Documentation ¶
Overview ¶
Package keyserver implements a transparent key server for End to End.
Index ¶
- Constants
- Variables
- func DecodeToken(token string, msg proto.Message) error
- func EncodeToken(msg proto.Message) (string, error)
- type BatchReader
- type MutationLogs
- type Server
- func (s *Server) BatchGetUser(ctx context.Context, in *pb.BatchGetUserRequest) (*pb.BatchGetUserResponse, error)
- func (s *Server) BatchGetUserIndex(ctx context.Context, in *pb.BatchGetUserIndexRequest) (*pb.BatchGetUserIndexResponse, error)
- func (s *Server) BatchListUserRevisions(ctx context.Context, in *pb.BatchListUserRevisionsRequest) (*pb.BatchListUserRevisionsResponse, error)
- func (s *Server) BatchQueueUserUpdate(ctx context.Context, in *pb.BatchQueueUserUpdateRequest) (*empty.Empty, error)
- func (s *Server) GetDirectory(ctx context.Context, in *pb.GetDirectoryRequest) (*pb.Directory, error)
- func (s *Server) GetLatestRevision(ctx context.Context, in *pb.GetLatestRevisionRequest) (*pb.Revision, error)
- func (s *Server) GetRevision(ctx context.Context, in *pb.GetRevisionRequest) (*pb.Revision, error)
- func (*Server) GetRevisionStream(in *pb.GetRevisionRequest, stream pb.KeyTransparency_GetRevisionStreamServer) error
- func (s *Server) GetUser(ctx context.Context, in *pb.GetUserRequest) (*pb.GetUserResponse, error)
- func (s *Server) ListEntryHistory(ctx context.Context, in *pb.ListEntryHistoryRequest) (*pb.ListEntryHistoryResponse, error)
- func (s *Server) ListMutations(ctx context.Context, in *pb.ListMutationsRequest) (*pb.ListMutationsResponse, error)
- func (*Server) ListMutationsStream(in *pb.ListMutationsRequest, ...) error
- func (s *Server) ListUserRevisions(ctx context.Context, in *pb.ListUserRevisionsRequest) (*pb.ListUserRevisionsResponse, error)
- func (s *Server) QueueEntryUpdate(ctx context.Context, in *pb.UpdateEntryRequest) (*empty.Empty, error)
- type SourceList
Constants ¶
const ( MaxClockDrift = 5 * time.Minute MinNonceLen = 16 )
Maximum period of time to allow between CreationTime and server time.
Variables ¶
var ( // ErrNoCommitted occurs when the committed field is missing. ErrNoCommitted = errors.New("missing commitment") // ErrCommittedKeyLen occurs when the committed key is too small. ErrCommittedKeyLen = errors.New("committed.key is too small") // ErrWrongIndex occurs when the index in key value does not match the // output of VRF. ErrWrongIndex = errors.New("index does not match VRF") // ErrInvalidStart occurs when the start revision of ListEntryHistoryRequest // is not valid (not in [1, currentRevision]). ErrInvalidStart = errors.New("invalid start revision") // ErrInvalidPageSize occurs when the page size is < 0. ErrInvalidPageSize = errors.New("Invalid page size") // ErrInvalidEnd occurs when the end revision of the ListUserRevisionsRequest // is not in [start, currentRevision]. ErrInvalidEnd = errors.New("invalid end revision") )
Functions ¶
func DecodeToken ¶
DecodeToken turns a URL-safe base64 encoded protobuf back into its proto.
Types ¶
type BatchReader ¶
type BatchReader interface { // ReadBatch returns the batch definitions for a given revision. ReadBatch(ctx context.Context, directoryID string, rev int64) (*spb.MapMetadata, error) }
BatchReader reads batch definitions.
type MutationLogs ¶
type MutationLogs interface { // Send submits an item to a random log. Send(ctx context.Context, directoryID string, mutation ...*pb.EntryUpdate) error // ReadLog returns the messages in the (low, high] range stored in the specified log. ReadLog(ctx context.Context, directoryID string, logID, low, high int64, batchSize int32) ([]*mutator.LogMessage, error) }
MutationLogs provides sets of time ordered message logs.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server holds internal state for the key server.
func New ¶
func New(tlog tpb.TrillianLogClient, tmap tpb.TrillianMapClient, logAdmin tpb.TrillianAdminClient, mapAdmin tpb.TrillianAdminClient, mutate mutator.ReduceMutationFn, directories directory.Storage, logs MutationLogs, batches BatchReader) *Server
New creates a new instance of the key server.
func (*Server) BatchGetUser ¶
func (s *Server) BatchGetUser(ctx context.Context, in *pb.BatchGetUserRequest) (*pb.BatchGetUserResponse, error)
BatchGetUser returns a batch of users at the same revision.
func (*Server) BatchGetUserIndex ¶
func (s *Server) BatchGetUserIndex(ctx context.Context, in *pb.BatchGetUserIndexRequest) (*pb.BatchGetUserIndexResponse, error)
BatchGetUserIndex returns indexes for users, computed with a verifiable random function.
func (*Server) BatchListUserRevisions ¶
func (s *Server) BatchListUserRevisions(ctx context.Context, in *pb.BatchListUserRevisionsRequest) ( *pb.BatchListUserRevisionsResponse, error)
BatchListUserRevisions returns a list of revisions covering a period of time.
func (*Server) BatchQueueUserUpdate ¶
func (s *Server) BatchQueueUserUpdate(ctx context.Context, in *pb.BatchQueueUserUpdateRequest) (*empty.Empty, error)
BatchQueueUserUpdate updates a user's profile. If the user does not exist, a new profile will be created.
func (*Server) GetDirectory ¶
func (s *Server) GetDirectory(ctx context.Context, in *pb.GetDirectoryRequest) (*pb.Directory, error)
GetDirectory returns all info tied to the specified directory.
This API to get all necessary data needed to verify a particular key-server. Data contains for instance the tree-info, like for instance the log/map-id and the corresponding public-keys.
func (*Server) GetLatestRevision ¶
func (s *Server) GetLatestRevision(ctx context.Context, in *pb.GetLatestRevisionRequest) (*pb.Revision, error)
GetLatestRevision returns the latest revision. The current revision tracks the SignedLogRoot.
func (*Server) GetRevision ¶
GetRevision returns the requested revision.
func (*Server) GetRevisionStream ¶
func (*Server) GetRevisionStream(in *pb.GetRevisionRequest, stream pb.KeyTransparency_GetRevisionStreamServer) error
GetRevisionStream is a streaming API similar to ListMutations.
func (*Server) GetUser ¶
func (s *Server) GetUser(ctx context.Context, in *pb.GetUserRequest) (*pb.GetUserResponse, error)
GetUser returns a user's profile and proof that there is only one object for this user and that it is the same one being provided to everyone else. GetUser also supports querying past values by setting the revision field.
func (*Server) ListEntryHistory ¶
func (s *Server) ListEntryHistory(ctx context.Context, in *pb.ListEntryHistoryRequest) (*pb.ListEntryHistoryResponse, error)
ListEntryHistory returns a list of EntryProofs covering a period of time.
func (*Server) ListMutations ¶
func (s *Server) ListMutations(ctx context.Context, in *pb.ListMutationsRequest) (*pb.ListMutationsResponse, error)
ListMutations returns the mutations that created an revision.
func (*Server) ListMutationsStream ¶
func (*Server) ListMutationsStream(in *pb.ListMutationsRequest, stream pb.KeyTransparency_ListMutationsStreamServer) error
ListMutationsStream is a streaming list of mutations in a specific revision.
func (*Server) ListUserRevisions ¶
func (s *Server) ListUserRevisions(ctx context.Context, in *pb.ListUserRevisionsRequest) ( *pb.ListUserRevisionsResponse, error)
ListUserRevisions returns a list of revisions covering a period of time.
func (*Server) QueueEntryUpdate ¶
func (s *Server) QueueEntryUpdate(ctx context.Context, in *pb.UpdateEntryRequest) (*empty.Empty, error)
QueueEntryUpdate updates a user's profile. If the user does not exist, a new profile will be created.
type SourceList ¶
type SourceList []*spb.MapMetadata_SourceSlice
SourceList is a paginator for a list of source slices.
func (SourceList) First ¶
func (s SourceList) First() *rtpb.ReadToken
First returns the first read parameters for this source.
func (SourceList) Next ¶
func (s SourceList) Next(rt *rtpb.ReadToken, lastRow *mutator.LogMessage) *rtpb.ReadToken
Next returns the next read token. Returns an empty struct when the read is finished. lastRow is the (batchSize)th row from the last read, or nil if fewer than batchSize + 1 rows were returned.
func (SourceList) ParseToken ¶
func (s SourceList) ParseToken(token string) (*rtpb.ReadToken, error)
ParseToken will return the first token if token is "", otherwise it will try to parse the read token.