Documentation ¶
Overview ¶
Package fixchain holds code to help fix the validation chains for certificates.
Index ¶
Constants ¶
const ( None errorType = iota ParseFailure CannotFetchURL FixFailed PostFailed // Call to http.Client.PostChainToLog() failed LogPostFailed // http.Response from Certificate Transparency log contained a status code other than 200 VerifyFailed )
FixError types
Variables ¶
This section is empty.
Functions ¶
func CertificateFromPEM ¶
func CertificateFromPEM(pemBytes string) (*x509.Certificate, error)
CertificateFromPEM takes a string representing a certificate in PEM format and returns the corresponding x509.Certificate object.
Types ¶
type FixAndLog ¶
type FixAndLog struct {
// contains filtered or unexported fields
}
FixAndLog contains a Fixer and a Logger, for all your fix-then-log-chain needs!
func NewFixAndLog ¶
func NewFixAndLog(fixerWorkerCount int, loggerWorkerCount int, errors chan<- *FixError, client *http.Client, logClient *http.Client, logURL string, limiter Limiter, logStats bool) *FixAndLog
NewFixAndLog creates an object that will asynchronously fix any chains that are added to its queue, and then log them to the Certificate Transparency log found at the given url. Any errors encountered along the way are pushed to the given errors channel.
func (*FixAndLog) QueueAllCertsInChain ¶
func (fl *FixAndLog) QueueAllCertsInChain(chain []*x509.Certificate)
QueueAllCertsInChain adds every cert in the chain and the chain to the queue to be fixed and logged.
func (*FixAndLog) QueueChain ¶
func (fl *FixAndLog) QueueChain(chain []*x509.Certificate)
QueueChain queues the given chain to be fixed wrt the roots of the logger contained in fl, and then logged to the Certificate Transparency log represented by the logger. Note: chain is expected to be in the order of cert --> root.
type FixError ¶
type FixError struct { Type errorType Cert *x509.Certificate // The supplied leaf certificate Chain []*x509.Certificate // The supplied chain URL string // URL, if a URL is involved Bad []byte // The offending certificate bytes, if applicable Error error // The error Code int // The http response code from the Certificate Transparency log (only for use with LogPostFailed) }
FixError is the struct with which errors in the fixing process are reported
func Fix ¶
func Fix(cert *x509.Certificate, chain []*x509.Certificate, roots *x509.CertPool, client *http.Client) ([][]*x509.Certificate, []*FixError)
Fix attempts to fix the certificate chain for the certificate that is passed to it, with respect to the given roots. Fix returns a list of successfully constructed chains, and a list of errors it encountered along the way. The presence of FixErrors does not mean the fix was unsuccessful. Callers should check for returned chains to determine success.
func PostChainToLog ¶
PostChainToLog attempts to post the given chain to the Certificate Transparency log at the given url, using the given http client. PostChainToLog returns a FixError if it is unable to post the chain either because client.Post() failed, or the http response code returned was not 200. It is up to the caller to handle such errors appropriately.
func UnmarshalJSON ¶
UnmarshalJSON converts the JSON representation of a FixError back to a FixError
func (FixError) MarshalJSON ¶
MarshalJSON converts a FixError to JSON
func (FixError) TypeString ¶
TypeString returns a string describing e.Type
type Fixer ¶
type Fixer struct {
// contains filtered or unexported fields
}
Fixer contains methods to asynchronously fix certificate chains and properties to store information about each attempt that is made to fix a certificate chain.
func NewFixer ¶
func NewFixer(workerCount int, chains chan<- []*x509.Certificate, errors chan<- *FixError, client *http.Client, logStats bool) *Fixer
NewFixer creates a new asynchronous fixer and starts up a pool of workerCount workers. Errors are pushed to the errors channel, and fixed chains are pushed to the chains channel. client is used to try to get any missing certificates that are needed when attempting to fix chains.
func (*Fixer) QueueChain ¶
func (f *Fixer) QueueChain(cert *x509.Certificate, chain []*x509.Certificate, roots *x509.CertPool)
QueueChain adds the given cert and chain to the queue to be fixed by the fixer, with respect to the given roots. Note: chain is expected to be in the order of cert --> root.
type Limiter ¶
type Limiter interface {
Wait()
}
Limiter is an interface to allow different rate limiters to be used with the Logger.
type Logger ¶
type Logger struct {
// contains filtered or unexported fields
}
Logger contains methods to asynchronously log certificate chains to a Certificate Transparency log and properties to store information about each attempt that is made to post a certificate chain to said log.
func NewLogger ¶
func NewLogger(workerCount int, url string, errors chan<- *FixError, client *http.Client, limiter Limiter, logStats bool) *Logger
NewLogger creates a new asynchronous logger to log chains to the Certificate Transparency log at the given url. It starts up a pool of workerCount workers. Errors are pushed to the errors channel. client is used to post the chains to the log.
func (*Logger) IsPosted ¶
func (l *Logger) IsPosted(cert *x509.Certificate) bool
IsPosted tells the caller whether a chain for the given certificate has already been successfully posted to the log by this Logger.
func (*Logger) QueueChain ¶
func (l *Logger) QueueChain(chain []*x509.Certificate)
QueueChain adds the given chain to the queue to be posted to the log.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
fixchain is a utility program for fixing the validation chains for certificates.
|
fixchain is a utility program for fixing the validation chains for certificates. |
Package ratelimiter provides an exceedingly simple rate limiter.
|
Package ratelimiter provides an exceedingly simple rate limiter. |