client

package

v1.1.8 Latest Latest Go to latest Published: Mar 11, 2024 License: Apache-2.0 Imports: 16 Imported by: 293

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/certificate-transparency-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. See http://tools.ietf.org/html/rfc6962 for details

Index ¶

func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, error)
type AddLogClient
type CheckLogClient
type LogClient
- func New(uri string, hc *http.Client, opts jsonclient.Options) (*LogClient, error)
type RspError
type TemporalLogClient
- func NewTemporalLogClient(cfg *configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func TemporalLogConfigFromFile ¶

func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, error)

TemporalLogConfigFromFile creates a TemporalLogConfig object from the given filename, which should contain text-protobuf encoded configuration data.

Types ¶

type AddLogClient ¶

type AddLogClient interface {
	AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
	AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
	GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
}

AddLogClient is an interface that allows adding certificates and pre-certificates to a log. Both LogClient and TemporalLogClient implement this interface, which allows users to commonize code for adding certs to normal/temporal logs.

type CheckLogClient ¶ added in v1.0.12

type CheckLogClient interface {
	BaseURI() string
	GetSTH(context.Context) (*ct.SignedTreeHead, error)
	GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)
	GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)
}

CheckLogClient is an interface that allows (just) checking of various log contents.

type LogClient ¶

type LogClient struct {
	jsonclient.JSONClient
}

LogClient represents a client for a given CT Log instance

func New ¶

func New(uri string, hc *http.Client, opts jsonclient.Options) (*LogClient, error)

New constructs a new LogClient instance. |uri| is the base URI of the CT log instance to interact with, e.g. https://ct.googleapis.com/pilot |hc| is the underlying client to be used for HTTP requests to the CT log. |opts| can be used to provide a custom logger interface and a public key for signature verification.

func (*LogClient) AddChain ¶

func (c *LogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddChain adds the (DER represented) X509 |chain| to the log.

func (*LogClient) AddPreChain ¶

func (c *LogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddPreChain adds the (DER represented) Precertificate |chain| to the log.

func (*LogClient) GetAcceptedRoots ¶

func (c *LogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)

GetAcceptedRoots retrieves the set of acceptable root certificates for a log.

func (*LogClient) GetEntries ¶

func (c *LogClient) GetEntries(ctx context.Context, start, end int64) ([]ct.LogEntry, error)

GetEntries attempts to retrieve the entries in the sequence [start, end] from the CT log server (RFC6962 s4.6) as parsed [pre-]certificates for convenience, held in a slice of ct.LogEntry structures. However, this does mean that any certificate parsing failures will cause a failure of the whole retrieval operation; for more robust retrieval of parsed certificates, use GetRawEntries() and invoke ct.LogEntryFromLeaf() on each individual entry.

func (*LogClient) GetEntryAndProof ¶ added in v1.0.18

func (c *LogClient) GetEntryAndProof(ctx context.Context, index, treeSize uint64) (*ct.GetEntryAndProofResponse, error)

GetEntryAndProof returns a log entry and audit path for the index of a leaf.

func (*LogClient) GetProofByHash ¶

func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)

GetProofByHash returns an audit path for the hash of an SCT.

func (*LogClient) GetRawEntries ¶

func (c *LogClient) GetRawEntries(ctx context.Context, start, end int64) (*ct.GetEntriesResponse, error)

GetRawEntries exposes the /ct/v1/get-entries result with only the JSON parsing done.

func (*LogClient) GetSTH ¶

func (c *LogClient) GetSTH(ctx context.Context) (*ct.SignedTreeHead, error)

GetSTH retrieves the current STH from the log. Returns a populated SignedTreeHead, or a non-nil error (which may be of type RspError if a raw http.Response is available).

func (*LogClient) GetSTHConsistency ¶

func (c *LogClient) GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)

GetSTHConsistency retrieves the consistency proof between two snapshots.

func (*LogClient) VerifySCTSignature ¶

func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype ct.LogEntryType, certData []ct.ASN1Cert) error

VerifySCTSignature checks the signature in sct for the given LogEntryType, with associated certificate chain.

func (*LogClient) VerifySTHSignature ¶

func (c *LogClient) VerifySTHSignature(sth ct.SignedTreeHead) error

VerifySTHSignature checks the signature in sth, returning any error encountered or nil if verification is successful.

type RspError ¶

type RspError = jsonclient.RspError

RspError represents a server error including HTTP information.

type TemporalLogClient ¶

type TemporalLogClient struct {
	Clients []*LogClient
	// contains filtered or unexported fields
}

TemporalLogClient allows [pre-]certificates to be uploaded to a temporal log.

func NewTemporalLogClient ¶

func NewTemporalLogClient(cfg *configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error)

NewTemporalLogClient builds a new client for interacting with a temporal log. The provided config should be contiguous and chronological.

func (*TemporalLogClient) AddChain ¶

func (tlc *TemporalLogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddChain adds the (DER represented) X509 chain to the appropriate log.

func (*TemporalLogClient) AddPreChain ¶

func (tlc *TemporalLogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)

AddPreChain adds the (DER represented) Precertificate chain to the appropriate log.

func (*TemporalLogClient) GetAcceptedRoots ¶

func (tlc *TemporalLogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)

GetAcceptedRoots retrieves the set of acceptable root certificates for all of the shards of a temporal log (i.e. the union).

func (*TemporalLogClient) IndexByDate ¶

func (tlc *TemporalLogClient) IndexByDate(when time.Time) (int, error)

IndexByDate returns the index of the Clients entry that is appropriate for the given date.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
configpb
ctclient ctclient is a command-line utility for interacting with CT logs.	ctclient is a command-line utility for interacting with CT logs.
cmd Package cmd implements subcommands of ctclient, the command-line utility for interacting with CT logs.	Package cmd implements subcommands of ctclient, the command-line utility for interacting with CT logs.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL