CA

package
v0.0.0-...-1e6caf6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2023 License: BSD-3-Clause Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const PROTOCOL = "http://"

Variables

View Source 
var (
	OIDCTngExtension = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 67847871}
)

Functions

func EncodeCTngExtension 

func EncodeCTngExtension(ctngext CTngExtension) []byte

func GenerateCA_Crypto_config_template 

func GenerateCA_Crypto_config_template() *crypto.StoredCryptoConfig

Generate a CA Crypto config template

func GenerateRSAKeyPair 

func GenerateRSAKeyPair() (rsa.PrivateKey, rsa.PublicKey)

Gererate RSA key pair

func GenerateRandomBitPositions 

func GenerateRandomBitPositions(totalBits int, density float64) []int

func Generate_Issuer 

func Generate_Issuer(name string) pkix.Name

generate 1 issuer given N

func Generate_N_KeyPairs 

func Generate_N_KeyPairs(subjects []pkix.Name) map[string]*rsa.PublicKey

Generate N random Public/Private key pairs, return a map of public key, using pkix.Name as key

func Generate_N_Signed_PreCert 

func Generate_N_Signed_PreCert(c *CAContext, N int, host string, validFor time.Duration, isCA bool, issuer pkix.Name, root_cert *x509.Certificate, root bool, priv *rsa.PrivateKey, global_offset int) []*x509.Certificate

generate N signed precert, with different subject

func Generate_N_Signed_PreCert_with_priv 

func Generate_N_Signed_PreCert_with_priv(c *CAContext, N int, host string, validFor time.Duration, isCA bool, issuer pkix.Name, root_cert *x509.Certificate, root bool, priv *rsa.PrivateKey, global_offset int) ([]*x509.Certificate, map[string]*rsa.PrivateKey)

func Generate_N_Subjects 

func Generate_N_Subjects(N int, global_offset int) []pkix.Name

generate N subject, with different common name

func Generate_Revocation 

func Generate_Revocation(c *CAContext, Period string, REV_type int) definition.Gossip_object

func Generate_Root_Certificate 

func Generate_Root_Certificate(ctx *CAContext) *x509.Certificate

Generate Root certificate self signed

func Generate_Selfsigned_root_cert 

func Generate_Selfsigned_root_cert(c *CAContext, host string, validFor time.Duration, isCA bool, issuer pkix.Name, subject pkix.Name, root_cert *x509.Certificate, root bool, pub *rsa.PublicKey, priv *rsa.PrivateKey) *x509.Certificate

func Generate_Signed_PreCert 

func Generate_Signed_PreCert(c *CAContext, host string, validFor time.Duration, isCA bool, issuer pkix.Name, subject pkix.Name, root_cert *x509.Certificate, root bool, pub *rsa.PublicKey, priv *rsa.PrivateKey) *x509.Certificate

generate signed precert

func Generate_and_return_N_KeyPairs 

func Generate_and_return_N_KeyPairs(subjects []pkix.Name) (map[string]*rsa.PublicKey, map[string]*rsa.PrivateKey)

func Genrate_Unsigned_PreCert 

func Genrate_Unsigned_PreCert(host string, validFor time.Duration, isCA bool, issuer pkix.Name, subject pkix.Name, ctx *CAContext) *x509.Certificate

Unsigned Pre-certificate

func GerCurrentSecond 

func GerCurrentSecond() string

func GetCurrentPeriod 

func GetCurrentPeriod() string

func GetPrecertfromCert 

func GetPrecertfromCert(cert *x509.Certificate) *x509.Certificate

func GetRIDfromCert 

func GetRIDfromCert(cert *x509.Certificate) int

func Marshall_Signed_PreCert 

func Marshall_Signed_PreCert(precert *x509.Certificate) []byte

Marshall signed precert to json

func PeriodicTask 

func PeriodicTask(ctx *CAContext)

func Send_Signed_PreCert_To_Logger 

func Send_Signed_PreCert_To_Logger(c *CAContext, precert *x509.Certificate, logger string)

send a signed precert to a logger

func Send_Signed_PreCert_To_Loggers 

func Send_Signed_PreCert_To_Loggers(c *CAContext, precert *x509.Certificate, loggers []string)

send a signed precert to all loggers

func SignAllCerts 

func SignAllCerts(c *CAContext) []*x509.Certificate

func Sign_certificate 

func Sign_certificate(cert *x509.Certificate, root_cert *x509.Certificate, root bool, pub *rsa.PublicKey, priv *rsa.PrivateKey) *x509.Certificate

Signed certificate with Root certificate

func StartCA 

func StartCA(c *CAContext)

Our CA does not create certificate by requests The purpose of the CA is for testing purposes only

func Unmarshall_Signed_PreCert 

func Unmarshall_Signed_PreCert(precert []byte) *x509.Certificate

Unmarshall signed precert from json

func UpdateAllforSigning 

func UpdateAllforSigning(certs []*x509.Certificate) []*x509.Certificate

func UpdateCTngExtension 

func UpdateCTngExtension(cert *x509.Certificate, newloggerinfo LoggerInfo) *x509.Certificate

func UpdateforSigning 

func UpdateforSigning(cert *x509.Certificate) *x509.Certificate

func WriteConfigToFile 

func WriteConfigToFile(config interface{}, filepath string)

write a CA private config or ca public config or crypto config to file

Types

type CAContext 

type CAContext struct {
	Client                 *http.Client
	SerialNumber           int
	CA_public_config       *CA_public_config
	CA_private_config      *CA_private_config
	CA_crypto_config       *crypto.CryptoConfig
	PublicKey              rsa.PublicKey
	PrivateKey             rsa.PrivateKey
	CurrentCertificatePool *crypto.CertPool
	CurrentKeyPool         map[string]*rsa.PrivateKey
	CertPoolStorage        *CTngCertPoolStorage
	Rootcert               *x509.Certificate
	CertCounter            int
	CRV                    *CRV
	CA_Type                int                                 //0 for normal CA, 1 for Split-world CA, 2 for always unreponsive CA, 3 for sometimes unreponsive CA
	Request_Count          int                                 //Only used for sometimes unreponsive CA and Split-world CA
	OnlineDuration         int                                 //Only used for sometimes unreponsive CA and Split-world CA
	REV_storage            map[string]definition.Gossip_object //for monitor to query
	REV_storage_fake       map[string]definition.Gossip_object //for monitor to query
	MisbehaviorInterval    int                                 //for sometimes unreponsive CA and Split-world CA, misbehave every x requests
	StoragePath1           string
	StoragePath2           string
	STH_storage            map[string]definition.Gossip_object //store the STH by LID
	Request_Count_lock     *sync.Mutex
	Min_latency            int
	Max_latency            int
	RevocationRatio        float64
	STH_storage_lock       *sync.Mutex
	Certpool_lock          *sync.Mutex
	Fresh                  bool
}

func InitializeCAContext 

func InitializeCAContext(public_config_path string, private_config_file_path string, crypto_config_path string) *CAContext

initialize CA context

func (*CAContext) SaveToStorage 

func (ctx *CAContext) SaveToStorage()

type CA_private_config 

type CA_private_config struct {
	Signer          string
	Port            string
	Loggerlist      []string
	Monitorlist     []string
	Gossiperlist    []string
	Cert_per_period int
}

func GenerateCA_private_config_template 

func GenerateCA_private_config_template() *CA_private_config

Generate a CA private config template

type CA_public_config 

type CA_public_config struct {
	All_CA_URLs     []string
	All_Logger_URLs []string
	MMD             int
	MRD             int
	Http_vers       []string
}

func GenerateCA_public_config_template 

func GenerateCA_public_config_template() *CA_public_config

Generate a CA public config template

type CRV 

type CRV struct {
	CRV_pre_update *bitset.BitSet
	CRV_current    *bitset.BitSet
}

func CRV_init 

func CRV_init() *CRV

func (*CRV) GetDeltaCRV 

func (crv *CRV) GetDeltaCRV() []byte

Compute delta between CRV_pre_update and CRV_current

func (*CRV) MassRevoke 

func (crv *CRV) MassRevoke(ratio float64)

func (*CRV) Revoke 

func (crv *CRV) Revoke(index int)

revoke by revocation ID

type CTngCertPoolStorage 

type CTngCertPoolStorage struct {
	Certpools map[string]crypto.CertPool
}

type CTngExtension 

type CTngExtension struct {
	SequenceNumber    SequenceNumber `json:"SequenceNumber,omitempty"`
	LoggerInformation []LoggerInfo   `json:"LoggerInformation,omitempty"`
}

func DecodeCTngExtension 

func DecodeCTngExtension(ctngextasn1bytes []byte) CTngExtension

func ParseCTngextension 

func ParseCTngextension(cert *x509.Certificate) CTngExtension

type LoggerInfo 

type LoggerInfo struct {
	STH definition.Gossip_object    `json:"STH,omitempty"` // STH is the Signed Tree Head of the CT log
	POI crypto.POI_for_transmission `json:"POI,omitempty"` // POI is the proof of inclusion of the certificate in the CT log
}

RID is self generated by the CA

type Revocation 

type Revocation struct {
	Period    string
	Delta_CRV []byte
	SRH       string
}

type SequenceNumber 

type SequenceNumber struct {
	RID int `json:"RID,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.