func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, error)
TemporalLogConfigFromFile creates a TemporalLogConfig object from the given filename, which should contain text-protobuf encoded configuration data.
AddLogClient is an interface that allows adding certificates and pre-certificates to a log. Both LogClient and TemporalLogClient implement this interface, which allows users to commonize code for adding certs to normal/temporal logs.
type AddLogClient interface {
AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
}
CheckLogClient is an interface that allows (just) checking of various log contents.
type CheckLogClient interface {
BaseURI() string
GetSTH(context.Context) (*ct.SignedTreeHead, error)
GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)
GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)
}
LogClient represents a client for a given CT Log instance
type LogClient struct {
jsonclient.JSONClient
}
func New(uri string, hc *http.Client, opts jsonclient.Options) (*LogClient, error)
New constructs a new LogClient instance. |uri| is the base URI of the CT log instance to interact with, e.g. https://ct.googleapis.com/pilot |hc| is the underlying client to be used for HTTP requests to the CT log. |opts| can be used to provide a custom logger interface and a public key for signature verification.
func (c *LogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddChain adds the (DER represented) X509 |chain| to the log.
func (c *LogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddPreChain adds the (DER represented) Precertificate |chain| to the log.
func (c *LogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
GetAcceptedRoots retrieves the set of acceptable root certificates for a log.
func (c *LogClient) GetEntries(ctx context.Context, start, end int64) ([]ct.LogEntry, error)
GetEntries attempts to retrieve the entries in the sequence [start, end] from the CT log server (RFC6962 s4.6) as parsed [pre-]certificates for convenience, held in a slice of ct.LogEntry structures. However, this does mean that any certificate parsing failures will cause a failure of the whole retrieval operation; for more robust retrieval of parsed certificates, use GetRawEntries() and invoke ct.LogEntryFromLeaf() on each individual entry.
func (c *LogClient) GetEntryAndProof(ctx context.Context, index, treeSize uint64) (*ct.GetEntryAndProofResponse, error)
GetEntryAndProof returns a log entry and audit path for the index of a leaf.
func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize uint64) (*ct.GetProofByHashResponse, error)
GetProofByHash returns an audit path for the hash of an SCT.
func (c *LogClient) GetRawEntries(ctx context.Context, start, end int64) (*ct.GetEntriesResponse, error)
GetRawEntries exposes the /ct/v1/get-entries result with only the JSON parsing done.
func (c *LogClient) GetSTH(ctx context.Context) (*ct.SignedTreeHead, error)
GetSTH retrieves the current STH from the log. Returns a populated SignedTreeHead, or a non-nil error (which may be of type RspError if a raw http.Response is available).
func (c *LogClient) GetSTHConsistency(ctx context.Context, first, second uint64) ([][]byte, error)
GetSTHConsistency retrieves the consistency proof between two snapshots.
func (c *LogClient) VerifySCTSignature(sct ct.SignedCertificateTimestamp, ctype ct.LogEntryType, certData []ct.ASN1Cert) error
VerifySCTSignature checks the signature in sct for the given LogEntryType, with associated certificate chain.
func (c *LogClient) VerifySTHSignature(sth ct.SignedTreeHead) error
VerifySTHSignature checks the signature in sth, returning any error encountered or nil if verification is successful.
RspError represents a server error including HTTP information.
type RspError = jsonclient.RspError
TemporalLogClient allows [pre-]certificates to be uploaded to a temporal log.
type TemporalLogClient struct {
Clients []*LogClient
// contains filtered or unexported fields
}
func NewTemporalLogClient(cfg *configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error)
NewTemporalLogClient builds a new client for interacting with a temporal log. The provided config should be contiguous and chronological.
func (tlc *TemporalLogClient) AddChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddChain adds the (DER represented) X509 chain to the appropriate log.
func (tlc *TemporalLogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.SignedCertificateTimestamp, error)
AddPreChain adds the (DER represented) Precertificate chain to the appropriate log.
func (tlc *TemporalLogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
GetAcceptedRoots retrieves the set of acceptable root certificates for all of the shards of a temporal log (i.e. the union).
func (tlc *TemporalLogClient) IndexByDate(when time.Time) (int, error)
IndexByDate returns the index of the Clients entry that is appropriate for the given date.