client

package
v1.0.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 8, 2018 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. See http://tools.ietf.org/html/rfc6962 for details

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func TemporalLogConfigFromFile

func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, error)

TemporalLogConfigFromFile creates a TemporalLogConfig object from the given filename, which should contain text-protobuf encoded configuration data.

Types

type AddLogClient

type AddLogClient interface {
	AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
	AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
	GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
}

AddLogClient is an interface that allows adding certificates and pre-certificates to a log. Both LogClient and TemporalLogClient implement this interface, which allows users to commonize code for adding certs to normal/temporal logs.

type CheckLogClient added in v1.0.12

type CheckLogClient interface {
	BaseURI() string
	GetSTH(context.Context) (*ct.SignedTreeHead, error)
	GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)
	GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)
}

CheckLogClient is an interface that allows (just) checking of various log contents.

type LogClient

type LogClient struct {
	jsonclient.JSONClient
}

LogClient represents a client for a given CT Log instance

func New

func New(uri string, hc *http.Client, opts jsonclient.Options) (*LogClient, error)

New constructs a new LogClient instance. |uri| is the base URI of the CT log instance to interact with, e.g. http://ct.googleapis.com/pilot |hc| is the underlying client to be used for HTTP requests to the CT log. |opts| can be used to provide a custom logger interface and a public key for signature verification.

func (*LogClient) AddChain

func (c *LogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddChain adds the (DER represented) X509 |chain| to the log.

func (*LogClient) AddJSON

func (c *LogClient) AddJSON(ctx context.Context, data interface{}) (*ct.SignedCertificateTimestamp, error)

AddJSON submits arbitrary data to to XJSON server.

func (*LogClient) AddPreChain

func (c *LogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddPreChain adds the (DER represented) Precertificate |chain| to the log.

func (*LogClient) GetAcceptedRoots

func (c *LogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)

GetAcceptedRoots retrieves the set of acceptable root certificates for a log.

func (*LogClient) GetEntries

func (c *LogClient) GetEntries(ctx context.Context, start, end int64) ([]ct.LogEntry, error)

GetEntries attempts to retrieve the entries in the sequence [start, end] from the CT log server (RFC6962 s4.6) as parsed [pre-]certificates for convenience, held in a slice of ct.LogEntry structures. However, this does mean that any certificate parsing failures will cause a failure of the whole retrieval operation; for more robust retrieval of parsed certificates, use GetRawEntries() and invoke ct.LogEntryFromLeaf() on each individual entry.

func (*LogClient) GetProofByHash

func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)

GetProofByHash returns an audit path for the hash of an SCT.

func (*LogClient) GetRawEntries

func (c *LogClient) GetRawEntries(ctx context.Context, start, end int64) (*ct.GetEntriesResponse, error)

GetRawEntries exposes the /ct/v1/get-entries result with only the JSON parsing done.

func (*LogClient) GetSTH

func (c *LogClient) GetSTH(ctx context.Context) (*ct.SignedTreeHead, error)

GetSTH retrieves the current STH from the log. Returns a populated SignedTreeHead, or a non-nil error (which may be of type RspError if a raw http.Response is available).

func (*LogClient) GetSTHConsistency

func (c *LogClient) GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)

GetSTHConsistency retrieves the consistency proof between two snapshots.

func (*LogClient) VerifySCTSignature

func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype ct.LogEntryType, certData []ct.ASN1Cert) error

VerifySCTSignature checks the signature in sct for the given LogEntryType, with associated certificate chain.

func (*LogClient) VerifySTHSignature

func (c *LogClient) VerifySTHSignature(sth ct.SignedTreeHead) error

VerifySTHSignature checks the signature in sth, returning any error encountered or nil if verification is successful.

type RspError

type RspError struct {
	Err        error
	StatusCode int
	Body       []byte
}

RspError represents an error that occurred when processing a response from a server, and also includes key details from the http.Response that triggered the error.

func (RspError) Error

func (e RspError) Error() string

Error formats the RspError instance, focusing on the error.

type TemporalLogClient

type TemporalLogClient struct {
	Clients []*LogClient
	// contains filtered or unexported fields
}

TemporalLogClient allows [pre-]certificates to be uploaded to a temporal log.

func NewTemporalLogClient

func NewTemporalLogClient(cfg configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error)

NewTemporalLogClient builds a new client for interacting with a temporal log. The provided config should be contiguous and chronological.

func (*TemporalLogClient) AddChain

AddChain adds the (DER represented) X509 chain to the appropriate log.

func (*TemporalLogClient) AddPreChain

func (tlc *TemporalLogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddPreChain adds the (DER represented) Precertificate chain to the appropriate log.

func (*TemporalLogClient) GetAcceptedRoots

func (tlc *TemporalLogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)

GetAcceptedRoots retrieves the set of acceptable root certificates for all of the shards of a temporal log (i.e. the union).

func (*TemporalLogClient) IndexByDate

func (tlc *TemporalLogClient) IndexByDate(when time.Time) (int, error)

IndexByDate returns the index of the Clients entry that is appropriate for the given date.

Directories

Path Synopsis
ctclient is a command-line utility for interacting with CT logs.
ctclient is a command-line utility for interacting with CT logs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL