

func (*LogConfig) GetRejectExtensions added in v1.1.0

func (m *LogConfig) GetRejectExtensions() []string

func (*LogConfig) GetRejectUnexpired added in v1.1.0

func (m *LogConfig) GetRejectUnexpired() bool

func (*LogConfig) GetRootsPemFile

func (m *LogConfig) GetRootsPemFile() []string

func (*LogConfig) ProtoMessage

func (*LogConfig) ProtoMessage()

func (*LogConfig) Reset

func (m *LogConfig) Reset()

func (*LogConfig) String

func (m *LogConfig) String() string

func (*LogConfig) XXX_DiscardUnknown added in v1.0.17

func (m *LogConfig) XXX_DiscardUnknown()

func (*LogConfig) XXX_Marshal added in v1.0.17

func (m *LogConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LogConfig) XXX_Merge added in v1.0.17

func (m *LogConfig) XXX_Merge(src proto.Message)

func (*LogConfig) XXX_Size added in v1.0.17

func (m *LogConfig) XXX_Size() int

func (*LogConfig) XXX_Unmarshal added in v1.0.17

func (m *LogConfig) XXX_Unmarshal(b []byte) error

type LogConfigSet

type LogConfigSet struct {
	Config               []*LogConfig `protobuf:"bytes,1,rep,name=config,proto3" json:"config,omitempty"`
	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
	XXX_unrecognized     []byte       `json:"-"`
	XXX_sizecache        int32        `json:"-"`
}

LogConfigSet is a set of LogConfig messages.

func (*LogConfigSet) Descriptor

func (*LogConfigSet) Descriptor() ([]byte, []int)

func (*LogConfigSet) GetConfig

func (m *LogConfigSet) GetConfig() []*LogConfig

func (*LogConfigSet) ProtoMessage

func (*LogConfigSet) ProtoMessage()

func (*LogConfigSet) Reset

func (m *LogConfigSet) Reset()

func (*LogConfigSet) String

func (m *LogConfigSet) String() string

func (*LogConfigSet) XXX_DiscardUnknown added in v1.0.17

func (m *LogConfigSet) XXX_DiscardUnknown()

func (*LogConfigSet) XXX_Marshal added in v1.0.17

func (m *LogConfigSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LogConfigSet) XXX_Merge added in v1.0.17

func (m *LogConfigSet) XXX_Merge(src proto.Message)

func (*LogConfigSet) XXX_Size added in v1.0.17

func (m *LogConfigSet) XXX_Size() int

func (*LogConfigSet) XXX_Unmarshal added in v1.0.17

func (m *LogConfigSet) XXX_Unmarshal(b []byte) error

type LogMultiConfig added in v1.0.4

type LogMultiConfig struct {
	// The set of backends that this configuration will use to send requests to.
	// The names of the backends in the LogBackendSet must all be distinct.
	Backends *LogBackendSet `protobuf:"bytes,1,opt,name=backends,proto3" json:"backends,omitempty"`
	// The set of logs that will use the above backends. All the protos in this
	// LogConfigSet must set a valid log_backend_name for the config to be usable.
	LogConfigs           *LogConfigSet `protobuf:"bytes,2,opt,name=log_configs,json=logConfigs,proto3" json:"log_configs,omitempty"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

LogMultiConfig wraps up a LogBackendSet and corresponding LogConfigSet so that they can easily be parsed as a single proto.

func (*LogMultiConfig) Descriptor added in v1.0.4

func (*LogMultiConfig) Descriptor() ([]byte, []int)

func (*LogMultiConfig) GetBackends added in v1.0.4

func (m *LogMultiConfig) GetBackends() *LogBackendSet

func (*LogMultiConfig) GetLogConfigs added in v1.0.4

func (m *LogMultiConfig) GetLogConfigs() *LogConfigSet

func (*LogMultiConfig) ProtoMessage added in v1.0.4

func (*LogMultiConfig) ProtoMessage()

func (*LogMultiConfig) Reset added in v1.0.4

func (m *LogMultiConfig) Reset()

func (*LogMultiConfig) String added in v1.0.4

func (m *LogMultiConfig) String() string

func (*LogMultiConfig) XXX_DiscardUnknown added in v1.0.17

func (m *LogMultiConfig) XXX_DiscardUnknown()

func (*LogMultiConfig) XXX_Marshal added in v1.0.17

func (m *LogMultiConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LogMultiConfig) XXX_Merge added in v1.0.17

func (m *LogMultiConfig) XXX_Merge(src proto.Message)

func (*LogMultiConfig) XXX_Size added in v1.0.17

func (m *LogMultiConfig) XXX_Size() int

func (*LogMultiConfig) XXX_Unmarshal added in v1.0.17

func (m *LogMultiConfig) XXX_Unmarshal(b []byte) error

type SignedTreeHead added in v1.1.0

type SignedTreeHead struct {
	TreeSize             int64    `protobuf:"varint,1,opt,name=tree_size,json=treeSize,proto3" json:"tree_size,omitempty"`
	Timestamp            int64    `protobuf:"varint,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
	Sha256RootHash       []byte   `protobuf:"bytes,3,opt,name=sha256_root_hash,json=sha256RootHash,proto3" json:"sha256_root_hash,omitempty"`
	TreeHeadSignature    []byte   `protobuf:"bytes,4,opt,name=tree_head_signature,json=treeHeadSignature,proto3" json:"tree_head_signature,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

SignedTreeHead represents the structure returned by the get-sth CT method. See RFC6962 sections 3.5 and 4.3 for reference. TODO(pavelkalinnikov): Find a better place for this type.

func (*SignedTreeHead) Descriptor added in v1.1.0

func (*SignedTreeHead) Descriptor() ([]byte, []int)

func (*SignedTreeHead) GetSha256RootHash added in v1.1.0

func (m *SignedTreeHead) GetSha256RootHash() []byte

func (*SignedTreeHead) GetTimestamp added in v1.1.0

func (m *SignedTreeHead) GetTimestamp() int64

func (*SignedTreeHead) GetTreeHeadSignature added in v1.1.0

func (m *SignedTreeHead) GetTreeHeadSignature() []byte

func (*SignedTreeHead) GetTreeSize added in v1.1.0

func (m *SignedTreeHead) GetTreeSize() int64

func (*SignedTreeHead) ProtoMessage added in v1.1.0

func (*SignedTreeHead) ProtoMessage()

func (*SignedTreeHead) Reset added in v1.1.0

func (m *SignedTreeHead) Reset()

func (*SignedTreeHead) String added in v1.1.0

func (m *SignedTreeHead) String() string

func (*SignedTreeHead) XXX_DiscardUnknown added in v1.1.0

func (m *SignedTreeHead) XXX_DiscardUnknown()

func (*SignedTreeHead) XXX_Marshal added in v1.1.0

func (m *SignedTreeHead) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SignedTreeHead) XXX_Merge added in v1.1.0

func (m *SignedTreeHead) XXX_Merge(src proto.Message)

func (*SignedTreeHead) XXX_Size added in v1.1.0

func (m *SignedTreeHead) XXX_Size() int

func (*SignedTreeHead) XXX_Unmarshal added in v1.1.0

func (m *SignedTreeHead) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL