ctlog

package
v0.6.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ConfigKey is the key in the map holding the marshalled CTLog config.
	ConfigKey = "config"
	// PrivateKey is the key in the map holding the encrypted PEM private key
	// for CTLog.
	PrivateKey = "private"
	// PublicKey is the key in the map holding the PEM public key for CTLog.
	PublicKey = "public"
	// LegacyRootCAKey is the key for when we only supported a single entry
	// in the config.
	LegacyRootCAKey = "rootca"
)

Variables

This section is empty.

Functions

func DecryptExistingPrivateKey added in v0.4.12 

func DecryptExistingPrivateKey(privateKey []byte, password string) (crypto.PrivateKey, crypto.PublicKey, error)

DecryptExistingPrivateKey reads in an encrypted private key, decrypts with the given password, and returns private, public keys for it.

Types

type Config added in v0.6.0 

type Config struct {
	PrivKey         crypto.PrivateKey
	PrivKeyPassword string
	PubKey          crypto.PublicKey
	LogID           int64
	LogPrefix       string

	// Address of the gRPC Trillian Admin Server (host:port)
	TrillianServerAddr string

	// FulcioCerts contains one or more Root certificates for Fulcio.
	// It may contain more than one if Fulcio key is rotated for example, so
	// there will be a period of time when we allow both. It might also contain
	// multiple Root Certificates, if we choose to support admitting certificates from fulcio instances run by others
	FulcioCerts [][]byte
}

Config abstracts the proto munging to/from bytes suitable for working with secrets / configmaps. Note that we keep fulcioCerts here though technically they are not part of the config, however because we create a secret/CM that we then mount, they need to be synced.

func Unmarshal 

func Unmarshal(_ context.Context, in map[string][]byte) (*Config, error)

Unmarshal converts serialized (from secret, or configmap) form of the proto and secrets and constructs a CTLogConfig. Note however that because we do not update public/private keys once set we do not roundtrip these into their original forms.

func (*Config) AddFulcioRoot added in v0.6.0 

func (c *Config) AddFulcioRoot(ctx context.Context, fulcioRoot []byte) error

AddFulcioRoot will add the specified fulcioRoot to the list of trusted Fulcios. If it already exists, it's a nop. The fulcioRoot should come from the call to fetch a PublicFulcio root and is the ChainPEM from the fulcioclient RootResponse.

func (*Config) MarshalConfig added in v0.6.0 

func (c *Config) MarshalConfig(ctx context.Context) (map[string][]byte, error)

MarshalConfig marshals the CTLogConfig into a format that can be handed to the CTLog in form of a secret or configmap. Returns a map with the following keys: config - CTLog configuration private - CTLog private key, PEM encoded and encrypted with the password public - CTLog public key, PEM encoded fulcio-%d - For each fulcioCerts, contains one entry so we can support multiple.

func (*Config) RemoveFulcioRoot added in v0.6.0 

func (c *Config) RemoveFulcioRoot(ctx context.Context, fulcioRoot []byte) error

RemoveFulcioRoot will remove the specified fulcioRoot from the list of trusted Fulcios. If

func (*Config) String added in v0.6.0 

func (c *Config) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.