Documentation
¶
Index ¶
- func NewChainValidator(trustedRoots *x509util.PEMCertPool, rejectExpired, rejectUnexpired bool, ...) chainValidator
- func NewCpSigner(cs crypto.Signer, origin string, timeSource TimeSource) (note.Signer, error)
- func NewLog(ctx context.Context, origin string, signer crypto.Signer, cv ChainValidator, ...) (*log, error)
- func NewPathHandlers(ctx context.Context, opts *HandlerOptions, log *log) pathHandlers
- func ParseExtKeyUsages(kus []string) ([]x509.ExtKeyUsage, error)
- func ParseOIDs(oids []string) ([]asn1.ObjectIdentifier, error)
- type ChainValidator
- type DefaultRequestLog
- type HandlerOptions
- type Storage
- type TimeSource
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewChainValidator ¶
func NewChainValidator(trustedRoots *x509util.PEMCertPool, rejectExpired, rejectUnexpired bool, notAfterStart, notAfterLimit *time.Time, extKeyUsages []x509.ExtKeyUsage, rejectExtIds []asn1.ObjectIdentifier) chainValidator
func NewCpSigner ¶
NewCpSigner returns a new note signer that can sign https://c2sp.org/static-ct-api checkpoints. TODO(phboneff): add tests
func NewLog ¶
func NewLog(ctx context.Context, origin string, signer crypto.Signer, cv ChainValidator, cs storage.CreateStorage, ts TimeSource) (*log, error)
NewLog instantiates a new log instance, with write endpoints. It initiates:
- checkpoint signer
- SCT signer
- storage, used to persist chains
func NewPathHandlers ¶
func NewPathHandlers(ctx context.Context, opts *HandlerOptions, log *log) pathHandlers
func ParseExtKeyUsages ¶
func ParseExtKeyUsages(kus []string) ([]x509.ExtKeyUsage, error)
ParseExtKeyUsages parses strings into x509ExtKeyUsage. Throws an error if the string does not match with a known key usage.
Types ¶
type ChainValidator ¶
type ChainValidator interface {
Validate(req rfc6962.AddChainRequest, expectingPrecert bool) ([]*x509.Certificate, error)
Roots() []*x509.Certificate
}
ChainValidator provides functions to validate incoming chains.
type DefaultRequestLog ¶
type DefaultRequestLog struct {
}
DefaultRequestLog is an implementation of RequestLog that does nothing except log the calls at a high level of verbosity.
type HandlerOptions ¶
type HandlerOptions struct {
// Deadline is a timeout for HTTP requests.
Deadline time.Duration
// RequestLog provides structured logging of CTFE requests.
RequestLog requestLog
// MaskInternalErrors indicates if internal server errors should be masked
// or returned to the user containing the full error message.
MaskInternalErrors bool
// TimeSource indicated the system time and can be injfected for testing.
TimeSource TimeSource
}
HandlerOptions describes log handlers options.
type Storage ¶
type Storage interface {
// Add assigns an index to the provided Entry, stages the entry for integration, and returns a future for the assigned index.
Add(context.Context, *ctonly.Entry) tessera.IndexFuture
// AddIssuerChain stores every the chain certificate in a content-addressable store under their sha256 hash.
AddIssuerChain(context.Context, []*x509.Certificate) error
// AddCertDedupInfo stores the SCTDedupInfo of certificate in a log under its hash.
AddCertDedupInfo(context.Context, *x509.Certificate, dedup.SCTDedupInfo) error
// GetCertDedupInfo gets the SCTDedupInfo of certificate in a log from its hash.
GetCertDedupInfo(context.Context, *x509.Certificate) (dedup.SCTDedupInfo, bool, error)
}
Storage provides functions to store certificates in a static-ct-api log.
type TimeSource ¶
type TimeSource interface {
// Now returns the current time in real implementations or a suitable value in others
Now() time.Time
}
TimeSource can provide the current time, or be replaced by a mock in tests to return specific values.
Source Files