Documentation ¶
Index ¶
- Constants
- Variables
- func GetLogList(ctx context.Context, httpClient *http.Client, listUrl string) (logList *loglist3.LogList, err error)
- func OperatorDomain(urlString string) string
- func ScanCertificate(row Scanner, cert *PgCertificate) (err error)
- func ScanDnsname(row Scanner, p *PgDnsname) error
- func ScanDnsnamesView(row Scanner, dnsname *PgDnsnamesView) (err error)
- func ScanIdent(row Scanner, ident *PgIdent) error
- func ScanLogEntry(row Scanner, entry *PgLogEntry) (err error)
- type CertStream
- type Certificate
- type Config
- type JsonCertificate
- type JsonIdentity
- type LogEntry
- type LogOperator
- type LogStream
- type Logger
- type PgCertificate
- type PgDB
- func (cdb *PgDB) Estimate(ctx context.Context, table string) (estimate float64, err error)
- func (cdb *PgDB) GetCertificateByHash(ctx context.Context, hash []byte) (cert *JsonCertificate, err error)
- func (cdb *PgDB) GetCertificateByID(ctx context.Context, id int64) (cert *JsonCertificate, err error)
- func (cdb *PgDB) GetCertificateByLogEntry(ctx context.Context, entry *PgLogEntry) (cert *JsonCertificate, err error)
- func (cdb *PgDB) Operator(ctx context.Context, lo *LogOperator) (err error)
- func (cdb *PgDB) Stream(ctx context.Context, ls *LogStream) (err error)
- type PgDnsname
- type PgDnsnamesView
- type PgIdent
- type PgLogEntry
- type Scanner
Constants ¶
View Source
const SelectDnsnameLike = `SELECT * FROM CERTDB_dnsnames WHERE dnsname LIKE $1;`
View Source
const SelectEstimate = `SELECT reltuples AS estimate FROM pg_class WHERE relname = $1;`
View Source
const SelectMaxIndex = `SELECT MAX(logindex) AS logindex FROM CERTDB_entry WHERE stream = $1;`
View Source
const SelectMinIndex = `SELECT MIN(logindex) AS logindex FROM CERTDB_entry WHERE stream = $1;`
Variables ¶
View Source
var BatchSize = 1024
View Source
var BulkRange = int64(4096)
View Source
var DefaultTransport = &http.Transport{ TLSHandshakeTimeout: 30 * time.Second, ResponseHeaderTimeout: 30 * time.Second, MaxConnsPerHost: 2, MaxIdleConnsPerHost: 2, DisableKeepAlives: false, ExpectContinueTimeout: 1 * time.Second, ForceAttemptHTTP2: true, }
View Source
var FunctionName string
View Source
var FunctionOperatorID string
View Source
var FunctionStreamID string
View Source
var ProcedureCreateSchema string
View Source
var ProcedureNewEntry string
View Source
var SelectGaps string
Functions ¶
func GetLogList ¶
func GetLogList(ctx context.Context, httpClient *http.Client, listUrl string) (logList *loglist3.LogList, err error)
GetLogList fetches a CT log list from the given listUrl. Usually you would pass loglist3.AllLogListURL for the listUrl.
func OperatorDomain ¶
OperatorDomain returns the TLD+1 given an URL.
func ScanCertificate ¶ added in v0.12.0
func ScanCertificate(row Scanner, cert *PgCertificate) (err error)
func ScanDnsname ¶ added in v0.12.0
func ScanDnsnamesView ¶ added in v0.12.0
func ScanDnsnamesView(row Scanner, dnsname *PgDnsnamesView) (err error)
func ScanLogEntry ¶ added in v0.12.0
func ScanLogEntry(row Scanner, entry *PgLogEntry) (err error)
Types ¶
type CertStream ¶
type CertStream struct { Config // copy of config C <-chan *LogEntry // log entry channel HeadClient *http.Client // main HTTP client, uses Config.HeadDialer TailClient *http.Client // may be nil if not backfilling Operators map[string]*LogOperator // operators by operator domain, valid after Start() DB *PgDB }
func Start ¶ added in v0.12.0
func Start(ctx context.Context, cfg *Config) (cs *CertStream, err error)
func (*CertStream) CountStreams ¶ added in v0.0.3
func (cs *CertStream) CountStreams() (running, stopped int)
func (*CertStream) LogError ¶ added in v0.1.0
func (cs *CertStream) LogError(err error, msg string, args ...any) error
func (*CertStream) LogInfo ¶ added in v0.12.0
func (cs *CertStream) LogInfo(msg string, args ...any)
type Certificate ¶ added in v0.10.0
type Config ¶ added in v0.12.0
type Config struct { Logger Logger // if not nil Logger to use, no default HeadDialer proxy.ContextDialer // dialer for following the head, defaults to &net.Dialer{} TailDialer proxy.ContextDialer // if not nil, backfill db using this dialer, no default PgUser string // PostgreSQL user, default "certstream" PgPass string // PostgreSQL password, default "certstream" PgName string // PostgreSQL db name, default "certstream" PgAddr string // PostgreSQL address, no default PgPrefix string // PostgreSQL naming prefix, default "certdb_" PgConns int // max number of database connections, default 100 }
type JsonCertificate ¶ added in v0.12.0
type JsonCertificate struct { PreCert bool `json:",omitempty"` Seen time.Time `json:",omitempty"` Signature []byte `json:",omitempty"` // SHA256 signature, searchable on crt.sh Issuer JsonIdentity `json:",omitempty"` Subject JsonIdentity `json:",omitempty"` DNSNames []string `json:",omitempty"` EmailAddresses []string `json:",omitempty"` IPAddresses []string `json:",omitempty"` URIs []string `json:",omitempty"` NotBefore time.Time `json:",omitempty"` NotAfter time.Time `json:",omitempty"` }
func NewJSONCertificate ¶ added in v0.12.0
func NewJSONCertificate(cert *Certificate) (jsoncert *JsonCertificate)
type JsonIdentity ¶ added in v0.12.0
type JsonIdentity struct { Country string `json:",omitempty"` Organization string `json:",omitempty"` Province string `json:",omitempty"` CommonName string `json:",omitempty"` }
func (*JsonIdentity) Fill ¶ added in v0.12.0
func (id *JsonIdentity) Fill(name *pkix.Name)
type LogEntry ¶
type LogEntry struct { *LogStream Err error // error from RawLogEntryFromLeaf or ToLogEntry, or nil RawLogEntry *ct.RawLogEntry // may be nil in case of error *ct.LogEntry // may be nil in case of error Id int64 // database id, if available Historical bool // true if the entry is from gap or backfilling }
func (*LogEntry) Cert ¶
func (le *LogEntry) Cert() (crt *Certificate)
Cert returns the Certificate given a LogEntry or nil.
type LogOperator ¶ added in v0.0.3
type LogStream ¶
type LogStream struct { *LogOperator *loglist3.Log *client.LogClient HttpClient *http.Client Err error // set if Stopped() returns true Count atomic.Int64 // number of certificates sent to the channel MinIndex atomic.Int64 // atomic: lowest index seen so far, -1 if none seen yet MaxIndex atomic.Int64 // atomic: highest index seen so far, -1 if none seen yet LastIndex atomic.Int64 // atomic: highest index that is available from stream source InsideGaps atomic.Int64 // atomic: number of remaining entries inside gaps Id int32 // database ID, if available // contains filtered or unexported fields }
func (*LogStream) GetRawEntries ¶ added in v0.1.0
func (*LogStream) NewLastIndex ¶ added in v0.1.0
type PgCertificate ¶ added in v0.12.0
type PgDB ¶ added in v0.12.0
type PgDB struct { *CertStream *pgxpool.Pool Pfx func(string) string // prefix replacer // contains filtered or unexported fields }
PgDB integrates with sql.DB to manage certificate stream data for a PostgreSQL database
func NewPgDB ¶ added in v0.12.0
func NewPgDB(ctx context.Context, cs *CertStream) (cdb *PgDB, err error)
NewPgDB creates a PgDB and creates the needed tables and indices if they don't exist.
func (*PgDB) GetCertificateByHash ¶ added in v0.12.0
func (*PgDB) GetCertificateByID ¶ added in v0.12.0
func (*PgDB) GetCertificateByLogEntry ¶ added in v0.12.0
func (cdb *PgDB) GetCertificateByLogEntry(ctx context.Context, entry *PgLogEntry) (cert *JsonCertificate, err error)
type PgDnsnamesView ¶ added in v0.12.0
type PgLogEntry ¶ added in v0.12.0
Source Files ¶
Click to show internal directories.
Click to hide internal directories.