Versions in this module Expand all Collapse all v0 v0.12.0 Oct 10, 2024 Changes in this version + type NeverRecurser struct + func (r NeverRecurser) AllowRecursion(peer net.Addr) error + type TRCLoader struct + DB DB + Dir string + func (l *TRCLoader) Load(ctx context.Context) (LoadResult, error) v0.11.0 May 14, 2024 Changes in this version + func LastExpiring[T interface{ ... }](signers []T, validity cppki.Validity) (T, error) type ChainQuery + Validity cppki.Validity type Signer + func (s Signer) Validity() cppki.Validity type Verifier + BoundValidity cppki.Validity v0.10.0 Dec 21, 2023 v0.9.1 Oct 30, 2023 v0.9.0 Oct 16, 2023 Changes in this version type SignerGen + ExtKeyUsage x509.ExtKeyUsage + type TLSCryptoVerifier struct + DB DB + Timeout time.Duration + func NewTLSCryptoVerifier(db DB) *TLSCryptoVerifier + func (v *TLSCryptoVerifier) VerifyClientCertificate(rawCerts [][]byte, _ [][]*x509.Certificate) error + func (v *TLSCryptoVerifier) VerifyConnection(cs tls.ConnectionState) error + func (v *TLSCryptoVerifier) VerifyParsedClientCertificate(chain []*x509.Certificate) (addr.IA, error) + func (v *TLSCryptoVerifier) VerifyServerCertificate(rawCerts [][]byte, _ [][]*x509.Certificate) error v0.8.0 Jun 14, 2022 Changes in this version + var ErrAlreadyExists = serrors.New("already exists") + var ErrOutsideValidity = serrors.New("outside validity") + var ErrRecursionNotAllowed = serrors.New("recursion not allowed") + type ASLocalRecurser struct + IA addr.IA + func (r ASLocalRecurser) AllowRecursion(peer net.Addr) error + type Attribute int + const Any + const Authoritative + const Core + const RootCA + func (a Attribute) IsSubset(super Attribute) bool + func (a Attribute) String() string + type AuthRouter struct + DB DB + ISD addr.ISD + Router snet.Router + func (r AuthRouter) ChooseServer(ctx context.Context, subjectISD addr.ISD) (net.Addr, error) + type CachingInspector struct + Cache *cache.Cache + CacheHits libmetrics.Counter + Inspector Inspector + MaxCacheExpiration time.Duration + func (i CachingInspector) ByAttributes(ctx context.Context, isd addr.ISD, attrs Attribute) ([]addr.IA, error) + func (i CachingInspector) HasAttributes(ctx context.Context, ia addr.IA, attrs Attribute) (bool, error) + type ChainQuery struct + Date time.Time + IA addr.IA + SubjectKeyID []byte + func (q ChainQuery) MarshalJSON() ([]byte, error) + type DB interface + Chains func(context.Context, ChainQuery) ([][]*x509.Certificate, error) + InsertChain func(context.Context, []*x509.Certificate) (bool, error) + InsertTRC func(ctx context.Context, trc cppki.SignedTRC) (bool, error) + SignedTRC func(ctx context.Context, id cppki.TRCID) (cppki.SignedTRC, error) + type DBInspector struct + DB DB + func (i DBInspector) ByAttributes(ctx context.Context, isd addr.ISD, attrs Attribute) ([]addr.IA, error) + func (i DBInspector) HasAttributes(ctx context.Context, ia addr.IA, attrs Attribute) (bool, error) + type Engine struct + DB DB + type Fetcher interface + Chains func(ctx context.Context, req ChainQuery, server net.Addr) ([][]*x509.Certificate, error) + TRC func(ctx context.Context, id cppki.TRCID, server net.Addr) (cppki.SignedTRC, error) + type FetchingProvider struct + DB DB + Fetcher Fetcher + Recurser Recurser + Router Router + func (p FetchingProvider) GetChains(ctx context.Context, query ChainQuery, opts ...Option) ([][]*x509.Certificate, error) + func (p FetchingProvider) GetSignedTRC(ctx context.Context, id cppki.TRCID, opts ...Option) (cppki.SignedTRC, error) + func (p FetchingProvider) NotifyTRC(ctx context.Context, id cppki.TRCID, opts ...Option) error + type Inspector interface + ByAttributes func(ctx context.Context, isd addr.ISD, attrs Attribute) ([]addr.IA, error) + HasAttributes func(ctx context.Context, ia addr.IA, attrs Attribute) (bool, error) + type KeyRing interface + PrivateKeys func(ctx context.Context) ([]crypto.Signer, error) + type LoadResult struct + Ignored map[string]error + Loaded []string + func LoadChains(ctx context.Context, dir string, db DB) (LoadResult, error) + func LoadTRCs(ctx context.Context, dir string, db DB) (LoadResult, error) + type LocalOnlyRecurser struct + func (r LocalOnlyRecurser) AllowRecursion(peer net.Addr) error + type LocalRouter struct + IA addr.IA + func (r LocalRouter) ChooseServer(_ context.Context, _ addr.ISD) (net.Addr, error) + type Option func(o *options) + func AllowInactive() Option + func Client(client net.Addr) Option + func Server(server net.Addr) Option + type Provider interface + GetChains func(context.Context, ChainQuery, ...Option) ([][]*x509.Certificate, error) + GetSignedTRC func(context.Context, cppki.TRCID, ...Option) (cppki.SignedTRC, error) + NotifyTRC func(context.Context, cppki.TRCID, ...Option) error + type Recurser interface + AllowRecursion func(peer net.Addr) error + type Router interface + ChooseServer func(ctx context.Context, subjectISD addr.ISD) (net.Addr, error) + type Signer struct + Algorithm signed.SignatureAlgorithm + Chain []*x509.Certificate + ChainValidity cppki.Validity + Expiration time.Time + IA addr.IA + InGrace bool + PrivateKey crypto.Signer + Subject pkix.Name + SubjectKeyID []byte + TRCID cppki.TRCID + func (s Signer) Equal(o Signer) bool + func (s Signer) Sign(ctx context.Context, msg []byte, associatedData ...[]byte) (*cryptopb.SignedMessage, error) + func (s Signer) SignCMS(ctx context.Context, msg []byte) ([]byte, error) + type SignerGen struct + DB DB + IA addr.IA + KeyRing KeyRing + func (s SignerGen) Generate(ctx context.Context) (Signer, error) + type TLSCryptoManager struct + DB DB + Loader X509KeyPairLoader + Timeout time.Duration + func NewTLSCryptoManager(loader X509KeyPairLoader, db DB) *TLSCryptoManager + func (m *TLSCryptoManager) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error) + func (m *TLSCryptoManager) GetClientCertificate(_ *tls.CertificateRequestInfo) (*tls.Certificate, error) + func (m *TLSCryptoManager) VerifyPeerCertificate(rawCerts [][]byte, _ [][]*x509.Certificate) error + type Verifier struct + BoundIA addr.IA + BoundServer net.Addr + Cache *cache.Cache + CacheHits libmetrics.Counter + Engine Provider + MaxCacheExpiration time.Duration + func (v Verifier) Verify(ctx context.Context, signedMsg *cryptopb.SignedMessage, ...) (*signed.Message, error) + type X509KeyPairLoader interface + LoadX509KeyPair func() (*tls.Certificate, error)
Go to main page