woodpecker

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2019 License: MPL-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package woodpecker provides a high level monitoring process responsible for monitoring one or more CT logs. Its primary use case is to be created and used from the context of a command line tool and so it accepts options that are relatively unprocessed (e.g. paths to certificate files, raw duration strings). Individual `monitor` objects are created for each of the logs to be monitored. See the `monitor` package for more information on the monitoring process.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertSubmitConfig 

type CertSubmitConfig struct {
	// CertIssuerKeyPath is a path to a file containing a BASE64 encoded ECDSA
	// private key
	// Generate with `ct-woodpecker-genissuer` from `test/`
	CertIssuerKeyPath string

	// CertIssuerPath is a path to a file containing a PEM encoded issuer
	// certificate with a public key matching the private key in CertIssuerKey
	// Generate with `ct-woodpecker-genissuer` from `test/`
	CertIssuerPath string

	// Interval is a duration string describing the sleep period between
	// submitting certificates to the monitor logs
	Interval string
	// Timeout is a duration string describing the timeout for precert/cert
	// submissions
	Timeout string
}

CertSubmitConfig describes the configuration for submitting certificates to a log periodically.

type Config 

type Config struct {
	// Address for the woodpecker metrics server
	MetricsAddr string

	// URI for database storage
	DBURI string

	// Configuration for STH fetching (nil if no fetching is to be done)
	FetchConfig *STHFetchConfig

	// Configuration for certificate submission (nil if no submission is to be done)
	SubmitConfig *CertSubmitConfig

	// Configuration for checking certificate inclusion (nil if no certificate
	// inclusion checking is to be done)
	InclusionConfig *InclusionCheckerConfig

	// Slice of logConfigs describing logs to monitor
	Logs []LogConfig
}

Config is a struct holding woodpecker configuration. A woodpecker can be configured to fetch monitored log STHs or submit certificates periodically to the monitored logs, or both.

func (*Config) Load 

func (c *Config) Load(file string) error

Load unmarshals the JSON contents stored in the file path provided, populating the configuration object. An error is returned if the populated configuration is not valid.

func (*Config) Valid 

func (c *Config) Valid() error

Valid checks that a woodpecker config is valid. At least one log must be configured. One of FetchConfig or SubmitConfig must be configured. If there are logs with SubmitCert/SubmitPreCert then there must be a SubmitConfig. Conversely, if there are no logs with SubmitCert/SubmitPreCert but there is a SubmitConfig it is considered an error. All duration strings must parse as valid time.Duration instances. If no MetricsAddr is provided the default will be populated.

type InclusionCheckerConfig 

type InclusionCheckerConfig struct {
	Interval       string
	FetchBatchSize int64
	MaxGetEntries  int64
}

InclusionCheckerConfig describes the configuration for checking submitted certificates have been included in a monitored log periodically.

type LogConfig 

type LogConfig struct {
	// URI of the CT Log
	URI string
	// Base64 encoded public key for the CT log
	Key string
	// Maximum merge delay for the log
	MaximumMergeDelay int `json:"maximum_merge_delay"`
	// TreeSize to start at when checking for inclusion
	Start string
	// Should woodpecker submit certificates to this log every CertSubmitInterval?
	SubmitCert bool
	// Should woodpecker submit pre-certificates to this log every CertSubmitInterval?
	SubmitPreCert bool
	// For a temporal log shard, the WindowStart is the certificate NotBefore
	// cutoff. If set and this log's SubmitCert or SubmitPreCert is true any
	// CertSubmitConfigs will generate a certificate with a validity period
	// starting after this datestamp.
	WindowStart string
	// For a temporal log shard, the WindowEnd is the certificate NotAfter cutoff.
	// If set and this log's SubmitCert or SubmitPreCert is true any
	// CertSubmitConfigs will generate a certificate with a validity period ending
	// before this datestamp.
	WindowEnd string
}

LogConfig describes a log to be monitored

func (*LogConfig) Valid 

func (lc *LogConfig) Valid() error

Valid checks that a logConfig is valid. If the log has no URI, an invalid URI, or no Key configured then an error is returned.

type STHFetchConfig 

type STHFetchConfig struct {
	// Interval is a duration string describing the sleep period between STH fetches
	Interval string
	// Timeout is a duration string describing the timeout for STH fetches
	Timeout string
}

STHFetchConfig describes the configuration for fetching log STHs periodically.

type Woodpecker 

type Woodpecker struct {
	// contains filtered or unexported fields
}

Woodpecker is a struct responsible for monitoring one or more CT logs. There is one `monitor.Monitor` for each monitored logs.

func New 

func New(c Config, stdout, stderr *log.Logger, clk clock.Clock) (*Woodpecker, error)

New creates a Woodpecker from the provided configuration, stdout logger, stderr logger and clock. If the configuration is invalid or an error occurs initializing the woodpecker it is returned. The returned Woodpecker and its monitors are not started until the Start() function is called.

func (*Woodpecker) Run 

func (w *Woodpecker) Run()

Run starts each of the Woodpecker's monitors

func (*Woodpecker) Stop 

func (w *Woodpecker) Stop()

Stop stops each of the Woodpecker's monitors

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.