README
¶
CertStream
Small library wrapping github.com/google/certificate-transparency-go.
Adds no new dependencies except github.com/linkdata/bwlimit, which has
no dependencies outside the standard library.
Documentation
¶
Index ¶
- Constants
- Variables
- func GetLogList(ctx context.Context, httpClient *http.Client, listUrl string) (logList *loglist3.LogList, err error)
- func OperatorDomain(urlString string) string
- func ScanCertificate(row Scanner, cert *PgCertificate) (err error)
- func ScanDnsname(row Scanner, p *PgDnsname) error
- func ScanDnsnamesView(row Scanner, dnsname *PgDnsnamesView) (err error)
- func ScanIdent(row Scanner, ident *PgIdent) error
- func ScanLogEntry(row Scanner, entry *PgLogEntry) (err error)
- type CertStream
- type Certificate
- type Config
- type JsonCertificate
- type JsonIdentity
- type LogEntry
- type LogOperator
- type LogStream
- func (ls *LogStream) GetRawEntries(ctx context.Context, start, end int64, ...)
- func (ls *LogStream) MakeLogEntry(logindex int64, entry ct.LeafEntry, historical bool) *LogEntry
- func (ls *LogStream) NewLastIndex(ctx context.Context) (lastIndex int64, err error)
- func (ls *LogStream) Stopped() bool
- func (ls *LogStream) String() string
- type Logger
- type PgCertificate
- type PgDB
- func (cdb *PgDB) Entry(ctx context.Context, le *LogEntry) (err error)
- func (cdb *PgDB) Estimate(ctx context.Context, table string) (estimate float64, err error)
- func (cdb *PgDB) GetCertificateByHash(ctx context.Context, hash []byte) (cert *JsonCertificate, err error)
- func (cdb *PgDB) GetCertificateByID(ctx context.Context, id int64) (cert *JsonCertificate, err error)
- func (cdb *PgDB) GetCertificateByLogEntry(ctx context.Context, entry *PgLogEntry) (cert *JsonCertificate, err error)
- func (cdb *PgDB) Operator(ctx context.Context, lo *LogOperator) (err error)
- func (cdb *PgDB) Stream(ctx context.Context, ls *LogStream) (err error)
- type PgDnsname
- type PgDnsnamesView
- type PgIdent
- type PgLogEntry
- type Scanner
Constants ¶
View Source
const SelectDnsnameLike = `SELECT * FROM CERTDB_dnsnames WHERE dnsname LIKE $1;`
View Source
const SelectEstimate = `SELECT reltuples AS estimate FROM pg_class WHERE relname = $1;`
View Source
const SelectMaxIndex = `SELECT MAX(logindex) AS logindex FROM CERTDB_entry WHERE stream = $1;`
View Source
const SelectMinIndex = `SELECT MIN(logindex) AS logindex FROM CERTDB_entry WHERE stream = $1;`
Variables ¶
View Source
var BatchSize = 1024
View Source
var BulkRange = int64(4096)
View Source
var DefaultTransport = &http.Transport{ TLSHandshakeTimeout: 30 * time.Second, ResponseHeaderTimeout: 30 * time.Second, MaxConnsPerHost: 2, MaxIdleConnsPerHost: 2, DisableKeepAlives: false, ExpectContinueTimeout: 1 * time.Second, ForceAttemptHTTP2: true, }
View Source
var FunctionName string
View Source
var FunctionOperatorID string
View Source
var FunctionStreamID string
View Source
var ProcedureCreateSchema string
View Source
var ProcedureNewEntry string
View Source
var SelectGaps string
Functions ¶
func GetLogList ¶
func GetLogList(ctx context.Context, httpClient *http.Client, listUrl string) (logList *loglist3.LogList, err error)
GetLogList fetches a CT log list from the given listUrl. Usually you would pass loglist3.AllLogListURL for the listUrl.
func OperatorDomain ¶
OperatorDomain returns the TLD+1 given an URL.
func ScanCertificate ¶ added in v0.12.0
func ScanCertificate(row Scanner, cert *PgCertificate) (err error)
func ScanDnsname ¶ added in v0.12.0
func ScanDnsnamesView ¶ added in v0.12.0
func ScanDnsnamesView(row Scanner, dnsname *PgDnsnamesView) (err error)
func ScanLogEntry ¶ added in v0.12.0
func ScanLogEntry(row Scanner, entry *PgLogEntry) (err error)
Types ¶
type CertStream ¶
type CertStream struct {
Config // copy of config
C <-chan *LogEntry // log entry channel
HeadClient *http.Client // main HTTP client, uses Config.HeadDialer
TailClient *http.Client // may be nil if not backfilling
Operators map[string]*LogOperator // operators by operator domain, valid after Start()
DB *PgDB
}
func Start ¶ added in v0.12.0
func Start(ctx context.Context, cfg *Config) (cs *CertStream, err error)
func (*CertStream) CountStreams ¶ added in v0.0.3
func (cs *CertStream) CountStreams() (running, stopped int)
func (*CertStream) LogError ¶ added in v0.1.0
func (cs *CertStream) LogError(err error, msg string, args ...any) error
func (*CertStream) LogInfo ¶ added in v0.12.0
func (cs *CertStream) LogInfo(msg string, args ...any)
type Certificate ¶ added in v0.10.0
type Config ¶ added in v0.12.0
type Config struct {
Logger Logger // if not nil Logger to use, no default
HeadDialer proxy.ContextDialer // dialer for following the head, defaults to &net.Dialer{}
TailDialer proxy.ContextDialer // if not nil, backfill db using this dialer, no default
PgUser string // PostgreSQL user, default "certstream"
PgPass string // PostgreSQL password, default "certstream"
PgName string // PostgreSQL db name, default "certstream"
PgAddr string // PostgreSQL address, no default
PgPrefix string // PostgreSQL naming prefix, default "certdb_"
PgConns int // max number of database connections, default 100
}
type JsonCertificate ¶ added in v0.12.0
type JsonCertificate struct {
PreCert bool `json:",omitempty"`
Seen time.Time `json:",omitempty"`
Signature []byte `json:",omitempty"` // SHA256 signature, searchable on crt.sh
Issuer JsonIdentity `json:",omitempty"`
Subject JsonIdentity `json:",omitempty"`
DNSNames []string `json:",omitempty"`
EmailAddresses []string `json:",omitempty"`
IPAddresses []string `json:",omitempty"`
URIs []string `json:",omitempty"`
NotBefore time.Time `json:",omitempty"`
NotAfter time.Time `json:",omitempty"`
}
func NewJSONCertificate ¶ added in v0.12.0
func NewJSONCertificate(cert *Certificate) (jsoncert *JsonCertificate)
type JsonIdentity ¶ added in v0.12.0
type JsonIdentity struct {
Country string `json:",omitempty"`
Organization string `json:",omitempty"`
Province string `json:",omitempty"`
CommonName string `json:",omitempty"`
}
func (*JsonIdentity) Fill ¶ added in v0.12.0
func (id *JsonIdentity) Fill(name *pkix.Name)
type LogEntry ¶
type LogEntry struct {
*LogStream
Err error // error from RawLogEntryFromLeaf or ToLogEntry, or nil
RawLogEntry *ct.RawLogEntry // may be nil in case of error
*ct.LogEntry // may be nil in case of error
Id int64 // database id, if available
Historical bool // true if the entry is from gap or backfilling
}
func (*LogEntry) Cert ¶
func (le *LogEntry) Cert() (crt *Certificate)
Cert returns the Certificate given a LogEntry or nil.
type LogOperator ¶ added in v0.0.3
type LogStream ¶
type LogStream struct {
*LogOperator
*loglist3.Log
*client.LogClient
HttpClient *http.Client
Err error // set if Stopped() returns true
Count atomic.Int64 // number of certificates sent to the channel
MinIndex atomic.Int64 // atomic: lowest index seen so far, -1 if none seen yet
MaxIndex atomic.Int64 // atomic: highest index seen so far, -1 if none seen yet
LastIndex atomic.Int64 // atomic: highest index that is available from stream source
InsideGaps atomic.Int64 // atomic: number of remaining entries inside gaps
Id int32 // database ID, if available
// contains filtered or unexported fields
}
func NewLogStream ¶
func (*LogStream) GetRawEntries ¶ added in v0.1.0
func (*LogStream) MakeLogEntry ¶ added in v0.1.0
func (*LogStream) NewLastIndex ¶ added in v0.1.0
type PgCertificate ¶ added in v0.12.0
type PgDB ¶ added in v0.12.0
type PgDB struct {
*CertStream
*pgxpool.Pool
Pfx func(string) string // prefix replacer
// contains filtered or unexported fields
}
PgDB integrates with sql.DB to manage certificate stream data for a PostgreSQL database
func NewPgDB ¶ added in v0.12.0
func NewPgDB(ctx context.Context, cs *CertStream) (cdb *PgDB, err error)
NewPgDB creates a PgDB and creates the needed tables and indices if they don't exist.
func (*PgDB) GetCertificateByHash ¶ added in v0.12.0
func (*PgDB) GetCertificateByID ¶ added in v0.12.0
func (*PgDB) GetCertificateByLogEntry ¶ added in v0.12.0
func (cdb *PgDB) GetCertificateByLogEntry(ctx context.Context, entry *PgLogEntry) (cert *JsonCertificate, err error)
type PgDnsnamesView ¶ added in v0.12.0
type PgLogEntry ¶ added in v0.12.0
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.