Versions in this module Expand all Collapse all v0 v0.7.0 Mar 12, 2022 Changes in this version type Signer + Chain []*x509.Certificate + Subject pkix.Name + func (s Signer) SignCMS(ctx context.Context, msg []byte) ([]byte, error) v0.6.0 Dec 4, 2020 Changes in this version + var ErrAlreadyExists = serrors.New("already exists") + var ErrOutsideValidity = serrors.New("outside validity") + var ErrRecursionNotAllowed = serrors.New("recursion not allowed") + type ASLocalRecurser struct + IA addr.IA + func (r ASLocalRecurser) AllowRecursion(peer net.Addr) error + type Attribute int + const Any + const Authoritative + const Core + const RootCA + func (a Attribute) IsSubset(super Attribute) bool + func (a Attribute) String() string + type AuthRouter struct + DB DB + ISD addr.ISD + Router snet.Router + func (r AuthRouter) ChooseServer(ctx context.Context, subjectISD addr.ISD) (net.Addr, error) + type CachingInspector struct + Cache *cache.Cache + CacheHits libmetrics.Counter + Inspector Inspector + MaxCacheExpiration time.Duration + func (i CachingInspector) ByAttributes(ctx context.Context, isd addr.ISD, attrs Attribute) ([]addr.IA, error) + func (i CachingInspector) HasAttributes(ctx context.Context, ia addr.IA, attrs Attribute) (bool, error) + type ChainQuery struct + Date time.Time + IA addr.IA + SubjectKeyID []byte + func (q ChainQuery) MarshalJSON() ([]byte, error) + type DB interface + Chains func(context.Context, ChainQuery) ([][]*x509.Certificate, error) + InsertChain func(context.Context, []*x509.Certificate) (bool, error) + InsertTRC func(ctx context.Context, trc cppki.SignedTRC) (bool, error) + SignedTRC func(ctx context.Context, id cppki.TRCID) (cppki.SignedTRC, error) + type DBInspector struct + DB DB + func (i DBInspector) ByAttributes(ctx context.Context, isd addr.ISD, attrs Attribute) ([]addr.IA, error) + func (i DBInspector) HasAttributes(ctx context.Context, ia addr.IA, attrs Attribute) (bool, error) + type Engine struct + DB DB + type Fetcher interface + Chains func(ctx context.Context, req ChainQuery, server net.Addr) ([][]*x509.Certificate, error) + TRC func(ctx context.Context, id cppki.TRCID, server net.Addr) (cppki.SignedTRC, error) + type FetchingProvider struct + DB DB + Fetcher Fetcher + Recurser Recurser + Router Router + func (p FetchingProvider) GetChains(ctx context.Context, query ChainQuery, opts ...Option) ([][]*x509.Certificate, error) + func (p FetchingProvider) GetSignedTRC(ctx context.Context, id cppki.TRCID, opts ...Option) (cppki.SignedTRC, error) + func (p FetchingProvider) NotifyTRC(ctx context.Context, id cppki.TRCID, opts ...Option) error + type Inspector interface + ByAttributes func(ctx context.Context, isd addr.ISD, attrs Attribute) ([]addr.IA, error) + HasAttributes func(ctx context.Context, ia addr.IA, attrs Attribute) (bool, error) + type KeyRing interface + PrivateKeys func(ctx context.Context) ([]crypto.Signer, error) + type LoadResult struct + Ignored map[string]error + Loaded []string + func LoadChains(ctx context.Context, dir string, db DB) (LoadResult, error) + func LoadTRCs(ctx context.Context, dir string, db DB) (LoadResult, error) + type LocalOnlyRecurser struct + func (r LocalOnlyRecurser) AllowRecursion(peer net.Addr) error + type LocalRouter struct + IA addr.IA + func (r LocalRouter) ChooseServer(_ context.Context, _ addr.ISD) (net.Addr, error) + type Option func(o *options) + func AllowInactive() Option + func Client(client net.Addr) Option + func Server(server net.Addr) Option + type Provider interface + GetChains func(context.Context, ChainQuery, ...Option) ([][]*x509.Certificate, error) + GetSignedTRC func(context.Context, cppki.TRCID, ...Option) (cppki.SignedTRC, error) + NotifyTRC func(context.Context, cppki.TRCID, ...Option) error + type Recurser interface + AllowRecursion func(peer net.Addr) error + type Router interface + ChooseServer func(ctx context.Context, subjectISD addr.ISD) (net.Addr, error) + type Signer struct + Algorithm signed.SignatureAlgorithm + ChainValidity cppki.Validity + Expiration time.Time + Hash crypto.Hash + IA addr.IA + InGrace bool + PrivateKey crypto.Signer + SubjectKeyID []byte + TRCID cppki.TRCID + func (s Signer) Equal(o Signer) bool + func (s Signer) Sign(ctx context.Context, msg []byte, associatedData ...[]byte) (*cryptopb.SignedMessage, error) + type SignerGen struct + DB DB + IA addr.IA + KeyRing KeyRing + func (s SignerGen) Generate(ctx context.Context) (Signer, error) + type TLSCryptoManager struct + DB DB + Loader X509KeyPairLoader + Timeout time.Duration + func NewTLSCryptoManager(loader X509KeyPairLoader, db DB) *TLSCryptoManager + func (m *TLSCryptoManager) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error) + func (m *TLSCryptoManager) GetClientCertificate(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) + func (m *TLSCryptoManager) VerifyPeerCertificate(rawCerts [][]byte, _ [][]*x509.Certificate) error + type Verifier struct + BoundIA addr.IA + BoundServer net.Addr + Cache *cache.Cache + CacheHits libmetrics.Counter + Engine Provider + MaxCacheExpiration time.Duration + func (v Verifier) Verify(ctx context.Context, signedMsg *cryptopb.SignedMessage, ...) (*signed.Message, error) + type X509KeyPairLoader interface + LoadX509KeyPair func() (*tls.Certificate, error)
Go to main page