Documentation ¶
Index ¶
- Constants
- Variables
- func DetermineType(path string) int
- type CallbackExplore
- type CertificateError
- func NewCertificateErrorCRLRevocation(cert *librpki.RPKICertificate, err error, fileCrl *PKIFile, ...) *CertificateError
- func NewCertificateErrorConflict(cert *librpki.RPKICertificate, conflict *librpki.RPKICertificate) *CertificateError
- func NewCertificateErrorManifestRevocation(cert *librpki.RPKICertificate, err error, fileMft *PKIFile, ...) *CertificateError
- func NewCertificateErrorParent(cert, parent *librpki.RPKICertificate, err error) *CertificateError
- func NewCertificateErrorResource(cert *librpki.RPKICertificate, ips []librpki.IPCertificateInformation, ...) *CertificateError
- func NewCertificateErrorRevocation(cert *librpki.RPKICertificate) *CertificateError
- func NewCertificateErrorValidity(cert *librpki.RPKICertificate, err error) *CertificateError
- type FileError
- type FileSeeker
- type Frame
- type Log
- type PKIFile
- type Resource
- type ResourceError
- type SeekFile
- type SimpleManager
- func (sm *SimpleManager) AddInitial(fileList []*PKIFile)
- func (sm *SimpleManager) Close()
- func (sm *SimpleManager) Explore(notMFT bool, addInvalidChilds bool) int
- func (sm *SimpleManager) ExploreAdd(file *PKIFile, data *SeekFile, addInvalidChilds bool)
- func (sm *SimpleManager) GetNextExplore() (*PKIFile, bool, error)
- func (sm *SimpleManager) GetNextFile(curExplore *PKIFile) (*SeekFile, error)
- func (sm *SimpleManager) GetNextRepository(curExplore *PKIFile, callback CallbackExplore) error
- func (sm *SimpleManager) HasMore() bool
- func (sm *SimpleManager) InvalidateCRLParent(file *PKIFile, crlError error)
- func (sm *SimpleManager) InvalidateManifestParent(file *PKIFile, mftError error)
- func (sm *SimpleManager) PutFiles(fileList []*PKIFile)
- type Validator
- func (v *Validator) AddCRL(crl *pkix.CertificateList) (bool, *Resource, error)
- func (v *Validator) AddCert(cert *librpki.RPKICertificate, trust bool) (bool, []*PKIFile, *Resource, error)
- func (v *Validator) AddManifest(pkifile *PKIFile, mft *librpki.RPKIManifest) (bool, []*PKIFile, *Resource, error)
- func (v *Validator) AddROA(pkifile *PKIFile, roa *librpki.RPKIROA) (bool, *Resource, error)
- func (v *Validator) AddResource(pkifile *PKIFile, data []byte) (bool, []*PKIFile, *Resource, error)
- func (v *Validator) AddTAL(tal *librpki.RPKITAL) ([]*PKIFile, *Resource, error)
- func (v *Validator) GetRepositories()
- func (v *Validator) GetValidROAs()
- func (v *Validator) InvalidateObject(keyid []byte)
- func (v *Validator) ValidateCertificate(cert *librpki.RPKICertificate, trust bool) error
- func (v *Validator) ValidateROA(roa *librpki.RPKIROA) error
Constants ¶
View Source
const ( ERROR_CERTIFICATE_UNKNOWN = iota ERROR_CERTIFICATE_EXPIRATION ERROR_CERTIFICATE_PARENT ERROR_CERTIFICATE_REVOCATION ERROR_CERTIFICATE_RESOURCE ERROR_CERTIFICATE_CONFLICT ERROR_FILE ERROR_CERTIFICATE_MANIFEST ERROR_CERTIFICATE_HASH ERROR_CERTIFICATE_CRL )
View Source
const ( TYPE_UNKNOWN = iota TYPE_CER TYPE_MFT TYPE_ROA TYPE_CRL TYPE_ROACER TYPE_MFTCER TYPE_CAREPO TYPE_TAL )
Variables ¶
View Source
var ( CARepository = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 5} Manifest = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 10} TypeToName = map[int]string{ TYPE_UNKNOWN: "unknown", TYPE_CER: "certificate", TYPE_MFT: "manifest", TYPE_ROA: "roa", TYPE_CRL: "crl", TYPE_ROACER: "roa-ee", TYPE_MFTCER: "manifest-ee", TYPE_CAREPO: "ca-repo", TYPE_TAL: "tal", } )
View Source
var ( ErrorTypeToName = map[int]string{ ERROR_CERTIFICATE_UNKNOWN: "unknown", ERROR_CERTIFICATE_EXPIRATION: "expiration", ERROR_CERTIFICATE_PARENT: "parent", ERROR_CERTIFICATE_REVOCATION: "revocation", ERROR_CERTIFICATE_RESOURCE: "resource", ERROR_CERTIFICATE_CONFLICT: "conflict", ERROR_FILE: "file", ERROR_CERTIFICATE_MANIFEST: "manifest", ERROR_CERTIFICATE_HASH: "hash", ERROR_CERTIFICATE_CRL: "crl", } )
Functions ¶
func DetermineType ¶
Types ¶
type CallbackExplore ¶
type CertificateError ¶ added in v1.2.0
type CertificateError struct { EType int InnerErr error Message string Certificate *librpki.RPKICertificate Conflict *librpki.RPKICertificate Parent *librpki.RPKICertificate IPs []librpki.IPCertificateInformation ASNs []librpki.ASNCertificateInformation Stack *stack File *PKIFile SeekFile *SeekFile InnerFile *PKIFile }
func NewCertificateErrorCRLRevocation ¶ added in v1.2.0
func NewCertificateErrorCRLRevocation(cert *librpki.RPKICertificate, err error, fileCrl *PKIFile, fileAffected *PKIFile) *CertificateError
func NewCertificateErrorConflict ¶ added in v1.2.0
func NewCertificateErrorConflict(cert *librpki.RPKICertificate, conflict *librpki.RPKICertificate) *CertificateError
func NewCertificateErrorManifestRevocation ¶ added in v1.2.0
func NewCertificateErrorManifestRevocation(cert *librpki.RPKICertificate, err error, fileMft *PKIFile, fileAffected *PKIFile) *CertificateError
func NewCertificateErrorParent ¶ added in v1.2.0
func NewCertificateErrorParent(cert, parent *librpki.RPKICertificate, err error) *CertificateError
func NewCertificateErrorResource ¶ added in v1.2.0
func NewCertificateErrorResource(cert *librpki.RPKICertificate, ips []librpki.IPCertificateInformation, asns []librpki.ASNCertificateInformation) *CertificateError
func NewCertificateErrorRevocation ¶ added in v1.2.0
func NewCertificateErrorRevocation(cert *librpki.RPKICertificate) *CertificateError
func NewCertificateErrorValidity ¶ added in v1.2.0
func NewCertificateErrorValidity(cert *librpki.RPKICertificate, err error) *CertificateError
func (*CertificateError) AddFileErrorInfo ¶ added in v1.2.0
func (e *CertificateError) AddFileErrorInfo(file *PKIFile, seek *SeekFile)
func (*CertificateError) Error ¶ added in v1.2.0
func (e *CertificateError) Error() string
func (*CertificateError) SetSentryScope ¶ added in v1.2.0
func (e *CertificateError) SetSentryScope(scope *sentry.Scope)
func (*CertificateError) StackTrace ¶ added in v1.2.0
func (e *CertificateError) StackTrace() []Frame
type FileError ¶ added in v1.2.0
type FileError CertificateError
func NewFileError ¶ added in v1.2.0
func (*FileError) AddFileErrorInfo ¶ added in v1.2.0
func (*FileError) SetSentryScope ¶ added in v1.2.0
func (e *FileError) SetSentryScope(scope *sentry.Scope)
func (*FileError) StackTrace ¶ added in v1.2.0
type FileSeeker ¶
type Frame ¶ added in v1.2.0
type Frame uintptr
func StackTrace ¶ added in v1.2.0
func StackTrace(s *stack) []Frame
This function returns the Stacktrace of the error. The naming scheme corresponds to what Sentry fetches https://github.com/getsentry/sentry-go/blob/master/stacktrace.go#L49
type PKIFile ¶
type PKIFile struct { Parent *PKIFile Repo string Path string Type int Trust bool ManifestHash []byte }
func ExtractPathCert ¶
func ExtractPathCert(cert *librpki.RPKICertificate) []*PKIFile
func ExtractPathManifest ¶
func ExtractPathManifest(mft *librpki.RPKIManifest) ([]*PKIFile, error)
Returns the list of files from the Manifest
func (*PKIFile) ComputePath ¶
type Resource ¶
type Resource struct { Type int Parent *Resource File *PKIFile Resource interface{} Childs []*Resource CertTALValid bool // currently used for TALs: indicates the child is valid and does not need to be fetched again }
func ObjectToResource ¶
func ObjectToResource(data interface{}) *Resource
func (*Resource) GetIdentifier ¶
type ResourceError ¶ added in v1.2.0
type ResourceError struct { EType int InnerValidity bool InnerErr error Message string Wrapper interface{} Stack *stack File *PKIFile SeekFile *SeekFile }
func NewResourceErrorHash ¶ added in v1.2.0
func NewResourceErrorHash(hashFile, hashExpected []byte) *ResourceError
func NewResourceErrorWrap ¶ added in v1.2.0
func NewResourceErrorWrap(wrapper interface{}, err error) *ResourceError
func (*ResourceError) AddFileErrorInfo ¶ added in v1.2.0
func (e *ResourceError) AddFileErrorInfo(file *PKIFile, seek *SeekFile)
func (*ResourceError) Error ¶ added in v1.2.0
func (e *ResourceError) Error() string
func (*ResourceError) SetSentryScope ¶ added in v1.2.0
func (e *ResourceError) SetSentryScope(scope *sentry.Scope)
func (*ResourceError) StackTrace ¶ added in v1.2.0
func (e *ResourceError) StackTrace() []Frame
type SimpleManager ¶
type SimpleManager struct { PathOfResource map[*Resource]*PKIFile ResourceOfPath map[*PKIFile]*Resource ToExplore []*PKIFile FileSeeker FileSeeker Validator *Validator Explored map[string]bool ToExploreUnique map[string]bool Log Log ReportErrors bool Errors chan error StrictManifests bool StrictHash bool }
func NewSimpleManager ¶
func NewSimpleManager() *SimpleManager
func (*SimpleManager) AddInitial ¶
func (sm *SimpleManager) AddInitial(fileList []*PKIFile)
func (*SimpleManager) Close ¶ added in v1.2.0
func (sm *SimpleManager) Close()
func (*SimpleManager) Explore ¶
func (sm *SimpleManager) Explore(notMFT bool, addInvalidChilds bool) int
addInvalidChilds is a strict mode: visible at LACNIC with manifests with short expiration date. The certificate can still be valid while its discovery path will not
func (*SimpleManager) ExploreAdd ¶
func (sm *SimpleManager) ExploreAdd(file *PKIFile, data *SeekFile, addInvalidChilds bool)
func (*SimpleManager) GetNextExplore ¶
func (sm *SimpleManager) GetNextExplore() (*PKIFile, bool, error)
func (*SimpleManager) GetNextFile ¶
func (sm *SimpleManager) GetNextFile(curExplore *PKIFile) (*SeekFile, error)
func (*SimpleManager) GetNextRepository ¶
func (sm *SimpleManager) GetNextRepository(curExplore *PKIFile, callback CallbackExplore) error
func (*SimpleManager) HasMore ¶
func (sm *SimpleManager) HasMore() bool
func (*SimpleManager) InvalidateCRLParent ¶ added in v1.2.0
func (sm *SimpleManager) InvalidateCRLParent(file *PKIFile, crlError error)
func (*SimpleManager) InvalidateManifestParent ¶ added in v1.2.0
func (sm *SimpleManager) InvalidateManifestParent(file *PKIFile, mftError error)
Given a file, invalidates the certificate parent of the Manifest in which the file is listed in
func (*SimpleManager) PutFiles ¶
func (sm *SimpleManager) PutFiles(fileList []*PKIFile)
type Validator ¶
type Validator struct { TALs map[string]*Resource // Key by SubjectKeyIdentifier ValidObjects map[string]*Resource Objects map[string]*Resource // Key by path ObjectsPath map[string]*Resource CertsSerial map[string]*Resource Revoked map[string]bool // Key by parent certificate ValidCRL map[string]*Resource CRL map[string]*Resource // Key by parent certificate ValidROA map[string]*Resource // Make sure EE certificates are unique for a ROA ROA map[string]*Resource // Key by parent certificate ValidManifest map[string]*Resource // Make sure EE certificates are unique for a ROA Manifest map[string]*Resource DecoderConfig *librpki.DecoderConfig Time time.Time }
func NewValidator ¶
func NewValidator() *Validator
func (*Validator) AddManifest ¶
func (*Validator) AddResource ¶
func (*Validator) GetRepositories ¶
func (v *Validator) GetRepositories()
func (*Validator) GetValidROAs ¶
func (v *Validator) GetValidROAs()
func (*Validator) InvalidateObject ¶
func (*Validator) ValidateCertificate ¶
func (v *Validator) ValidateCertificate(cert *librpki.RPKICertificate, trust bool) error
Click to show internal directories.
Click to hide internal directories.