Documentation
¶
Index ¶
- Variables
- type LogBackend
- type LogBackendSet
- type LogConfig
- func (*LogConfig) Descriptor() ([]byte, []int)deprecated
- func (x *LogConfig) GetAcceptOnlyCa() bool
- func (x *LogConfig) GetCtfeStorageConnectionString() string
- func (x *LogConfig) GetExpectedMergeDelaySec() int32
- func (x *LogConfig) GetExtKeyUsages() []string
- func (x *LogConfig) GetExtraDataIssuanceChainStorageBackend() LogConfig_IssuanceChainStorageBackend
- func (x *LogConfig) GetFrozenSth() *SignedTreeHead
- func (x *LogConfig) GetIsMirror() bool
- func (x *LogConfig) GetIsReadonly() bool
- func (x *LogConfig) GetLogBackendName() string
- func (x *LogConfig) GetLogId() int64
- func (x *LogConfig) GetMaxMergeDelaySec() int32
- func (x *LogConfig) GetNotAfterLimit() *timestamppb.Timestamp
- func (x *LogConfig) GetNotAfterStart() *timestamppb.Timestamp
- func (x *LogConfig) GetOverrideHandlerPrefix() string
- func (x *LogConfig) GetPrefix() string
- func (x *LogConfig) GetPrivateKey() *anypb.Any
- func (x *LogConfig) GetPublicKey() *keyspb.PublicKey
- func (x *LogConfig) GetRejectExpired() bool
- func (x *LogConfig) GetRejectExtensions() []string
- func (x *LogConfig) GetRejectUnexpired() bool
- func (x *LogConfig) GetRootsPemFile() []string
- func (*LogConfig) ProtoMessage()
- func (x *LogConfig) ProtoReflect() protoreflect.Message
- func (x *LogConfig) Reset()
- func (x *LogConfig) String() string
- type LogConfigSet
- type LogConfig_IssuanceChainStorageBackend
- func (LogConfig_IssuanceChainStorageBackend) Descriptor() protoreflect.EnumDescriptor
- func (x LogConfig_IssuanceChainStorageBackend) Enum() *LogConfig_IssuanceChainStorageBackend
- func (LogConfig_IssuanceChainStorageBackend) EnumDescriptor() ([]byte, []int)deprecated
- func (x LogConfig_IssuanceChainStorageBackend) Number() protoreflect.EnumNumber
- func (x LogConfig_IssuanceChainStorageBackend) String() string
- func (LogConfig_IssuanceChainStorageBackend) Type() protoreflect.EnumType
- type LogMultiConfig
- func (*LogMultiConfig) Descriptor() ([]byte, []int)deprecated
- func (x *LogMultiConfig) GetBackends() *LogBackendSet
- func (x *LogMultiConfig) GetLogConfigs() *LogConfigSet
- func (*LogMultiConfig) ProtoMessage()
- func (x *LogMultiConfig) ProtoReflect() protoreflect.Message
- func (x *LogMultiConfig) Reset()
- func (x *LogMultiConfig) String() string
- type SignedTreeHead
- func (*SignedTreeHead) Descriptor() ([]byte, []int)deprecated
- func (x *SignedTreeHead) GetSha256RootHash() []byte
- func (x *SignedTreeHead) GetTimestamp() int64
- func (x *SignedTreeHead) GetTreeHeadSignature() []byte
- func (x *SignedTreeHead) GetTreeSize() int64
- func (*SignedTreeHead) ProtoMessage()
- func (x *SignedTreeHead) ProtoReflect() protoreflect.Message
- func (x *SignedTreeHead) Reset()
- func (x *SignedTreeHead) String() string
Constants ¶
This section is empty.
Variables ¶
View Source
var ( LogConfig_IssuanceChainStorageBackend_name = map[int32]string{ 0: "ISSUANCE_CHAIN_STORAGE_BACKEND_TRILLIAN_GRPC", 1: "ISSUANCE_CHAIN_STORAGE_BACKEND_CTFE", } LogConfig_IssuanceChainStorageBackend_value = map[string]int32{ "ISSUANCE_CHAIN_STORAGE_BACKEND_TRILLIAN_GRPC": 0, "ISSUANCE_CHAIN_STORAGE_BACKEND_CTFE": 1, } )
Enum value maps for LogConfig_IssuanceChainStorageBackend.
View Source
var File_trillian_ctfe_configpb_config_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type LogBackend ¶ added in v1.0.4
type LogBackend struct {
// name defines the name of the log backend for use in LogConfig messages and must be unique.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// backend_spec defines the RPC endpoint that clients should use to send requests
// to this log backend. These should be in the same format as rpcBackendFlag in the
// CTFE main and must not be an empty string.
BackendSpec string `protobuf:"bytes,2,opt,name=backend_spec,json=backendSpec,proto3" json:"backend_spec,omitempty"`
// contains filtered or unexported fields
}
func (*LogBackend) Descriptor
deprecated
added in
v1.0.4
func (*LogBackend) Descriptor() ([]byte, []int)
Deprecated: Use LogBackend.ProtoReflect.Descriptor instead.
func (*LogBackend) GetBackendSpec ¶ added in v1.0.4
func (x *LogBackend) GetBackendSpec() string
func (*LogBackend) GetName ¶ added in v1.0.4
func (x *LogBackend) GetName() string
func (*LogBackend) ProtoMessage ¶ added in v1.0.4
func (*LogBackend) ProtoMessage()
func (*LogBackend) ProtoReflect ¶ added in v1.1.1
func (x *LogBackend) ProtoReflect() protoreflect.Message
func (*LogBackend) Reset ¶ added in v1.0.4
func (x *LogBackend) Reset()
func (*LogBackend) String ¶ added in v1.0.4
func (x *LogBackend) String() string
type LogBackendSet ¶ added in v1.0.4
type LogBackendSet struct {
Backend []*LogBackend `protobuf:"bytes,1,rep,name=backend,proto3" json:"backend,omitempty"`
// contains filtered or unexported fields
}
LogBackendSet supports a configuration where a single set of frontends handle requests for multiple backends. For example this could be used to run different backends in different geographic regions.
func (*LogBackendSet) Descriptor
deprecated
added in
v1.0.4
func (*LogBackendSet) Descriptor() ([]byte, []int)
Deprecated: Use LogBackendSet.ProtoReflect.Descriptor instead.
func (*LogBackendSet) GetBackend ¶ added in v1.0.4
func (x *LogBackendSet) GetBackend() []*LogBackend
func (*LogBackendSet) ProtoMessage ¶ added in v1.0.4
func (*LogBackendSet) ProtoMessage()
func (*LogBackendSet) ProtoReflect ¶ added in v1.1.1
func (x *LogBackendSet) ProtoReflect() protoreflect.Message
func (*LogBackendSet) Reset ¶ added in v1.0.4
func (x *LogBackendSet) Reset()
func (*LogBackendSet) String ¶ added in v1.0.4
func (x *LogBackendSet) String() string
type LogConfig ¶
type LogConfig struct {
// The ID of a Trillian tree that stores the log data. The tree type must be
// LOG for regular CT logs. For mirror logs it must be either PREORDERED_LOG
// or LOG, and can change at runtime. CTFE in mirror mode uses only read API
// which is common for both types.
LogId int64 `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
// prefix is the name of the log. It will come after the global or
// override handler prefix. For example if the handler prefix is "/logs"
// and prefix is "vogon" the get-sth handler for this log will be
// available at "/logs/vogon/ct/v1/get-sth". The prefix cannot be empty
// and must not include "/" path separator characters.
Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
// override_handler_prefix if set to a non empty value overrides the global
// handler prefix for an individual log. For example this field is set to
// "/otherlogs" then a log with prefix "vogon" will make it's get-sth handler
// available at "/otherlogs/vogon/ct/v1/get-sth" regardless of what the
// global prefix is. Can be set to '/' to make the get-sth handler register
// at "/vogon/ct/v1/get-sth".
OverrideHandlerPrefix string `` /* 127-byte string literal not displayed */
// Paths to the files containing root certificates that are acceptable to the
// log. The certs are served through get-roots endpoint. Optional in mirrors.
RootsPemFile []string `protobuf:"bytes,3,rep,name=roots_pem_file,json=rootsPemFile,proto3" json:"roots_pem_file,omitempty"`
// The private key used for signing STHs etc. Not required for mirrors.
PrivateKey *anypb.Any `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
// The public key matching the above private key (if both are present). It is
// used only by mirror logs for verifying the source log's signatures, but can
// be specified for regular logs as well for the convenience of test tools.
PublicKey *keyspb.PublicKey `protobuf:"bytes,5,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
// If reject_expired is true then the certificate validity period will be
// checked against the current time during the validation of submissions.
// This will cause expired certificates to be rejected.
RejectExpired bool `protobuf:"varint,6,opt,name=reject_expired,json=rejectExpired,proto3" json:"reject_expired,omitempty"`
// If reject_unexpired is true then CTFE rejects certificates that are either
// currently valid or not yet valid.
RejectUnexpired bool `protobuf:"varint,17,opt,name=reject_unexpired,json=rejectUnexpired,proto3" json:"reject_unexpired,omitempty"`
// If set, ext_key_usages will restrict the set of such usages that the
// server will accept. By default all are accepted. The values specified
// must be ones known to the x509 package.
ExtKeyUsages []string `protobuf:"bytes,7,rep,name=ext_key_usages,json=extKeyUsages,proto3" json:"ext_key_usages,omitempty"`
// not_after_start defines the start of the range of acceptable NotAfter
// values, inclusive.
// Leaving this unset implies no lower bound to the range.
NotAfterStart *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=not_after_start,json=notAfterStart,proto3" json:"not_after_start,omitempty"`
// not_after_limit defines the end of the range of acceptable NotAfter values,
// exclusive.
// Leaving this unset implies no upper bound to the range.
NotAfterLimit *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=not_after_limit,json=notAfterLimit,proto3" json:"not_after_limit,omitempty"`
// accept_only_ca controls whether or not *only* certificates with the CA bit
// set will be accepted.
AcceptOnlyCa bool `protobuf:"varint,10,opt,name=accept_only_ca,json=acceptOnlyCa,proto3" json:"accept_only_ca,omitempty"`
// backend_name if set indicates which backend serves this log. The name must be
// one of those defined in the LogBackendSet.
LogBackendName string `protobuf:"bytes,11,opt,name=log_backend_name,json=logBackendName,proto3" json:"log_backend_name,omitempty"`
// If set, the log is a mirror, i.e. it serves the data of another (source)
// log. It doesn't handle write requests (add-chain, etc.), so it's not a
// fully fledged RFC-6962 log, but the tree read requests like get-entries and
// get-consistency-proof are compatible. A mirror doesn't have the source
// log's key and can't sign STHs. Consequently, the log operator must ensure
// to channel source log's STHs into CTFE.
IsMirror bool `protobuf:"varint,12,opt,name=is_mirror,json=isMirror,proto3" json:"is_mirror,omitempty"`
// If set, the log serves only read endpoints, and rejects writes through the
// add-[pre-]chain endpoint.
IsReadonly bool `protobuf:"varint,19,opt,name=is_readonly,json=isReadonly,proto3" json:"is_readonly,omitempty"`
// The Maximum Merge Delay (MMD) of this log in seconds. See RFC6962 section 3
// for definition of MMD. If zero, the log does not provide an MMD guarantee
// (for example, it is a frozen log).
MaxMergeDelaySec int32 `protobuf:"varint,14,opt,name=max_merge_delay_sec,json=maxMergeDelaySec,proto3" json:"max_merge_delay_sec,omitempty"`
// The merge delay that the underlying log implementation is able/targeting to
// provide. This option is exposed in CTFE metrics, and can be particularly
// useful to catch when the log is behind but has not yet violated the strict
// MMD limit.
// Log operator should decide what exactly EMD means for them. For example, it
// can be a 99-th percentile of merge delays that they observe, and they can
// alert on the actual merge delay going above a certain multiple of this EMD.
ExpectedMergeDelaySec int32 `` /* 130-byte string literal not displayed */
// The STH that this log will serve permanently (if present). Frozen STH must
// be signed by this log's private key, and will be verified using the public
// key specified in this config.
FrozenSth *SignedTreeHead `protobuf:"bytes,16,opt,name=frozen_sth,json=frozenSth,proto3" json:"frozen_sth,omitempty"`
// A list of X.509 extension OIDs, in dotted string form (e.g. "2.3.4.5")
// which should cause submissions to be rejected.
RejectExtensions []string `protobuf:"bytes,18,rep,name=reject_extensions,json=rejectExtensions,proto3" json:"reject_extensions,omitempty"`
// CTFE storage connection string in the following format in general:
// driver://[username[:password]@][protocol[(host[:port])]][/[schema|database][?options]]
//
// MySQL/MariaDB:
// mysql://[username[:password]@][protocol[(address)]]/dbname[?param1=value1&...¶mN=valueN]
//
// PostgreSQL:
// postgresql://[username[:password]@][host][:port][/dbname][?param1=value1&...¶mN=valueN]
//
// This is required when the issuance chain storage backend is CTFE.
//
// Warning: CT log operators are advised not to re-use the same connection
// string across multiple LogConfigs due to the log lifecycle.
CtfeStorageConnectionString string `` /* 147-byte string literal not displayed */
ExtraDataIssuanceChainStorageBackend LogConfig_IssuanceChainStorageBackend `` /* 231-byte string literal not displayed */
// contains filtered or unexported fields
}
LogConfig describes the configuration options for a log instance.
NEXT_ID: 22
func (*LogConfig) Descriptor
deprecated
func (*LogConfig) GetAcceptOnlyCa ¶
func (*LogConfig) GetCtfeStorageConnectionString ¶ added in v1.2.0
func (*LogConfig) GetExpectedMergeDelaySec ¶ added in v1.0.21
func (*LogConfig) GetExtKeyUsages ¶
func (*LogConfig) GetExtraDataIssuanceChainStorageBackend ¶ added in v1.2.0
func (x *LogConfig) GetExtraDataIssuanceChainStorageBackend() LogConfig_IssuanceChainStorageBackend
func (*LogConfig) GetFrozenSth ¶ added in v1.1.0
func (x *LogConfig) GetFrozenSth() *SignedTreeHead
func (*LogConfig) GetIsMirror ¶ added in v1.0.21
func (*LogConfig) GetIsReadonly ¶ added in v1.1.3
func (*LogConfig) GetLogBackendName ¶ added in v1.0.4
func (*LogConfig) GetMaxMergeDelaySec ¶ added in v1.0.21
func (*LogConfig) GetNotAfterLimit ¶
func (x *LogConfig) GetNotAfterLimit() *timestamppb.Timestamp
func (*LogConfig) GetNotAfterStart ¶
func (x *LogConfig) GetNotAfterStart() *timestamppb.Timestamp
func (*LogConfig) GetOverrideHandlerPrefix ¶ added in v1.0.21
func (*LogConfig) GetPrivateKey ¶
func (*LogConfig) GetPublicKey ¶
func (*LogConfig) GetRejectExpired ¶
func (*LogConfig) GetRejectExtensions ¶ added in v1.1.0
func (*LogConfig) GetRejectUnexpired ¶ added in v1.1.0
func (*LogConfig) GetRootsPemFile ¶
func (*LogConfig) ProtoMessage ¶
func (*LogConfig) ProtoMessage()
func (*LogConfig) ProtoReflect ¶ added in v1.1.1
func (x *LogConfig) ProtoReflect() protoreflect.Message
type LogConfigSet ¶
type LogConfigSet struct {
Config []*LogConfig `protobuf:"bytes,1,rep,name=config,proto3" json:"config,omitempty"`
// contains filtered or unexported fields
}
LogConfigSet is a set of LogConfig messages.
func (*LogConfigSet) Descriptor
deprecated
func (*LogConfigSet) Descriptor() ([]byte, []int)
Deprecated: Use LogConfigSet.ProtoReflect.Descriptor instead.
func (*LogConfigSet) GetConfig ¶
func (x *LogConfigSet) GetConfig() []*LogConfig
func (*LogConfigSet) ProtoMessage ¶
func (*LogConfigSet) ProtoMessage()
func (*LogConfigSet) ProtoReflect ¶ added in v1.1.1
func (x *LogConfigSet) ProtoReflect() protoreflect.Message
func (*LogConfigSet) Reset ¶
func (x *LogConfigSet) Reset()
func (*LogConfigSet) String ¶
func (x *LogConfigSet) String() string
type LogConfig_IssuanceChainStorageBackend ¶ added in v1.2.0
type LogConfig_IssuanceChainStorageBackend int32
An optional storage backend for the issuance chain in ExtraData. By default, the storage backend is Trillian GRPC. To use CTFE as the storage backend, the CTFE storage connection string needs to be specified. Do not change this value during the log's lifetime.
const ( LogConfig_ISSUANCE_CHAIN_STORAGE_BACKEND_TRILLIAN_GRPC LogConfig_IssuanceChainStorageBackend = 0 LogConfig_ISSUANCE_CHAIN_STORAGE_BACKEND_CTFE LogConfig_IssuanceChainStorageBackend = 1 )
func (LogConfig_IssuanceChainStorageBackend) Descriptor ¶ added in v1.2.0
func (LogConfig_IssuanceChainStorageBackend) Descriptor() protoreflect.EnumDescriptor
func (LogConfig_IssuanceChainStorageBackend) EnumDescriptor
deprecated
added in
v1.2.0
func (LogConfig_IssuanceChainStorageBackend) EnumDescriptor() ([]byte, []int)
Deprecated: Use LogConfig_IssuanceChainStorageBackend.Descriptor instead.
func (LogConfig_IssuanceChainStorageBackend) Number ¶ added in v1.2.0
func (x LogConfig_IssuanceChainStorageBackend) Number() protoreflect.EnumNumber
func (LogConfig_IssuanceChainStorageBackend) String ¶ added in v1.2.0
func (x LogConfig_IssuanceChainStorageBackend) String() string
func (LogConfig_IssuanceChainStorageBackend) Type ¶ added in v1.2.0
func (LogConfig_IssuanceChainStorageBackend) Type() protoreflect.EnumType
type LogMultiConfig ¶ added in v1.0.4
type LogMultiConfig struct {
// The set of backends that this configuration will use to send requests to.
// The names of the backends in the LogBackendSet must all be distinct.
Backends *LogBackendSet `protobuf:"bytes,1,opt,name=backends,proto3" json:"backends,omitempty"`
// The set of logs that will use the above backends. All the protos in this
// LogConfigSet must set a valid log_backend_name for the config to be usable.
LogConfigs *LogConfigSet `protobuf:"bytes,2,opt,name=log_configs,json=logConfigs,proto3" json:"log_configs,omitempty"`
// contains filtered or unexported fields
}
LogMultiConfig wraps up a LogBackendSet and corresponding LogConfigSet so that they can easily be parsed as a single proto.
func (*LogMultiConfig) Descriptor
deprecated
added in
v1.0.4
func (*LogMultiConfig) Descriptor() ([]byte, []int)
Deprecated: Use LogMultiConfig.ProtoReflect.Descriptor instead.
func (*LogMultiConfig) GetBackends ¶ added in v1.0.4
func (x *LogMultiConfig) GetBackends() *LogBackendSet
func (*LogMultiConfig) GetLogConfigs ¶ added in v1.0.4
func (x *LogMultiConfig) GetLogConfigs() *LogConfigSet
func (*LogMultiConfig) ProtoMessage ¶ added in v1.0.4
func (*LogMultiConfig) ProtoMessage()
func (*LogMultiConfig) ProtoReflect ¶ added in v1.1.1
func (x *LogMultiConfig) ProtoReflect() protoreflect.Message
func (*LogMultiConfig) Reset ¶ added in v1.0.4
func (x *LogMultiConfig) Reset()
func (*LogMultiConfig) String ¶ added in v1.0.4
func (x *LogMultiConfig) String() string
type SignedTreeHead ¶ added in v1.1.0
type SignedTreeHead struct {
TreeSize int64 `protobuf:"varint,1,opt,name=tree_size,json=treeSize,proto3" json:"tree_size,omitempty"`
Timestamp int64 `protobuf:"varint,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
Sha256RootHash []byte `protobuf:"bytes,3,opt,name=sha256_root_hash,json=sha256RootHash,proto3" json:"sha256_root_hash,omitempty"`
TreeHeadSignature []byte `protobuf:"bytes,4,opt,name=tree_head_signature,json=treeHeadSignature,proto3" json:"tree_head_signature,omitempty"`
// contains filtered or unexported fields
}
SignedTreeHead represents the structure returned by the get-sth CT method. See RFC6962 sections 3.5 and 4.3 for reference. TODO(pavelkalinnikov): Find a better place for this type.
func (*SignedTreeHead) Descriptor
deprecated
added in
v1.1.0
func (*SignedTreeHead) Descriptor() ([]byte, []int)
Deprecated: Use SignedTreeHead.ProtoReflect.Descriptor instead.
func (*SignedTreeHead) GetSha256RootHash ¶ added in v1.1.0
func (x *SignedTreeHead) GetSha256RootHash() []byte
func (*SignedTreeHead) GetTimestamp ¶ added in v1.1.0
func (x *SignedTreeHead) GetTimestamp() int64
func (*SignedTreeHead) GetTreeHeadSignature ¶ added in v1.1.0
func (x *SignedTreeHead) GetTreeHeadSignature() []byte
func (*SignedTreeHead) GetTreeSize ¶ added in v1.1.0
func (x *SignedTreeHead) GetTreeSize() int64
func (*SignedTreeHead) ProtoMessage ¶ added in v1.1.0
func (*SignedTreeHead) ProtoMessage()
func (*SignedTreeHead) ProtoReflect ¶ added in v1.1.1
func (x *SignedTreeHead) ProtoReflect() protoreflect.Message
func (*SignedTreeHead) Reset ¶ added in v1.1.0
func (x *SignedTreeHead) Reset()
func (*SignedTreeHead) String ¶ added in v1.1.0
func (x *SignedTreeHead) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.