Documentation ¶
Overview ¶
Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. See http://tools.ietf.org/html/rfc6962 for details
Index ¶
- func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, error)
- type AddLogClient
- type CheckLogClient
- type LogClient
- func (c *LogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
- func (c *LogClient) AddJSON(ctx context.Context, data interface{}) (*ct.SignedCertificateTimestamp, error)
- func (c *LogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
- func (c *LogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
- func (c *LogClient) GetEntries(ctx context.Context, start, end int64) ([]ct.LogEntry, error)
- func (c *LogClient) GetEntryAndProof(ctx context.Context, index, treeSize uint64) (*ct.GetEntryAndProofResponse, error)
- func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)
- func (c *LogClient) GetRawEntries(ctx context.Context, start, end int64) (*ct.GetEntriesResponse, error)
- func (c *LogClient) GetSTH(ctx context.Context) (*ct.SignedTreeHead, error)
- func (c *LogClient) GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)
- func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype ct.LogEntryType, ...) error
- func (c *LogClient) VerifySTHSignature(sth ct.SignedTreeHead) error
- type RspError
- type TemporalLogClient
- func (tlc *TemporalLogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
- func (tlc *TemporalLogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
- func (tlc *TemporalLogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
- func (tlc *TemporalLogClient) IndexByDate(when time.Time) (int, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func TemporalLogConfigFromFile ¶
func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, error)
TemporalLogConfigFromFile creates a TemporalLogConfig object from the given filename, which should contain text-protobuf encoded configuration data.
Types ¶
type AddLogClient ¶
type AddLogClient interface { AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error) }
AddLogClient is an interface that allows adding certificates and pre-certificates to a log. Both LogClient and TemporalLogClient implement this interface, which allows users to commonize code for adding certs to normal/temporal logs.
type CheckLogClient ¶ added in v1.0.12
type CheckLogClient interface { BaseURI() string GetSTH(context.Context) (*ct.SignedTreeHead, error) GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error) }
CheckLogClient is an interface that allows (just) checking of various log contents.
type LogClient ¶
type LogClient struct {
jsonclient.JSONClient
}
LogClient represents a client for a given CT Log instance
func New ¶
New constructs a new LogClient instance. |uri| is the base URI of the CT log instance to interact with, e.g. https://ct.googleapis.com/pilot |hc| is the underlying client to be used for HTTP requests to the CT log. |opts| can be used to provide a custom logger interface and a public key for signature verification.
func (*LogClient) AddChain ¶
func (c *LogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddChain adds the (DER represented) X509 |chain| to the log.
func (*LogClient) AddJSON ¶
func (c *LogClient) AddJSON(ctx context.Context, data interface{}) (*ct.SignedCertificateTimestamp, error)
AddJSON submits arbitrary data to to XJSON server.
func (*LogClient) AddPreChain ¶
func (c *LogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddPreChain adds the (DER represented) Precertificate |chain| to the log.
func (*LogClient) GetAcceptedRoots ¶
GetAcceptedRoots retrieves the set of acceptable root certificates for a log.
func (*LogClient) GetEntries ¶
GetEntries attempts to retrieve the entries in the sequence [start, end] from the CT log server (RFC6962 s4.6) as parsed [pre-]certificates for convenience, held in a slice of ct.LogEntry structures. However, this does mean that any certificate parsing failures will cause a failure of the whole retrieval operation; for more robust retrieval of parsed certificates, use GetRawEntries() and invoke ct.LogEntryFromLeaf() on each individual entry.
func (*LogClient) GetEntryAndProof ¶ added in v1.0.20
func (c *LogClient) GetEntryAndProof(ctx context.Context, index, treeSize uint64) (*ct.GetEntryAndProofResponse, error)
GetEntryAndProof returns a log entry and audit path for the index of a leaf.
func (*LogClient) GetProofByHash ¶
func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)
GetProofByHash returns an audit path for the hash of an SCT.
func (*LogClient) GetRawEntries ¶
func (c *LogClient) GetRawEntries(ctx context.Context, start, end int64) (*ct.GetEntriesResponse, error)
GetRawEntries exposes the /ct/v1/get-entries result with only the JSON parsing done.
func (*LogClient) GetSTH ¶
GetSTH retrieves the current STH from the log. Returns a populated SignedTreeHead, or a non-nil error (which may be of type RspError if a raw http.Response is available).
func (*LogClient) GetSTHConsistency ¶
GetSTHConsistency retrieves the consistency proof between two snapshots.
func (*LogClient) VerifySCTSignature ¶
func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype ct.LogEntryType, certData []ct.ASN1Cert) error
VerifySCTSignature checks the signature in sct for the given LogEntryType, with associated certificate chain.
func (*LogClient) VerifySTHSignature ¶
func (c *LogClient) VerifySTHSignature(sth ct.SignedTreeHead) error
VerifySTHSignature checks the signature in sth, returning any error encountered or nil if verification is successful.
type RspError ¶
RspError represents an error that occurred when processing a response from a server, and also includes key details from the http.Response that triggered the error.
type TemporalLogClient ¶
type TemporalLogClient struct { Clients []*LogClient // contains filtered or unexported fields }
TemporalLogClient allows [pre-]certificates to be uploaded to a temporal log.
func NewTemporalLogClient ¶
func NewTemporalLogClient(cfg configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error)
NewTemporalLogClient builds a new client for interacting with a temporal log. The provided config should be contiguous and chronological.
func (*TemporalLogClient) AddChain ¶
func (tlc *TemporalLogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddChain adds the (DER represented) X509 chain to the appropriate log.
func (*TemporalLogClient) AddPreChain ¶
func (tlc *TemporalLogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddPreChain adds the (DER represented) Precertificate chain to the appropriate log.
func (*TemporalLogClient) GetAcceptedRoots ¶
GetAcceptedRoots retrieves the set of acceptable root certificates for all of the shards of a temporal log (i.e. the union).
func (*TemporalLogClient) IndexByDate ¶
func (tlc *TemporalLogClient) IndexByDate(when time.Time) (int, error)
IndexByDate returns the index of the Clients entry that is appropriate for the given date.