Documentation ¶
Overview ¶
Package certs defines a certificate store that will provide primitives to store and get certificates for a given address.
It also provide a primitive to fetch a certificate from a known address using the hash as integrity validation.
Documentation Last Review: 07.10.2020
Index ¶
- type CertChain
- type Dialable
- type DiskStore
- type InMemoryStore
- func (s *InMemoryStore) Delete(addr mino.Address) error
- func (s *InMemoryStore) Fetch(addr Dialable, hash []byte) error
- func (s *InMemoryStore) Hash(chain CertChain) ([]byte, error)
- func (s *InMemoryStore) Load(addr mino.Address) (CertChain, error)
- func (s *InMemoryStore) Range(fn func(addr mino.Address, chain CertChain) bool) error
- func (s *InMemoryStore) Store(addr mino.Address, chain CertChain) error
- type Storage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertChain ¶
type CertChain []byte
CertChain represents a list of x509 certificates formatted as ASN.1 DER data. The certificates must be concatenated with no intermediate padding. Can be parsed with `x509.LoadCertificates`.
type Dialable ¶
Dialable is an extension of the mino.Address interface to get a network address that can be used to dial the distant server.
type DiskStore ¶
type DiskStore struct { *InMemoryStore // contains filtered or unexported fields }
DiskStore is a persistent implementation of a certificate storage. It uses internally an in-memory store to cache the certificates.
- implements certs.Storage
func NewDiskStore ¶
func NewDiskStore(db kv.DB, fac mino.AddressFactory) *DiskStore
NewDiskStore returns a new empty disk store. If certificates are stored in the database, they will be loaded on demand.
func (*DiskStore) Delete ¶
Delete implements certs.Storage. It deletes the certificate from the disk and the cache.
func (*DiskStore) Load ¶
Load implements certs.Storage. It first tries to read the certificate from the cache, then from the disk. It returns nil if not found in both.
type InMemoryStore ¶
type InMemoryStore struct {
// contains filtered or unexported fields
}
InMemoryStore is a certificate store that keeps the certificates in memory only, which means it does not persist.
- implements certs.Storage
func NewInMemoryStore ¶
func NewInMemoryStore() *InMemoryStore
NewInMemoryStore creates a new empty certificate store.
func (*InMemoryStore) Delete ¶
func (s *InMemoryStore) Delete(addr mino.Address) error
Delete implements certs.Storage. It deletes the certificate associated to the address if any, otherwise it does nothing.
func (*InMemoryStore) Fetch ¶
func (s *InMemoryStore) Fetch(addr Dialable, hash []byte) error
Fetch implements certs.Storage. It tries to open a TLS connection to the address only to get the certificate from the distant peer. The connection is dropped right after the certificate is read and stored.
func (*InMemoryStore) Hash ¶
func (s *InMemoryStore) Hash(chain CertChain) ([]byte, error)
Hash implements certs.Storage. It returns the unique digest for the certificate.
func (*InMemoryStore) Load ¶
func (s *InMemoryStore) Load(addr mino.Address) (CertChain, error)
Load implements certs.Storage. It looks for the certificate associated to the address. If it does not exist, it will return nil.
type Storage ¶
type Storage interface { // Store stores the certificate with the address as the key. Store(mino.Address, CertChain) error // Load returns the certificate associated with the address if any. Load(mino.Address) (CertChain, error) // Delete removes all the certificates associated with the address. Delete(mino.Address) error // Range iterates over the certificates held by the store. If the callback // returns false, range stops the iteration. Range(func(addr mino.Address, cert CertChain) bool) error // Fetch calls the address to fetch its certificate and verifies the // integrity with the given digest. Fetch(Dialable, []byte) error // Hash generates the digest of a certificate. Hash(CertChain) ([]byte, error) }
Storage is an interface to manage the certificates of a server.