Documentation ¶
Index ¶
- Constants
- Variables
- func CreateLog(ctx context.Context, config *Config) error
- func ParseExtensions(extensions []byte) (leafIndex int64, err error)
- func ReusedConnContext(ctx context.Context, c net.Conn) context.Context
- type Backend
- type Config
- type DynamoDBBackend
- func (b *DynamoDBBackend) Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error
- func (b *DynamoDBBackend) Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)
- func (b *DynamoDBBackend) Metrics() []prometheus.Collector
- func (b *DynamoDBBackend) Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)
- type LockBackend
- type LockedCheckpoint
- type Log
- type LogEntry
- type S3Backend
- type SequencedLogEntry
- type UploadOptions
Constants ¶
const TileHeight = 8
Variables ¶
var ErrLogExists = errors.New("checkpoint already exist, refusing to initialize log")
Functions ¶
func ParseExtensions ¶
Types ¶
type Backend ¶
type Backend interface { // Upload is expected to retry transient errors, and only return an error // for unrecoverable errors. When Upload returns, the object must be fully // persisted. Upload can be called concurrently. opts may be nil. Upload(ctx context.Context, key string, data []byte, opts *UploadOptions) error // Fetch can be called concurrently. It's expected to decompress any data // uploaded with UploadOptions.Compress true. Fetch(ctx context.Context, key string) ([]byte, error) // Metrics returns the metrics to register for this log. The metrics should // not be shared by any other logs. Metrics() []prometheus.Collector }
Backend is a strongly consistent object storage.
It is dedicated to a single log instance.
type Config ¶
type Config struct { Name string Key *ecdsa.PrivateKey PoolSize int Cache string Backend Backend Lock LockBackend Log *slog.Logger Roots *x509util.PEMCertPool NotAfterStart time.Time NotAfterLimit time.Time }
type DynamoDBBackend ¶
type DynamoDBBackend struct {
// contains filtered or unexported fields
}
func NewDynamoDBBackend ¶
func (*DynamoDBBackend) Fetch ¶
func (b *DynamoDBBackend) Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)
func (*DynamoDBBackend) Metrics ¶
func (b *DynamoDBBackend) Metrics() []prometheus.Collector
func (*DynamoDBBackend) Replace ¶
func (b *DynamoDBBackend) Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)
type LockBackend ¶
type LockBackend interface { // Fetch obtains the current checkpoint for a given log, as well as the data // necessary to perform a compare-and-swap operation. Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error) // Replace uploads a new checkpoint, atomically checking that the old // checkpoint is the provided one, and returning the new one. Replace is // expected to retry transient errors, and only return an error for // unrecoverable errors (such as a conflict). Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error) // Create uploads a new checkpoint, atomically checking that none exist for // the log yet. Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error }
A LockBackend is a database that supports compare-and-swap operations.
It is shared across multiple Log instances, and is used only to store the latest checkpoint before making it publicly available.
type LockedCheckpoint ¶
type LockedCheckpoint interface {
Bytes() []byte
}
A LockedCheckpoint is a checkpoint, along with the backend-specific information necessary to perform a compare-and-swap operation.
type Log ¶
type Log struct {
// contains filtered or unexported fields
}
func (*Log) CloseCache ¶
func (*Log) Metrics ¶
func (l *Log) Metrics() []prometheus.Collector
type LogEntry ¶
type LogEntry struct { // Certificate is either the x509_entry or the tbs_certificate for precerts. Certificate []byte IsPrecert bool IssuerKeyHash [32]byte PreCertificate []byte PrecertSigningCert []byte }
func (*LogEntry) SignedEntry ¶
SignedEntry returns the entry_type and signed_entry fields of a RFC 6962 TimestampedEntry.
type S3Backend ¶
type S3Backend struct {
// contains filtered or unexported fields
}
func NewS3Backend ¶
func (*S3Backend) Metrics ¶
func (s *S3Backend) Metrics() []prometheus.Collector
type SequencedLogEntry ¶
func ReadTileLeaf ¶
func ReadTileLeaf(tile []byte) (e *SequencedLogEntry, rest []byte, err error)
func (*SequencedLogEntry) Extensions ¶
func (e *SequencedLogEntry) Extensions() []byte
Extensions returns the custom structure that's encoded in the SignedCertificateTimestamp and TimestampedEntry extensions field.
func (*SequencedLogEntry) MerkleTreeLeaf ¶
func (e *SequencedLogEntry) MerkleTreeLeaf() []byte
MerkleTreeLeaf returns a RFC 6962 MerkleTreeLeaf.
func (*SequencedLogEntry) TileLeaf ¶
func (e *SequencedLogEntry) TileLeaf() []byte
TileLeaf returns the custom structure that's encoded in data tiles.