policy

package

v0.0.0-...-aee0108 Latest Latest Go to latest Published: Jan 8, 2024 License: BSD-2-Clause Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitlab.torproject.org/rgdd/silent-ct

Links

Open Source Insights

Documentation ¶

Overview ¶

Package policy specifies which certificates to look for while monitoring, and how to pull legitimately issued certificates from trusted nodes based on a shared secret. Statically configured logs can also be specified, as well as logs that should not be monitored even if they appear in any dynamic list.

Index ¶

type Node
- func NewNode(name, secret, url string, domains []string) (Node, error)
type Policy
type Wildcard
type Wildcards
- func (w *Wildcards) Match(leafData, extraData []byte) (bool, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Node ¶

type Node struct {
	Name    string   `json:"name"`   // Artbirary node name to authenticate
	Secret  string   `json:"secret"` // Arbitrary node secret for authentication
	URL     string   `json:"url"`    // Where the node's submissions can be downloaded
	Domains []string `json:"issues"` // Exact-match domain names allowed to be issued
	// contains filtered or unexported fields
}

func NewNode ¶

func NewNode(name, secret, url string, domains []string) (Node, error)

func (*Node) Authorize ¶

func (n *Node) Authorize(sans []string) error

func (*Node) HMAC ¶

func (n *Node) HMAC(data []byte) (mac [sha256.Size]byte, err error)

func (*Node) UnmarshalJSON ¶

func (n *Node) UnmarshalJSON(data []byte) error

func (*Node) Validate ¶

func (n *Node) Validate() error

type Policy ¶

type Policy struct {
	Monitor Wildcards `json:"monitor"`
	Nodes   []Node    `json:"nodes"`

	// Optional
	StaticLogs []metadata.Log    `json:"static_logs"`
	RemoveLogs []metadata.LogKey `json:"remove_logs"`
}

type Wildcard ¶

type Wildcard struct {
	BootstrapAt time.Time `json:"bootstrap_at"`
	Wildcard    string    `json:"wildcard"`
	Excludes    []string  `json:"excludes",omitempty"`
}

Wildcard matches any string that ends with `Wildcard`, unless:

`Excludes[i] + "." + Wildcard` is a longer suffix match, or
the certificate expired before the BootstrapAt timestamp.

func (*Wildcard) Match ¶

func (w *Wildcard) Match(sans []string, expiresAt time.Time) bool

func (*Wildcard) UnmarshalJSON ¶

func (w *Wildcard) UnmarshalJSON(data []byte) error

func (*Wildcard) Validate ¶

func (w *Wildcard) Validate() error

type Wildcards ¶

type Wildcards []Wildcard

Wildcards implement the monitor.Matcher interface for a list of wildcards.

Warning: parsing of SANs in certificates is hard. This matcher depends on the parsing defined in github.com/google/certificate-transparency-go/x509.

func (*Wildcards) Match ¶

func (w *Wildcards) Match(leafData, extraData []byte) (bool, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL