var File_trillian_ctfe_configpb_config_proto protoreflect.FileDescriptor
type LogBackend struct {
// name defines the name of the log backend for use in LogConfig messages and must be unique.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// backend_spec defines the RPC endpoint that clients should use to send requests
// to this log backend. These should be in the same format as rpcBackendFlag in the
// CTFE main and must not be an empty string.
BackendSpec string `protobuf:"bytes,2,opt,name=backend_spec,json=backendSpec,proto3" json:"backend_spec,omitempty"`
// contains filtered or unexported fields
}
func (*LogBackend) Descriptor() ([]byte, []int)
Deprecated: Use LogBackend.ProtoReflect.Descriptor instead.
func (x *LogBackend) GetBackendSpec() string
func (x *LogBackend) GetName() string
func (*LogBackend) ProtoMessage()
func (x *LogBackend) ProtoReflect() protoreflect.Message
func (x *LogBackend) Reset()
func (x *LogBackend) String() string
LogBackendSet supports a configuration where a single set of frontends handle requests for multiple backends. For example this could be used to run different backends in different geographic regions.
type LogBackendSet struct {
Backend []*LogBackend `protobuf:"bytes,1,rep,name=backend,proto3" json:"backend,omitempty"`
// contains filtered or unexported fields
}
func (*LogBackendSet) Descriptor() ([]byte, []int)
Deprecated: Use LogBackendSet.ProtoReflect.Descriptor instead.
func (x *LogBackendSet) GetBackend() []*LogBackend
func (*LogBackendSet) ProtoMessage()
func (x *LogBackendSet) ProtoReflect() protoreflect.Message
func (x *LogBackendSet) Reset()
func (x *LogBackendSet) String() string
LogConfig describes the configuration options for a log instance.
NEXT_ID: 20
type LogConfig struct {
// The ID of a Trillian tree that stores the log data. The tree type must be
// LOG for regular CT logs. For mirror logs it must be either PREORDERED_LOG
// or LOG, and can change at runtime. CTFE in mirror mode uses only read API
// which is common for both types.
LogId int64 `protobuf:"varint,1,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
// prefix is the name of the log. It will come after the global or
// override handler prefix. For example if the handler prefix is "/logs"
// and prefix is "vogon" the get-sth handler for this log will be
// available at "/logs/vogon/ct/v1/get-sth". The prefix cannot be empty
// and must not include "/" path separator characters.
Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
// override_handler_prefix if set to a non empty value overrides the global
// handler prefix for an individual log. For example this field is set to
// "/otherlogs" then a log with prefix "vogon" will make it's get-sth handler
// available at "/otherlogs/vogon/ct/v1/get-sth" regardless of what the
// global prefix is. Can be set to '/' to make the get-sth handler register
// at "/vogon/ct/v1/get-sth".
OverrideHandlerPrefix string `protobuf:"bytes,13,opt,name=override_handler_prefix,json=overrideHandlerPrefix,proto3" json:"override_handler_prefix,omitempty"`
// Paths to the files containing root certificates that are acceptable to the
// log. The certs are served through get-roots endpoint. Optional in mirrors.
RootsPemFile []string `protobuf:"bytes,3,rep,name=roots_pem_file,json=rootsPemFile,proto3" json:"roots_pem_file,omitempty"`
// The private key used for signing STHs etc. Not required for mirrors.
PrivateKey *anypb.Any `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
// The public key matching the above private key (if both are present). It is
// used only by mirror logs for verifying the source log's signatures, but can
// be specified for regular logs as well for the convenience of test tools.
PublicKey *keyspb.PublicKey `protobuf:"bytes,5,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
// If reject_expired is true then the certificate validity period will be
// checked against the current time during the validation of submissions.
// This will cause expired certificates to be rejected.
RejectExpired bool `protobuf:"varint,6,opt,name=reject_expired,json=rejectExpired,proto3" json:"reject_expired,omitempty"`
// If reject_unexpired is true then CTFE rejects certificates that are either
// currently valid or not yet valid.
RejectUnexpired bool `protobuf:"varint,17,opt,name=reject_unexpired,json=rejectUnexpired,proto3" json:"reject_unexpired,omitempty"`
// If set, ext_key_usages will restrict the set of such usages that the
// server will accept. By default all are accepted. The values specified
// must be ones known to the x509 package.
ExtKeyUsages []string `protobuf:"bytes,7,rep,name=ext_key_usages,json=extKeyUsages,proto3" json:"ext_key_usages,omitempty"`
// not_after_start defines the start of the range of acceptable NotAfter
// values, inclusive.
// Leaving this unset implies no lower bound to the range.
NotAfterStart *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=not_after_start,json=notAfterStart,proto3" json:"not_after_start,omitempty"`
// not_after_limit defines the end of the range of acceptable NotAfter values,
// exclusive.
// Leaving this unset implies no upper bound to the range.
NotAfterLimit *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=not_after_limit,json=notAfterLimit,proto3" json:"not_after_limit,omitempty"`
// accept_only_ca controls whether or not *only* certificates with the CA bit
// set will be accepted.
AcceptOnlyCa bool `protobuf:"varint,10,opt,name=accept_only_ca,json=acceptOnlyCa,proto3" json:"accept_only_ca,omitempty"`
// backend_name if set indicates which backend serves this log. The name must be
// one of those defined in the LogBackendSet.
LogBackendName string `protobuf:"bytes,11,opt,name=log_backend_name,json=logBackendName,proto3" json:"log_backend_name,omitempty"`
// If set, the log is a mirror, i.e. it serves the data of another (source)
// log. It doesn't handle write requests (add-chain, etc.), so it's not a
// fully fledged RFC-6962 log, but the tree read requests like get-entries and
// get-consistency-proof are compatible. A mirror doesn't have the source
// log's key and can't sign STHs. Consequently, the log operator must ensure
// to channel source log's STHs into CTFE.
IsMirror bool `protobuf:"varint,12,opt,name=is_mirror,json=isMirror,proto3" json:"is_mirror,omitempty"`
// If set, the log serves only read endpoints, and rejects writes through the
// add-[pre-]chain endpoint.
IsReadonly bool `protobuf:"varint,19,opt,name=is_readonly,json=isReadonly,proto3" json:"is_readonly,omitempty"`
// The Maximum Merge Delay (MMD) of this log in seconds. See RFC6962 section 3
// for definition of MMD. If zero, the log does not provide an MMD guarantee
// (for example, it is a frozen log).
MaxMergeDelaySec int32 `protobuf:"varint,14,opt,name=max_merge_delay_sec,json=maxMergeDelaySec,proto3" json:"max_merge_delay_sec,omitempty"`
// The merge delay that the underlying log implementation is able/targeting to
// provide. This option is exposed in CTFE metrics, and can be particularly
// useful to catch when the log is behind but has not yet violated the strict
// MMD limit.
// Log operator should decide what exactly EMD means for them. For example, it
// can be a 99-th percentile of merge delays that they observe, and they can
// alert on the actual merge delay going above a certain multiple of this EMD.
ExpectedMergeDelaySec int32 `protobuf:"varint,15,opt,name=expected_merge_delay_sec,json=expectedMergeDelaySec,proto3" json:"expected_merge_delay_sec,omitempty"`
// The STH that this log will serve permanently (if present). Frozen STH must
// be signed by this log's private key, and will be verified using the public
// key specified in this config.
FrozenSth *SignedTreeHead `protobuf:"bytes,16,opt,name=frozen_sth,json=frozenSth,proto3" json:"frozen_sth,omitempty"`
// A list of X.509 extension OIDs, in dotted string form (e.g. "2.3.4.5")
// which should cause submissions to be rejected.
RejectExtensions []string `protobuf:"bytes,18,rep,name=reject_extensions,json=rejectExtensions,proto3" json:"reject_extensions,omitempty"`
// contains filtered or unexported fields
}
func (*LogConfig) Descriptor() ([]byte, []int)
Deprecated: Use LogConfig.ProtoReflect.Descriptor instead.
func (x *LogConfig) GetAcceptOnlyCa() bool
func (x *LogConfig) GetExpectedMergeDelaySec() int32
func (x *LogConfig) GetExtKeyUsages() []string
func (x *LogConfig) GetFrozenSth() *SignedTreeHead
func (x *LogConfig) GetIsMirror() bool
func (x *LogConfig) GetIsReadonly() bool
func (x *LogConfig) GetLogBackendName() string
func (x *LogConfig) GetLogId() int64
func (x *LogConfig) GetMaxMergeDelaySec() int32
func (x *LogConfig) GetNotAfterLimit() *timestamppb.Timestamp
func (x *LogConfig) GetNotAfterStart() *timestamppb.Timestamp
func (x *LogConfig) GetOverrideHandlerPrefix() string
func (x *LogConfig) GetPrefix() string
func (x *LogConfig) GetPrivateKey() *anypb.Any
func (x *LogConfig) GetPublicKey() *keyspb.PublicKey
func (x *LogConfig) GetRejectExpired() bool
func (x *LogConfig) GetRejectExtensions() []string
func (x *LogConfig) GetRejectUnexpired() bool
func (x *LogConfig) GetRootsPemFile() []string
func (*LogConfig) ProtoMessage()
func (x *LogConfig) ProtoReflect() protoreflect.Message
func (x *LogConfig) Reset()
func (x *LogConfig) String() string
LogConfigSet is a set of LogConfig messages.
type LogConfigSet struct {
Config []*LogConfig `protobuf:"bytes,1,rep,name=config,proto3" json:"config,omitempty"`
// contains filtered or unexported fields
}
func (*LogConfigSet) Descriptor() ([]byte, []int)
Deprecated: Use LogConfigSet.ProtoReflect.Descriptor instead.
func (x *LogConfigSet) GetConfig() []*LogConfig
func (*LogConfigSet) ProtoMessage()
func (x *LogConfigSet) ProtoReflect() protoreflect.Message
func (x *LogConfigSet) Reset()
func (x *LogConfigSet) String() string
LogMultiConfig wraps up a LogBackendSet and corresponding LogConfigSet so that they can easily be parsed as a single proto.
type LogMultiConfig struct {
// The set of backends that this configuration will use to send requests to.
// The names of the backends in the LogBackendSet must all be distinct.
Backends *LogBackendSet `protobuf:"bytes,1,opt,name=backends,proto3" json:"backends,omitempty"`
// The set of logs that will use the above backends. All the protos in this
// LogConfigSet must set a valid log_backend_name for the config to be usable.
LogConfigs *LogConfigSet `protobuf:"bytes,2,opt,name=log_configs,json=logConfigs,proto3" json:"log_configs,omitempty"`
// contains filtered or unexported fields
}
func (*LogMultiConfig) Descriptor() ([]byte, []int)
Deprecated: Use LogMultiConfig.ProtoReflect.Descriptor instead.
func (x *LogMultiConfig) GetBackends() *LogBackendSet
func (x *LogMultiConfig) GetLogConfigs() *LogConfigSet
func (*LogMultiConfig) ProtoMessage()
func (x *LogMultiConfig) ProtoReflect() protoreflect.Message
func (x *LogMultiConfig) Reset()
func (x *LogMultiConfig) String() string
SignedTreeHead represents the structure returned by the get-sth CT method. See RFC6962 sections 3.5 and 4.3 for reference. TODO(pavelkalinnikov): Find a better place for this type.
type SignedTreeHead struct {
TreeSize int64 `protobuf:"varint,1,opt,name=tree_size,json=treeSize,proto3" json:"tree_size,omitempty"`
Timestamp int64 `protobuf:"varint,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
Sha256RootHash []byte `protobuf:"bytes,3,opt,name=sha256_root_hash,json=sha256RootHash,proto3" json:"sha256_root_hash,omitempty"`
TreeHeadSignature []byte `protobuf:"bytes,4,opt,name=tree_head_signature,json=treeHeadSignature,proto3" json:"tree_head_signature,omitempty"`
// contains filtered or unexported fields
}
func (*SignedTreeHead) Descriptor() ([]byte, []int)
Deprecated: Use SignedTreeHead.ProtoReflect.Descriptor instead.
func (x *SignedTreeHead) GetSha256RootHash() []byte
func (x *SignedTreeHead) GetTimestamp() int64
func (x *SignedTreeHead) GetTreeHeadSignature() []byte
func (x *SignedTreeHead) GetTreeSize() int64
func (*SignedTreeHead) ProtoMessage()
func (x *SignedTreeHead) ProtoReflect() protoreflect.Message
func (x *SignedTreeHead) Reset()
func (x *SignedTreeHead) String() string