fixchain

package
v0.0.0-...-ceca4e5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2017 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package fixchain holds code to help fix the validation chains for certificates.

Index

Constants

View Source
const (
	None errorType = iota
	ParseFailure
	CannotFetchURL
	FixFailed
	PostFailed    // Call to http.Client.PostChainToLog() failed
	LogPostFailed // http.Response from Certificate Transparency log contained a status code other than 200
	VerifyFailed
)

FixError types

Variables

This section is empty.

Functions

func CertificateFromPEM

func CertificateFromPEM(pemBytes string) (*x509.Certificate, error)

CertificateFromPEM takes a string representing a certificate in PEM format and returns the corresponding x509.Certificate object.

Types

type FixAndLog

type FixAndLog struct {
	// contains filtered or unexported fields
}

FixAndLog contains a Fixer and a Logger, for all your fix-then-log-chain needs!

func NewFixAndLog

func NewFixAndLog(fixerWorkerCount int, loggerWorkerCount int, errors chan<- *FixError, client *http.Client, logClient *http.Client, logURL string, limiter Limiter, logStats bool) *FixAndLog

NewFixAndLog creates an object that will asynchronously fix any chains that are added to its queue, and then log them to the Certificate Transparency log found at the given url. Any errors encountered along the way are pushed to the given errors channel.

func (*FixAndLog) QueueAllCertsInChain

func (fl *FixAndLog) QueueAllCertsInChain(chain []*x509.Certificate)

QueueAllCertsInChain adds every cert in the chain and the chain to the queue to be fixed and logged.

func (*FixAndLog) QueueChain

func (fl *FixAndLog) QueueChain(chain []*x509.Certificate)

QueueChain queues the given chain to be fixed wrt the roots of the logger contained in fl, and then logged to the Certificate Transparency log represented by the logger. Note: chain is expected to be in the order of cert --> root.

func (*FixAndLog) Wait

func (fl *FixAndLog) Wait()

Wait waits for the all of the queued chains to complete being fixed and logged.

type FixError

type FixError struct {
	Type  errorType
	Cert  *x509.Certificate   // The supplied leaf certificate
	Chain []*x509.Certificate // The supplied chain
	URL   string              // URL, if a URL is involved
	Bad   []byte              // The offending certificate bytes, if applicable
	Error error               // The error
	Code  int                 // The http response code from the Certificate Transparency log (only for use with LogPostFailed)
}

FixError is the struct with which errors in the fixing process are reported

func Fix

func Fix(cert *x509.Certificate, chain []*x509.Certificate, roots *x509.CertPool, client *http.Client) ([][]*x509.Certificate, []*FixError)

Fix attempts to fix the certificate chain for the certificate that is passed to it, with respect to the given roots. Fix returns a list of successfully constructed chains, and a list of errors it encountered along the way. The presence of FixErrors does not mean the fix was unsuccessful. Callers should check for returned chains to determine success.

func PostChainToLog

func PostChainToLog(chain []*x509.Certificate, client *http.Client, url string) *FixError

PostChainToLog attempts to post the given chain to the Certificate Transparency log at the given url, using the given http client. PostChainToLog returns a FixError if it is unable to post the chain either because client.Post() failed, or the http response code returned was not 200. It is up to the caller to handle such errors appropriately.

func UnmarshalJSON

func UnmarshalJSON(b []byte) (*FixError, error)

UnmarshalJSON converts the JSON representation of a FixError back to a FixError

func (FixError) Equal

func (e FixError) Equal(f *FixError) bool

Equal tests whether this FixError is equal to another given FixError

func (FixError) MarshalJSON

func (e FixError) MarshalJSON() ([]byte, error)

MarshalJSON converts a FixError to JSON

func (FixError) String

func (e FixError) String() string

String converts an error to a (mostly) human readable string

func (FixError) TypeString

func (e FixError) TypeString() string

TypeString returns a string describing e.Type

type Fixer

type Fixer struct {
	// contains filtered or unexported fields
}

Fixer contains methods to asynchronously fix certificate chains and properties to store information about each attempt that is made to fix a certificate chain.

func NewFixer

func NewFixer(workerCount int, chains chan<- []*x509.Certificate, errors chan<- *FixError, client *http.Client, logStats bool) *Fixer

NewFixer creates a new asynchronous fixer and starts up a pool of workerCount workers. Errors are pushed to the errors channel, and fixed chains are pushed to the chains channel. client is used to try to get any missing certificates that are needed when attempting to fix chains.

func (*Fixer) QueueChain

func (f *Fixer) QueueChain(cert *x509.Certificate, chain []*x509.Certificate, roots *x509.CertPool)

QueueChain adds the given cert and chain to the queue to be fixed by the fixer, with respect to the given roots. Note: chain is expected to be in the order of cert --> root.

func (*Fixer) Wait

func (f *Fixer) Wait()

Wait for all the fixer workers to finish.

type Limiter

type Limiter interface {
	Wait()
}

Limiter is an interface to allow different rate limiters to be used with the Logger.

type Logger

type Logger struct {
	// contains filtered or unexported fields
}

Logger contains methods to asynchronously log certificate chains to a Certificate Transparency log and properties to store information about each attempt that is made to post a certificate chain to said log.

func NewLogger

func NewLogger(workerCount int, url string, errors chan<- *FixError, client *http.Client, limiter Limiter, logStats bool) *Logger

NewLogger creates a new asynchronous logger to log chains to the Certificate Transparency log at the given url. It starts up a pool of workerCount workers. Errors are pushed to the errors channel. client is used to post the chains to the log.

func (*Logger) IsPosted

func (l *Logger) IsPosted(cert *x509.Certificate) bool

IsPosted tells the caller whether a chain for the given certificate has already been successfully posted to the log by this Logger.

func (*Logger) QueueChain

func (l *Logger) QueueChain(chain []*x509.Certificate)

QueueChain adds the given chain to the queue to be posted to the log.

func (*Logger) RootCerts

func (l *Logger) RootCerts() *x509.CertPool

RootCerts returns the root certificates that the log accepts.

func (*Logger) Wait

func (l *Logger) Wait()

Wait for all of the active requests to finish being processed.

Directories

Path Synopsis
fixchain is a utility program for fixing the validation chains for certificates.
fixchain is a utility program for fixing the validation chains for certificates.
Package ratelimiter provides an exceedingly simple rate limiter.
Package ratelimiter provides an exceedingly simple rate limiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL