Documentation ¶
Overview ¶
Package monitor provides the mechanisms used to monitor a single CT log. This includes fetching the log STH periodically as well as issuing certificates and submitting them to the log periodically.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FetcherOptions ¶
type FetcherOptions struct { // Interval describes the duration that the monitor will sleep between // fetching the STH. Interval time.Duration // Timeout is the STH fetch timeout. Timeout time.Duration }
FetcherOptions is a struct holding options for STH fetching.
func (FetcherOptions) Valid ¶
func (o FetcherOptions) Valid() error
Valid checks that the FetcherOptions interval is positive.
type InclusionOptions ¶
type Monitor ¶
type Monitor struct {
// contains filtered or unexported fields
}
Monitor is a struct for monitoring a CT log. It may fetch the log's STH periodically or submit certs periodically or both depending on whether fetcher and submitter are not nil.
func New ¶
New creates a Monitor for the given options. The monitor will not be started until Run() is called.
func (*Monitor) CertSubmitter ¶
CertSubmitter returns true if the monitor is configured to submit certificates or precertificates to the monitored log periodically.
func (*Monitor) Run ¶
func (m *Monitor) Run()
Run starts the log monitoring process by starting the log's STH fetcher, the cert submitter, and the inclusion checker.
func (*Monitor) STHFetcher ¶
STHFetcher returns true if the monitor is configured to fetch the monitor log's STH periodically.
type MonitorOptions ¶
type MonitorOptions struct { // LogURI is the URI of the log to be monitored LogURI string // LogKey is the BASE64 encoded DER of the log's public key (No PEM header/footer). LogKey string // MaximumMergeDelay is the fixed amount of time (expressed in seconds) that // the log commits to incorporating a certificate within after returning an // SCT. MaximumMergeDelay int DBURI string // FetchOpts holds the FetcherOptions for fetching the log STH periodically. // It may be nil if no STH fetching is to be performed. FetchOpts *FetcherOptions // SubmitOpts holds the optional SubmitterOptions for submitting certificates // to the log periodically. It may be nil if no certificate submission is to // be performed. SubmitOpts *SubmitterOptions // InclusionOpts holds the optional InclusionOptions for checking submitted // certificates for inclusion in the log. It may be nil if no certificate // inclusion checks are to be performed. InclusionOpts *InclusionOptions }
MonitorOptions is a struct for holding monitor configuration options
func (MonitorOptions) Valid ¶
func (conf MonitorOptions) Valid() error
Valid enforces that a MonitorOptions instance is valid. There must be a non-empty LogURI and LogKey. One of FetchOpts or SubmitOpts must not be non-nil and valid.
type SubmitterOptions ¶
type SubmitterOptions struct { // Interval describes the duration that the monitor will sleep between // submitting certificates to the monitored log. Interval time.Duration // Timeout describes the timeout used for submitting precerts/certs to the // monitored log. Timeout time.Duration // IssuerKey is the ECDSA private key used to sign issued certificates IssuerKey *ecdsa.PrivateKey // IssuerCert is the issuer certificate used to issue certificates submitted // to the monitored log. Its public key must correspond to the private key in // IssuerKey IssuerCert *x509.Certificate // SubmitPreCert controls whether or not precertificates are submitted SubmitPreCert bool // SubmitCert controls whether or not final certificates are submitted SubmitCert bool // ResubmitIncluded controls whether or not already included duplicate // certificates are submitted ResubmitIncluded bool // If WindowStart or WindowEnd are not nil submitted certificate validity will // be constrained within the provided window. WindowStart *time.Time WindowEnd *time.Time }
SubmitterOptions is a struct holding options related to issuing and submitting certificates to the monitored log periodically.
func (SubmitterOptions) Valid ¶
func (o SubmitterOptions) Valid() error
Valid checks that the SubmitterOptions has a valid positive interval and that the IssuerKey and IssuerCert are not nil.