▽

Package ctpolicy

Constants

const (
    // BaseName is name for the group covering all logs.
    BaseName = "All-logs"
)

func GroupByLogs ¶

func GroupByLogs(lg LogPolicyData) map[string]GroupSet

GroupByLogs reverses match-map between Logs and Groups. Returns map from log-URLs to set of Group-names that contain the log.

type AppleCTPolicy ¶

AppleCTPolicy implements logic for complying with Apple's CT log policy.

type AppleCTPolicy struct{}

func (AppleCTPolicy) LogsByGroup ¶

func (appleP AppleCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)

LogsByGroup describes submission requirements for embedded SCTs according to https://support.apple.com/en-us/HT205280. Returns an error if it's not possible to satisfy the policy with the provided loglist.

func (AppleCTPolicy) Name ¶

func (appleP AppleCTPolicy) Name() string

Name returns label for the submission policy.

type CTPolicy ¶

CTPolicy interface describes requirements determined for logs in terms of per-group-submit.

type CTPolicy interface {
    // LogsByGroup provides info on Log-grouping. Returns an error if it's not
    // possible to satisfy the policy with the provided loglist.
    LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)
    Name() string
}

type ChromeCTPolicy ¶

ChromeCTPolicy implements logic for complying with Chrome's CT log policy

type ChromeCTPolicy struct {
}

func (ChromeCTPolicy) LogsByGroup ¶

func (chromeP ChromeCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)

LogsByGroup describes submission requirements for embedded SCTs according to https://github.com/chromium/ct-policy/blob/master/ct_policy.md#qualifying-certificate. Returns an error if it's not possible to satisfy the policy with the provided loglist.

func (ChromeCTPolicy) Name ¶

func (chromeP ChromeCTPolicy) Name() string

Name returns label for the submission policy.

type GroupSet ¶

GroupSet is set of Log-group names.

type GroupSet map[string]bool

type LogGroupInfo ¶

LogGroupInfo holds information on a single group of logs specified by Policy.

type LogGroupInfo struct {
    Name          string
    LogURLs       map[string]bool    // set of members
    MinInclusions int                // Required number of submissions.
    IsBase        bool               // True only for Log-group covering all logs.
    LogWeights    map[string]float32 // weights used for submission, default weight is 1
    // contains filtered or unexported fields
}

func BaseGroupFor ¶

func BaseGroupFor(approved *loglist3.LogList, incCount int) (*LogGroupInfo, error)

BaseGroupFor creates and propagates all-log group.

func (*LogGroupInfo) GetSubmissionSession ¶

func (group *LogGroupInfo) GetSubmissionSession() []string

GetSubmissionSession produces list of log-URLs of the Log-group. Order of the list is weighted random defined by Log-weights within the group

func (*LogGroupInfo) SetLogWeight ¶

func (group *LogGroupInfo) SetLogWeight(logURL string, w float32) error

SetLogWeight tries setting the weight for a single Log of the Log-group. Does not reset the weight and returns error if weight is non-positive and its setting will result in inability to reach minimal inclusion number.

func (*LogGroupInfo) SetLogWeights ¶

func (group *LogGroupInfo) SetLogWeights(weights map[string]float32) error

SetLogWeights applies suggested weights to the Log-group. Does not reset weights and returns error when there are not enough positive weights provided to reach minimal inclusion number.

type LogPolicyData ¶

LogPolicyData contains info on log-partition and submission requirements for a single cert. Key always matches value Name field.

type LogPolicyData map[string]*LogGroupInfo

func (LogPolicyData) TotalLogs ¶

func (groups LogPolicyData) TotalLogs() int

TotalLogs returns number of logs within set of Log-groups. Taking possible intersection into account.