Documentation
¶
Index ¶
- Variables
- type ASLocalRecurser
- type ChainRead
- type ChainReq
- type ChainWrite
- type CryptoProvider
- type DB
- type DBRead
- type DBWrite
- type Inserter
- type Inspector
- type LocalOnlyRecurser
- type RPC
- type ReadWrite
- type Recurser
- type Resolver
- type Router
- type TRCInfo
- type TRCProviderFunc
- type TRCRead
- type TRCReq
- type TRCWrite
- type Transaction
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrNotFound indicates that the queried value was not found in the database. ErrNotFound = serrors.New("not found") // ErrContentMismatch indicates that the crypto material exists with differing content. ErrContentMismatch = serrors.New("content does not match") )
View Source
var ( // ErrBaseNotSupported indicates base TRC insertion is not supported. ErrBaseNotSupported = serrors.New("inserting base TRC not supported") // ErrValidation indicates a validation error. ErrValidation = serrors.New("validation error") // ErrVerification indicates a verification error. ErrVerification = serrors.New("verification error") )
View Source
var ErrInactive = serrors.New("inactive")
ErrInactive indicates that the requested material is inactive.
View Source
var ErrRecursionNotAllowed = serrors.New("recursion not allowed")
ErrRecursionNotAllowed indicates that recursion is not allowed.
View Source
var ( // ErrResolveSuperseded indicates that the latest locally available TRC // supersedes the TRC to resolve. ErrResolveSuperseded = serrors.New("latest locally available is newer") )
Functions ¶
This section is empty.
Types ¶
type ASLocalRecurser ¶
ASLocalRecurser allows AS local addresses to start recursive requests.
func (*ASLocalRecurser) AllowRecursion ¶
func (r *ASLocalRecurser) AllowRecursion(peer net.Addr) error
AllowRecursion returns an error if address is not part of the local AS (or if the check cannot be made).
type ChainRead ¶
type ChainRead interface {
// GetRawChain returns the raw signed certificate chain bytes. If it is not
// found, ErrNotFound is returned.
GetRawChain(ctx context.Context, ia addr.IA, version scrypto.Version) ([]byte, error)
// ChainExists returns whether the certificate chain is found in the
// database and the content matches. ErrContentMismatch is returned if any
// of the two certificates exist in the database with differing contents.
ChainExists(ctx context.Context, d decoded.TRC) (bool, error)
}
ChainRead defines the certificate chain read operations.
type ChainWrite ¶
type ChainWrite interface {
// InsertChain inserts the certificate chain. The call returns true in the
// first return value, if the certificate chain was inserted, or false if it
// already existed and the contents matches. The second return value
// indicates whether the issuer certificate was inserted, or it already
// existed. ErrContentMismatch is returned if any of the two certificates
// exist in the database with differing contents.
InsertChain(ctx context.Context, d decoded.Chain) (bool, bool, error)
}
ChainWrite defines the certificate chain write operations.
type CryptoProvider ¶
type CryptoProvider interface {
// GetTRC asks the trust store to return a valid and active TRC for isd,
// unless inactive TRCs are specifically allowed. The optionally configured
// server is queried over the network if the TRC is not available locally.
// Otherwise, the default server is queried. How the default server is
// determined differs between implementations.
GetTRC(ctx context.Context, isd addr.ISD, version scrypto.Version,
opts infra.TRCOpts) (*trc.TRC, error)
// GetRawTRC behaves the same as GetTRC, except returning the raw signed TRC.
GetRawTRC(ctx context.Context, isd addr.ISD, version scrypto.Version,
opts infra.TRCOpts, client net.Addr) ([]byte, error)
// GetRawChain asks the trust store to return a valid and active certificate
// chain, unless inactive chains are specifically allowed. The optionally
// configured server is queried over the network if the certificate chain is
// not available locally. Otherwise, the default server is queried. How the
// default server is determined differs between implementations.
GetRawChain(ctx context.Context, ia addr.IA, version scrypto.Version,
opts infra.ChainOpts, client net.Addr) ([]byte, error)
}
CryptoProvider provides crypto material. A crypto provider can spawn network requests if necessary and permitted.
type DB ¶
type DB interface {
ReadWrite
// BeginTransaction starts a transaction.
BeginTransaction(ctx context.Context, opts *sql.TxOptions) (Transaction, error)
db.LimitSetter
io.Closer
}
DB defines the interface a trust DB must implement.
type Inserter ¶
type Inserter interface {
// InsertTRC verifies the signed TRC and inserts it into the database.
// The previous TRC is queried through the provider function, when necessary.
InsertTRC(ctx context.Context, decTRC decoded.TRC, trcProvider TRCProviderFunc) error
// InsertChain verifies the signed certificate chain and inserts it into the
// database. The issuing TRC is queried through the provider function, when
// necessary.
InsertChain(ctx context.Context, decChain decoded.Chain, trcProvider TRCProviderFunc) error
}
Inserter inserts and verifies trust material into the database.
type Inspector ¶
type Inspector interface {
// ByAttributes returns a list of primary ASes in the specified ISD that hold
// all the requested attributes.
ByAttributes(ctx context.Context, isd addr.ISD, opts infra.ASInspectorOpts) ([]addr.IA, error)
// HasAttributes indicates whether an AS holds all the specified attributes.
// The first return value is always false for non-primary ASes.
HasAttributes(ctx context.Context, ia addr.IA, opts infra.ASInspectorOpts) (bool, error)
}
Inspector gives insights into the primary ASes of a given ISD.
type LocalOnlyRecurser ¶
type LocalOnlyRecurser struct{}
LocalOnlyRecurser returns an error if the address is not nil.
func (LocalOnlyRecurser) AllowRecursion ¶
func (r LocalOnlyRecurser) AllowRecursion(peer net.Addr) error
AllowRecursion returns an error if the address is not nil.
type RPC ¶
type RPC interface {
GetTRC(context.Context, TRCReq, net.Addr) ([]byte, error)
GetCertChain(ctx context.Context, msg ChainReq, a net.Addr) ([]byte, error)
SendTRC(context.Context, []byte, net.Addr) error
SendCertChain(context.Context, []byte, net.Addr) error
SetMsgr(msgr infra.Messenger)
}
RPC abstracts the RPC calls over the messenger.
type Recurser ¶
type Recurser interface {
// AllowRecursion indicates whether the recursion is allowed for the
// provided Peer. Recursions started by the local trust store have a nil
// address and should generally be allowed. The nil value indicates
// recursion is allowed. Non-nil return values indicate that recursion is
// not allowed and specify the reason.
AllowRecursion(peer net.Addr) error
}
Recurser decides whether a recursive request is permitted for a given peer. For infra services use either ASLocalRecurser or LocalOnlyRecurser.
type Resolver ¶
type Resolver interface {
// TRC resolves the decoded signed TRC. Missing links in the TRC
// verification chain are also requested.
TRC(ctx context.Context, req TRCReq, server net.Addr) (decoded.TRC, error)
// Chain resolves the raw signed certificate chain. If the issuing TRC is
// missing, it is also requested.
Chain(ctx context.Context, req ChainReq, server net.Addr) (decoded.Chain, error)
}
Resolver resolves verified trust material.
type Router ¶
type Router interface {
// ChooseServer determines the remote server for trust material with the
// subject in the provided ISD.
ChooseServer(ctx context.Context, subjectISD addr.ISD) (net.Addr, error)
}
Router builds the CS address for crypto material with the subject in a given ISD.
type TRCProviderFunc ¶
TRCProviderFunc provides TRCs. It is used to configure the TRC retrieval method of the inserter.
type TRCRead ¶
type TRCRead interface {
// TRCExists returns whether the TRC is found in the database and the
// content matches. ErrContentMismatch is returned if the TRC is in the
// database with differing contents.
TRCExists(ctx context.Context, d decoded.TRC) (bool, error)
// GetTRC returns the TRC. If it is not found, ErrNotFound is returned.
GetTRC(ctx context.Context, isd addr.ISD, version scrypto.Version) (*trc.TRC, error)
// GetRawTRC returns the raw signed TRC bytes. If it is not found,
// ErrNotFound is returned.
GetRawTRC(ctx context.Context, isd addr.ISD, version scrypto.Version) ([]byte, error)
// GetTRCInfo returns the infos for the requested TRC. If it is not found,
// ErrNotFound is returned.
GetTRCInfo(ctx context.Context, isd addr.ISD, version scrypto.Version) (TRCInfo, error)
}
TRCRead defines the TRC read operations.
type TRCWrite ¶
type TRCWrite interface {
// InsertTRC inserts the TRCs. The call returns true if the TRC was
// inserter, or false if it already existed and the content matches.
// ErrContentMismatch is returned if the TRC is in the database with
// differing contents.
InsertTRC(ctx context.Context, d decoded.TRC) (bool, error)
}
TRCWrite defines the TRC write operations.
type Transaction ¶
type Transaction interface {
ReadWrite
// Commit commits the transaction.
Commit() error
// Rollback rollbacks the transaction.
Rollback() error
}
Transaction represents a trust DB transaction. To end the transaction either Rollback or Commit should be called. Calling Commit or Rollback multiple times will result in an error.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.