Documentation
¶
Index ¶
- Constants
- Variables
- func CreateLog(ctx context.Context, config *Config) error
- func ParseExtensions(extensions []byte) (leafIndex int64, err error)
- func ReusedConnContext(ctx context.Context, c net.Conn) context.Context
- type Backend
- type Config
- type DynamoDBBackend
- func (b *DynamoDBBackend) Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error
- func (b *DynamoDBBackend) Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)
- func (b *DynamoDBBackend) Metrics() []prometheus.Collector
- func (b *DynamoDBBackend) Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)
- type LockBackend
- type LockedCheckpoint
- type Log
- type LogEntry
- type S3Backend
- type SequencedLogEntry
- type UploadOptions
Constants ¶
View Source
const TileHeight = 8
Variables ¶
View Source
var ErrLogExists = errors.New("checkpoint already exist, refusing to initialize log")
Functions ¶
func ParseExtensions ¶
Types ¶
type Backend ¶
type Backend interface {
// Upload is expected to retry transient errors, and only return an error
// for unrecoverable errors. When Upload returns, the object must be fully
// persisted. Upload can be called concurrently. opts may be nil.
Upload(ctx context.Context, key string, data []byte, opts *UploadOptions) error
// Fetch can be called concurrently. It's expected to decompress any data
// uploaded with UploadOptions.Compress true.
Fetch(ctx context.Context, key string) ([]byte, error)
// Metrics returns the metrics to register for this log. The metrics should
// not be shared by any other logs.
Metrics() []prometheus.Collector
}
Backend is a strongly consistent object storage.
It is dedicated to a single log instance.
type Config ¶
type Config struct {
Name string
Key *ecdsa.PrivateKey
PoolSize int
Cache string
Backend Backend
Lock LockBackend
Log *slog.Logger
Roots *x509util.PEMCertPool
NotAfterStart time.Time
NotAfterLimit time.Time
}
type DynamoDBBackend ¶
type DynamoDBBackend struct {
// contains filtered or unexported fields
}
func NewDynamoDBBackend ¶
func (*DynamoDBBackend) Fetch ¶
func (b *DynamoDBBackend) Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)
func (*DynamoDBBackend) Metrics ¶
func (b *DynamoDBBackend) Metrics() []prometheus.Collector
func (*DynamoDBBackend) Replace ¶
func (b *DynamoDBBackend) Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)
type LockBackend ¶
type LockBackend interface {
// Fetch obtains the current checkpoint for a given log, as well as the data
// necessary to perform a compare-and-swap operation.
Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)
// Replace uploads a new checkpoint, atomically checking that the old
// checkpoint is the provided one, and returning the new one. Replace is
// expected to retry transient errors, and only return an error for
// unrecoverable errors (such as a conflict).
Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)
// Create uploads a new checkpoint, atomically checking that none exist for
// the log yet.
Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error
}
A LockBackend is a database that supports compare-and-swap operations.
It is shared across multiple Log instances, and is used only to store the latest checkpoint before making it publicly available.
type LockedCheckpoint ¶
type LockedCheckpoint interface {
Bytes() []byte
}
A LockedCheckpoint is a checkpoint, along with the backend-specific information necessary to perform a compare-and-swap operation.
type Log ¶
type Log struct {
// contains filtered or unexported fields
}
func (*Log) CloseCache ¶
func (*Log) Metrics ¶
func (l *Log) Metrics() []prometheus.Collector
type LogEntry ¶
type LogEntry struct {
// Certificate is either the x509_entry or the tbs_certificate for precerts.
Certificate []byte
IsPrecert bool
IssuerKeyHash [32]byte
PreCertificate []byte
PrecertSigningCert []byte
}
func (*LogEntry) SignedEntry ¶
SignedEntry returns the entry_type and signed_entry fields of a RFC 6962 TimestampedEntry.
type S3Backend ¶
type S3Backend struct {
// contains filtered or unexported fields
}
func NewS3Backend ¶
func (*S3Backend) Metrics ¶
func (s *S3Backend) Metrics() []prometheus.Collector
type SequencedLogEntry ¶
func ReadTileLeaf ¶
func ReadTileLeaf(tile []byte) (e *SequencedLogEntry, rest []byte, err error)
func (*SequencedLogEntry) Extensions ¶
func (e *SequencedLogEntry) Extensions() []byte
Extensions returns the custom structure that's encoded in the SignedCertificateTimestamp and TimestampedEntry extensions field.
func (*SequencedLogEntry) MerkleTreeLeaf ¶
func (e *SequencedLogEntry) MerkleTreeLeaf() []byte
MerkleTreeLeaf returns a RFC 6962 MerkleTreeLeaf.
func (*SequencedLogEntry) TileLeaf ¶
func (e *SequencedLogEntry) TileLeaf() []byte
TileLeaf returns the custom structure that's encoded in data tiles.
type UploadOptions ¶ added in v0.2.1
Source Files
Click to show internal directories.
Click to hide internal directories.