Documentation ¶
Index ¶
- Constants
- func GetFullChain(entry *ct.LogEntry) [][]byte
- func IsPrecert(entry *ct.LogEntry) bool
- func MarshalRDNSequence(rdns RDNSequence) ([]byte, error)
- func MatchesWildcard(dnsName string, pattern string) bool
- func ReadSTHFile(path string) (*ct.SignedTreeHead, error)
- func VerifyConsistencyProof(proof ct.ConsistencyProof, first *ct.SignedTreeHead, second *ct.SignedTreeHead) bool
- func VerifyPrecertSCT(sct *ct.SignedCertificateTimestamp, precert ct.PreCert, ...) error
- func VerifyX509SCT(sct *ct.SignedCertificateTimestamp, cert []byte, verify *ct.SignatureVerifier) error
- func WriteProofFile(path string, proof ct.ConsistencyProof) error
- func WriteSTHFile(path string, sth *ct.SignedTreeHead) error
- type AttributeTypeAndValue
- type CertInfo
- type CertValidity
- type Certificate
- type CollapsedMerkleTree
- func (tree *CollapsedMerkleTree) Add(hash ct.MerkleTreeNode)
- func (tree *CollapsedMerkleTree) CalculateRoot() ct.MerkleTreeNode
- func (tree *CollapsedMerkleTree) GetSize() uint64
- func (tree *CollapsedMerkleTree) MarshalJSON() ([]byte, error)
- func (tree *CollapsedMerkleTree) UnmarshalJSON(b []byte) error
- type EntryInfo
- type Extension
- type Identifiers
- type PrecertInfo
- type ProcessCallback
- type RDNSequence
- type RelativeDistinguishedNameSET
- type Scanner
- func (s *Scanner) CheckConsistency(first *ct.SignedTreeHead, second *ct.SignedTreeHead) (bool, error)
- func (s *Scanner) GetSTH() (*ct.SignedTreeHead, error)
- func (s Scanner) Log(msg string)
- func (s *Scanner) MakeCollapsedMerkleTree(sth *ct.SignedTreeHead) (*CollapsedMerkleTree, error)
- func (s *Scanner) Scan(startIndex int64, endIndex int64, processCert ProcessCallback, ...) error
- func (s Scanner) Warn(msg string)
- type ScannerOptions
- type SubjectAltName
- type TBSCertificate
- func (tbs *TBSCertificate) GetExtension(id asn1.ObjectIdentifier) []Extension
- func (tbs *TBSCertificate) GetRawIssuer() []byte
- func (tbs *TBSCertificate) GetRawPublicKey() []byte
- func (tbs *TBSCertificate) GetRawSubject() []byte
- func (tbs *TBSCertificate) ParseBasicConstraints() (*bool, error)
- func (tbs *TBSCertificate) ParseIssuer() (RDNSequence, error)
- func (tbs *TBSCertificate) ParseSerialNumber() (*big.Int, error)
- func (tbs *TBSCertificate) ParseSubject() (RDNSequence, error)
- func (tbs *TBSCertificate) ParseSubjectAltNames() ([]SubjectAltName, error)
- func (tbs *TBSCertificate) ParseSubjectCommonNames() ([]string, error)
- func (tbs *TBSCertificate) ParseValidity() (*CertValidity, error)
Constants ¶
View Source
const ( FETCH_RETRIES = 10 FETCH_RETRY_WAIT = 1 )
View Source
const UnparsableDNSLabelPlaceholder = "<unparsable>"
Variables ¶
This section is empty.
Functions ¶
func GetFullChain ¶
func MarshalRDNSequence ¶
func MarshalRDNSequence(rdns RDNSequence) ([]byte, error)
func MatchesWildcard ¶
func ReadSTHFile ¶
func ReadSTHFile(path string) (*ct.SignedTreeHead, error)
func VerifyConsistencyProof ¶
func VerifyConsistencyProof(proof ct.ConsistencyProof, first *ct.SignedTreeHead, second *ct.SignedTreeHead) bool
func VerifyPrecertSCT ¶
func VerifyPrecertSCT(sct *ct.SignedCertificateTimestamp, precert ct.PreCert, verify *ct.SignatureVerifier) error
func VerifyX509SCT ¶
func VerifyX509SCT(sct *ct.SignedCertificateTimestamp, cert []byte, verify *ct.SignatureVerifier) error
func WriteProofFile ¶
func WriteProofFile(path string, proof ct.ConsistencyProof) error
func WriteSTHFile ¶
func WriteSTHFile(path string, sth *ct.SignedTreeHead) error
Types ¶
type AttributeTypeAndValue ¶
type AttributeTypeAndValue struct { Type asn1.ObjectIdentifier Value asn1.RawValue }
type CertInfo ¶
type CertInfo struct { TBS *TBSCertificate Subject RDNSequence SubjectParseError error Issuer RDNSequence IssuerParseError error SANs []SubjectAltName SANsParseError error SerialNumber *big.Int SerialNumberParseError error Validity *CertValidity ValidityParseError error IsCA *bool IsCAParseError error }
func MakeCertInfoFromRawCert ¶
func MakeCertInfoFromRawTBS ¶
func MakeCertInfoFromTBS ¶
func MakeCertInfoFromTBS(tbs *TBSCertificate) *CertInfo
func (*CertInfo) ParseIdentifiers ¶
func (cert *CertInfo) ParseIdentifiers() (*Identifiers, error)
func (*CertInfo) PubkeyHash ¶
func (*CertInfo) PubkeyHashBytes ¶
type Certificate ¶
type Certificate struct { Raw asn1.RawContent TBSCertificate asn1.RawValue SignatureAlgorithm asn1.RawValue SignatureValue asn1.RawValue }
func ParseCertificate ¶
func ParseCertificate(certBytes []byte) (*Certificate, error)
func (*Certificate) GetRawTBSCertificate ¶
func (cert *Certificate) GetRawTBSCertificate() []byte
func (*Certificate) ParseSignatureAlgorithm ¶
func (cert *Certificate) ParseSignatureAlgorithm() (*pkix.AlgorithmIdentifier, error)
func (*Certificate) ParseSignatureValue ¶
func (cert *Certificate) ParseSignatureValue() ([]byte, error)
func (*Certificate) ParseTBSCertificate ¶
func (cert *Certificate) ParseTBSCertificate() (*TBSCertificate, error)
type CollapsedMerkleTree ¶
type CollapsedMerkleTree struct {
// contains filtered or unexported fields
}
func CloneCollapsedMerkleTree ¶
func CloneCollapsedMerkleTree(source *CollapsedMerkleTree) *CollapsedMerkleTree
func EmptyCollapsedMerkleTree ¶
func EmptyCollapsedMerkleTree() *CollapsedMerkleTree
func NewCollapsedMerkleTree ¶
func NewCollapsedMerkleTree(nodes []ct.MerkleTreeNode, size uint64) (*CollapsedMerkleTree, error)
func (*CollapsedMerkleTree) Add ¶
func (tree *CollapsedMerkleTree) Add(hash ct.MerkleTreeNode)
func (*CollapsedMerkleTree) CalculateRoot ¶
func (tree *CollapsedMerkleTree) CalculateRoot() ct.MerkleTreeNode
func (*CollapsedMerkleTree) GetSize ¶
func (tree *CollapsedMerkleTree) GetSize() uint64
func (*CollapsedMerkleTree) MarshalJSON ¶
func (tree *CollapsedMerkleTree) MarshalJSON() ([]byte, error)
func (*CollapsedMerkleTree) UnmarshalJSON ¶
func (tree *CollapsedMerkleTree) UnmarshalJSON(b []byte) error
type EntryInfo ¶
type EntryInfo struct { LogUri string Entry *ct.LogEntry IsPrecert bool FullChain [][]byte // first entry is logged X509 cert or pre-cert CertInfo *CertInfo ParseError error // set iff CertInfo is nil Identifiers *Identifiers IdentifiersParseError error Filename string Bygone bool }
func (*EntryInfo) Fingerprint ¶
func (*EntryInfo) FingerprintBytes ¶
func (*EntryInfo) HasParseErrors ¶
func (*EntryInfo) InvokeHookScript ¶
type Extension ¶
type Extension struct { Id asn1.ObjectIdentifier Critical bool `asn1:"optional"` Value []byte }
type Identifiers ¶
type Identifiers struct { DNSNames []string // stored as ASCII, with IDNs in Punycode IPAddrs []net.IP }
func NewIdentifiers ¶
func NewIdentifiers() *Identifiers
func (*Identifiers) AddCN ¶
func (ids *Identifiers) AddCN(value string)
func (*Identifiers) AddDnsSAN ¶
func (ids *Identifiers) AddDnsSAN(value []byte)
func (*Identifiers) AddIPAddress ¶
func (ids *Identifiers) AddIPAddress(value net.IP)
type PrecertInfo ¶
type PrecertInfo struct { SameIssuer bool // The pre-certificate was issued from the same CA as the final certificate Issuer []byte // The pre-certificate's issuer, if different from the final certificate AKI []byte // The pre-certificate's AKI, if present and different from the final certificate }
func ValidatePrecert ¶
func ValidatePrecert(precertBytes []byte, tbsBytes []byte) (*PrecertInfo, error)
type ProcessCallback ¶
type RDNSequence ¶
type RDNSequence []RelativeDistinguishedNameSET
func CanonicalizeRDNSequence ¶
func CanonicalizeRDNSequence(oldSequence RDNSequence) (RDNSequence, error)
func ParseRDNSequence ¶
func ParseRDNSequence(rdnsBytes []byte) (RDNSequence, error)
func (RDNSequence) ParseCNs ¶
func (rdns RDNSequence) ParseCNs() ([]string, error)
func (RDNSequence) String ¶
func (rdns RDNSequence) String() string
type RelativeDistinguishedNameSET ¶
type RelativeDistinguishedNameSET []AttributeTypeAndValue
type Scanner ¶
type Scanner struct { // Base URI of CT log LogUri string LogId ct.SHA256Hash // contains filtered or unexported fields }
Scanner is a tool to scan all the entries in a CT Log.
func NewScanner ¶
func NewScanner(logUri string, logId ct.SHA256Hash, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner
Creates a new Scanner instance using |client| to talk to the log, and taking configuration options from |opts|.
func (*Scanner) CheckConsistency ¶
func (s *Scanner) CheckConsistency(first *ct.SignedTreeHead, second *ct.SignedTreeHead) (bool, error)
func (*Scanner) MakeCollapsedMerkleTree ¶
func (s *Scanner) MakeCollapsedMerkleTree(sth *ct.SignedTreeHead) (*CollapsedMerkleTree, error)
func (*Scanner) Scan ¶
func (s *Scanner) Scan(startIndex int64, endIndex int64, processCert ProcessCallback, tree *CollapsedMerkleTree) error
type ScannerOptions ¶
type ScannerOptions struct { // Number of entries to request in one batch from the Log BatchSize int // Number of concurrent proecssors to run NumWorkers int // Don't print any status messages to stdout Quiet bool }
ScannerOptions holds configuration options for the Scanner
func DefaultScannerOptions ¶
func DefaultScannerOptions() *ScannerOptions
Creates a new ScannerOptions struct with sensible defaults
type SubjectAltName ¶
func (SubjectAltName) String ¶
func (san SubjectAltName) String() string
type TBSCertificate ¶
type TBSCertificate struct { Raw asn1.RawContent Version int `asn1:"optional,explicit,default:1,tag:0"` SerialNumber asn1.RawValue SignatureAlgorithm asn1.RawValue Issuer asn1.RawValue Validity asn1.RawValue Subject asn1.RawValue PublicKey asn1.RawValue UniqueId asn1.BitString `asn1:"optional,tag:1"` SubjectUniqueId asn1.BitString `asn1:"optional,tag:2"` Extensions []Extension `asn1:"optional,explicit,tag:3"` }
func ParseTBSCertificate ¶
func ParseTBSCertificate(tbsBytes []byte) (*TBSCertificate, error)
func ReconstructPrecertTBS ¶
func ReconstructPrecertTBS(tbs *TBSCertificate) (*TBSCertificate, error)
func (*TBSCertificate) GetExtension ¶
func (tbs *TBSCertificate) GetExtension(id asn1.ObjectIdentifier) []Extension
func (*TBSCertificate) GetRawIssuer ¶
func (tbs *TBSCertificate) GetRawIssuer() []byte
func (*TBSCertificate) GetRawPublicKey ¶
func (tbs *TBSCertificate) GetRawPublicKey() []byte
func (*TBSCertificate) GetRawSubject ¶
func (tbs *TBSCertificate) GetRawSubject() []byte
func (*TBSCertificate) ParseBasicConstraints ¶
func (tbs *TBSCertificate) ParseBasicConstraints() (*bool, error)
func (*TBSCertificate) ParseIssuer ¶
func (tbs *TBSCertificate) ParseIssuer() (RDNSequence, error)
func (*TBSCertificate) ParseSerialNumber ¶
func (tbs *TBSCertificate) ParseSerialNumber() (*big.Int, error)
func (*TBSCertificate) ParseSubject ¶
func (tbs *TBSCertificate) ParseSubject() (RDNSequence, error)
func (*TBSCertificate) ParseSubjectAltNames ¶
func (tbs *TBSCertificate) ParseSubjectAltNames() ([]SubjectAltName, error)
func (*TBSCertificate) ParseSubjectCommonNames ¶
func (tbs *TBSCertificate) ParseSubjectCommonNames() ([]string, error)
func (*TBSCertificate) ParseValidity ¶
func (tbs *TBSCertificate) ParseValidity() (*CertValidity, error)
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
client
Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances.
|
Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. |
Click to show internal directories.
Click to hide internal directories.