certificate-transparency-go – github.com/google/certificate-transparency-go Index | Files | Directories

package ct

import "github.com/google/certificate-transparency-go"

Package ct holds core types and utilities for Certificate Transparency.

Index

Constants 

const (
	TreeLeafPrefix = byte(0x00)
	TreeNodePrefix = byte(0x01)
)

RFC6962 section 2.1 requires a prefix byte on hash inputs for second preimage resistance. 

const (
	AddChainPath          = "/ct/v1/add-chain"
	AddPreChainPath       = "/ct/v1/add-pre-chain"
	GetSTHPath            = "/ct/v1/get-sth"
	GetEntriesPath        = "/ct/v1/get-entries"
	GetProofByHashPath    = "/ct/v1/get-proof-by-hash"
	GetSTHConsistencyPath = "/ct/v1/get-sth-consistency"
	GetRootsPath          = "/ct/v1/get-roots"
	GetEntryAndProofPath  = "/ct/v1/get-entry-and-proof"

	AddJSONPath = "/ct/v1/add-json" // Experimental addition
)

URI paths for Log requests; see section 4. WARNING: Should match the API endpoints, with the "/ct/v1/" prefix. If changing these constants, may need to change those too.

Variables 

var AllowVerificationWithNonCompliantKeys = false

AllowVerificationWithNonCompliantKeys may be set to true in order to allow SignatureVerifier to use keys which are technically non-compliant with RFC6962.

Functions

func IsPreIssuer 

func IsPreIssuer(issuer *x509.Certificate) bool

IsPreIssuer indicates whether a certificate is a pre-cert issuer with the specific certificate transparency extended key usage.

func LeafHashForLeaf 

func LeafHashForLeaf(leaf *MerkleTreeLeaf) ([sha256.Size]byte, error)

LeafHashForLeaf returns the leaf hash for a Merkle tree leaf.

func PublicKeyFromB64 

func PublicKeyFromB64(b64PubKey string) (crypto.PublicKey, error)

PublicKeyFromB64 parses a base64-encoded public key.

func SerializeSCTSignatureInput 

func SerializeSCTSignatureInput(sct SignedCertificateTimestamp, entry LogEntry) ([]byte, error)

SerializeSCTSignatureInput serializes the passed in sct and log entry into the correct format for signing.

func SerializeSTHSignatureInput 

func SerializeSTHSignatureInput(sth SignedTreeHead) ([]byte, error)

SerializeSTHSignatureInput serializes the passed in STH into the correct format for signing.

func TimestampToTime 

func TimestampToTime(ts uint64) time.Time

TimestampToTime converts a timestamp in the style of RFC 6962 (milliseconds since UNIX epoch) to a Go Time.

Types

type APIEndpoint 

type APIEndpoint string

APIEndpoint is a string that represents one of the Certificate Transparency Log API endpoints. 

const (
	AddChainStr          APIEndpoint = "add-chain"
	AddPreChainStr       APIEndpoint = "add-pre-chain"
	GetSTHStr            APIEndpoint = "get-sth"
	GetEntriesStr        APIEndpoint = "get-entries"
	GetProofByHashStr    APIEndpoint = "get-proof-by-hash"
	GetSTHConsistencyStr APIEndpoint = "get-sth-consistency"
	GetRootsStr          APIEndpoint = "get-roots"
	GetEntryAndProofStr  APIEndpoint = "get-entry-and-proof"
)

Certificate Transparency Log API endpoints; see section 4. WARNING: Should match the URI paths without the "/ct/v1/" prefix. If changing these constants, may need to change those too.

type ASN1Cert 

type ASN1Cert struct {
	Data []byte `tls:"minlen:1,maxlen:16777215"`
}

ASN1Cert type for holding the raw DER bytes of an ASN.1 Certificate (section 3.1).

type AddChainRequest 

type AddChainRequest struct {
	Chain [][]byte `json:"chain"`
}

AddChainRequest represents the JSON request body sent to the add-chain and add-pre-chain POST methods from sections 4.1 and 4.2.

type AddChainResponse 

type AddChainResponse struct {
	SCTVersion Version `json:"sct_version"` // SCT structure version
	ID         []byte  `json:"id"`          // Log ID
	Timestamp  uint64  `json:"timestamp"`   // Timestamp of issuance
	Extensions string  `json:"extensions"`  // Holder for any CT extensions
	Signature  []byte  `json:"signature"`   // Log signature for this SCT
}

AddChainResponse represents the JSON response to the add-chain and add-pre-chain POST methods. An SCT represents a Log's promise to integrate a [pre-]certificate into the log within a defined period of time.

func (*AddChainResponse) ToSignedCertificateTimestamp 

func (r *AddChainResponse) ToSignedCertificateTimestamp() (*SignedCertificateTimestamp, error)

ToSignedCertificateTimestamp creates a SignedCertificateTimestamp from the AddChainResponse.

type AddJSONRequest 

type AddJSONRequest struct {
	Data interface{} `json:"data"`
}

AddJSONRequest represents the JSON request body sent to the add-json POST method. The corresponding response re-uses AddChainResponse. This is an experimental addition not covered by RFC6962.

type AuditPath 

type AuditPath []MerkleTreeNode

AuditPath represents a CT inclusion proof (see sections 2.1.1 and 4.5).

type CTExtensions 

type CTExtensions []byte // tls:"minlen:0,maxlen:65535"`

CTExtensions is a representation of the raw bytes of any CtExtension structure (see section 3.2). nolint: revive

type CertificateChain 

type CertificateChain struct {
	Entries []ASN1Cert `tls:"minlen:0,maxlen:16777215"`
}

CertificateChain holds a chain of certificates, as returned as extra data for get-entries (section 4.6).

type CertificateChainHash 

type CertificateChainHash struct {
	IssuanceChainHash []byte `tls:"minlen:0,maxlen:256"`
}

CertificateChainHash is an extended CertificateChain type with the IssuanceChainHash field added to store the hash of the Entries field of CertificateChain.

type CertificateTimestamp 

type CertificateTimestamp struct {
	SCTVersion    Version       `tls:"maxval:255"`
	SignatureType SignatureType `tls:"maxval:255"`
	Timestamp     uint64
	EntryType     LogEntryType   `tls:"maxval:65535"`
	X509Entry     *ASN1Cert      `tls:"selector:EntryType,val:0"`
	PrecertEntry  *PreCert       `tls:"selector:EntryType,val:1"`
	JSONEntry     *JSONDataEntry `tls:"selector:EntryType,val:32768"`
	Extensions    CTExtensions   `tls:"minlen:0,maxlen:65535"`
}

CertificateTimestamp is the collection of data that the signature in an SCT is over; see section 3.2.

type ConsistencyProof 

type ConsistencyProof []MerkleTreeNode

ConsistencyProof represents a CT consistency proof (see sections 2.1.2 and 4.4).

type DigitallySigned 

type DigitallySigned tls.DigitallySigned

DigitallySigned is a local alias for tls.DigitallySigned so that we can attach a MarshalJSON method.

func (DigitallySigned) Base64String 

func (d DigitallySigned) Base64String() (string, error)

Base64String returns the base64 representation of the DigitallySigned struct.

func (*DigitallySigned) FromBase64String 

func (d *DigitallySigned) FromBase64String(b64 string) error

FromBase64String populates the DigitallySigned structure from the base64 data passed in. Returns an error if the base64 data is invalid.

func (DigitallySigned) MarshalJSON 

func (d DigitallySigned) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface.

func (*DigitallySigned) UnmarshalJSON 

func (d *DigitallySigned) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type GetEntriesResponse 

type GetEntriesResponse struct {
	Entries []LeafEntry `json:"entries"` // the list of returned entries
}

GetEntriesResponse represents the JSON response to the get-entries GET method from section 4.6.

type GetEntryAndProofResponse 

type GetEntryAndProofResponse struct {
	LeafInput []byte   `json:"leaf_input"` // the entry itself
	ExtraData []byte   `json:"extra_data"` // any chain provided when the entry was added to the log
	AuditPath [][]byte `json:"audit_path"` // the corresponding proof
}

GetEntryAndProofResponse represents the JSON response to the get-entry-and-proof GET method from section 4.8. (The corresponding GET request has parameters 'leaf_index' and 'tree_size'.)

type GetProofByHashResponse 

type GetProofByHashResponse struct {
	LeafIndex int64    `json:"leaf_index"` // The 0-based index of the end entity corresponding to the "hash" parameter.
	AuditPath [][]byte `json:"audit_path"` // An array of base64-encoded Merkle Tree nodes proving the inclusion of the chosen certificate.
}

GetProofByHashResponse represents the JSON response to the get-proof-by-hash GET method from section 4.5. (The corresponding GET request has parameters 'hash' and 'tree_size'.)

type GetRootsResponse 

type GetRootsResponse struct {
	Certificates []string `json:"certificates"`
}

GetRootsResponse represents the JSON response to the get-roots GET method from section 4.7.

type GetSTHConsistencyResponse 

type GetSTHConsistencyResponse struct {
	Consistency [][]byte `json:"consistency"`
}

GetSTHConsistencyResponse represents the JSON response to the get-sth-consistency GET method from section 4.4. (The corresponding GET request has parameters 'first' and 'second'.)

type GetSTHResponse 

type GetSTHResponse struct {
	TreeSize          uint64 `json:"tree_size"`           // Number of certs in the current tree
	Timestamp         uint64 `json:"timestamp"`           // Time that the tree was created
	SHA256RootHash    []byte `json:"sha256_root_hash"`    // Root hash of the tree
	TreeHeadSignature []byte `json:"tree_head_signature"` // Log signature for this STH
}

GetSTHResponse represents the JSON response to the get-sth GET method from section 4.3.

func (*GetSTHResponse) ToSignedTreeHead 

func (r *GetSTHResponse) ToSignedTreeHead() (*SignedTreeHead, error)

ToSignedTreeHead creates a SignedTreeHead from the GetSTHResponse.

type JSONDataEntry 

type JSONDataEntry struct {
	Data []byte `tls:"minlen:0,maxlen:1677215"`
}

JSONDataEntry holds arbitrary data.

type LeafEntry 

type LeafEntry struct {
	// LeafInput is a TLS-encoded MerkleTreeLeaf
	LeafInput []byte `json:"leaf_input"`
	// ExtraData holds (unsigned) extra data, normally the cert validation chain.
	ExtraData []byte `json:"extra_data"`
}

LeafEntry represents a leaf in the Log's Merkle tree, as returned by the get-entries GET method from section 4.6.

type LeafInput 

type LeafInput []byte

LeafInput represents a serialized MerkleTreeLeaf structure.

type LogEntry 

type LogEntry struct {
	Index int64
	Leaf  MerkleTreeLeaf
	// Exactly one of the following three fields should be non-empty.
	X509Cert *x509.Certificate // Parsed X.509 certificate
	Precert  *Precertificate   // Extracted precertificate
	JSONData []byte

	// Chain holds the issuing certificate chain, starting with the
	// issuer of the leaf certificate / pre-certificate.
	Chain []ASN1Cert
}

LogEntry represents the (parsed) contents of an entry in a CT log. This is described in section 3.1, but note that this structure does *not* match the TLS structure defined there (the TLS structure is never used directly in RFC6962).

func LogEntryFromLeaf 

func LogEntryFromLeaf(index int64, leaf *LeafEntry) (*LogEntry, error)

LogEntryFromLeaf converts a LeafEntry object (which has the raw leaf data after JSON parsing) into a LogEntry object (which includes x509.Certificate objects, after TLS and ASN.1 parsing).

Note that this function may return a valid LogEntry object and a non-nil error value, when the error indicates a non-fatal parsing error.

type LogEntryType 

type LogEntryType tls.Enum // tls:"maxval:65535"

LogEntryType represents the LogEntryType enum from section 3.1: 

enum { x509_entry(0), precert_entry(1), (65535) } LogEntryType;

const (
	X509LogEntryType    LogEntryType = 0
	PrecertLogEntryType LogEntryType = 1
)

LogEntryType constants from section 3.1.

func (LogEntryType) String 

func (e LogEntryType) String() string

type LogID 

type LogID struct {
	KeyID [sha256.Size]byte
}

LogID holds the hash of the Log's public key (section 3.2). TODO(pphaneuf): Users should be migrated to the one in the logid package.

type MerkleLeafType 

type MerkleLeafType tls.Enum // tls:"maxval:255"

MerkleLeafType represents the MerkleLeafType enum from section 3.4: 

enum { timestamped_entry(0), (255) } MerkleLeafType;

const TimestampedEntryLeafType MerkleLeafType = 0 // Entry type for an SCT

TimestampedEntryLeafType is the only defined MerkleLeafType constant from section 3.4.

func (MerkleLeafType) String 

func (m MerkleLeafType) String() string

type MerkleTreeLeaf 

type MerkleTreeLeaf struct {
	Version          Version           `tls:"maxval:255"`
	LeafType         MerkleLeafType    `tls:"maxval:255"`
	TimestampedEntry *TimestampedEntry `tls:"selector:LeafType,val:0"`
}

MerkleTreeLeaf represents the deserialized structure of the hash input for the leaves of a log's Merkle tree; see section 3.4.

func CreateX509MerkleTreeLeaf 

func CreateX509MerkleTreeLeaf(cert ASN1Cert, timestamp uint64) *MerkleTreeLeaf

CreateX509MerkleTreeLeaf generates a MerkleTreeLeaf for an X509 cert

func MerkleTreeLeafForEmbeddedSCT 

func MerkleTreeLeafForEmbeddedSCT(chain []*x509.Certificate, timestamp uint64) (*MerkleTreeLeaf, error)

MerkleTreeLeafForEmbeddedSCT generates a MerkleTreeLeaf from a chain and an SCT timestamp, where the leaf certificate at chain[0] is a certificate that contains embedded SCTs. It is assumed that the timestamp provided is from one of the SCTs embedded within the leaf certificate.

func MerkleTreeLeafFromChain 

func MerkleTreeLeafFromChain(chain []*x509.Certificate, etype LogEntryType, timestamp uint64) (*MerkleTreeLeaf, error)

MerkleTreeLeafFromChain generates a MerkleTreeLeaf from a chain and timestamp.

func MerkleTreeLeafFromRawChain 

func MerkleTreeLeafFromRawChain(rawChain []ASN1Cert, etype LogEntryType, timestamp uint64) (*MerkleTreeLeaf, error)

MerkleTreeLeafFromRawChain generates a MerkleTreeLeaf from a chain (in DER-encoded form) and timestamp.

func (*MerkleTreeLeaf) Precertificate 

func (m *MerkleTreeLeaf) Precertificate() (*x509.Certificate, error)

Precertificate returns the X.509 Precertificate contained within the MerkleTreeLeaf.

The returned precertificate is embedded in an x509.Certificate, but is in the form stored internally in the log rather than the original submitted form (i.e. it does not include the poison extension and any changes to reflect the final certificate's issuer have been made; see x509.BuildPrecertTBS).

func (*MerkleTreeLeaf) X509Certificate 

func (m *MerkleTreeLeaf) X509Certificate() (*x509.Certificate, error)

X509Certificate returns the X.509 Certificate contained within the MerkleTreeLeaf.

type MerkleTreeNode 

type MerkleTreeNode []byte

MerkleTreeNode represents an internal node in the CT tree.

type PreCert 

type PreCert struct {
	IssuerKeyHash  [sha256.Size]byte
	TBSCertificate []byte `tls:"minlen:1,maxlen:16777215"` // DER-encoded TBSCertificate
}

PreCert represents a Precertificate (section 3.2).

type PrecertChainEntry 

type PrecertChainEntry struct {
	PreCertificate   ASN1Cert   `tls:"minlen:1,maxlen:16777215"`
	CertificateChain []ASN1Cert `tls:"minlen:0,maxlen:16777215"`
}

PrecertChainEntry holds an precertificate together with a validation chain for it; see section 3.1.

type PrecertChainEntryHash 

type PrecertChainEntryHash struct {
	PreCertificate    ASN1Cert `tls:"minlen:1,maxlen:16777215"`
	IssuanceChainHash []byte   `tls:"minlen:0,maxlen:256"`
}

PrecertChainEntryHash is an extended PrecertChainEntry type with the IssuanceChainHash field added to store the hash of the CertificateChain field of PrecertChainEntry.

type Precertificate 

type Precertificate struct {
	// DER-encoded pre-certificate as originally added, which includes a
	// poison extension and a signature generated over the pre-cert by
	// the pre-cert issuer (which might differ from the issuer of the final
	// cert, see RFC6962 s3.1).
	Submitted ASN1Cert
	// SHA256 hash of the issuing key
	IssuerKeyHash [sha256.Size]byte
	// Parsed TBSCertificate structure, held in an x509.Certificate for convenience.
	TBSCertificate *x509.Certificate
}

Precertificate represents the parsed CT Precertificate structure.

type RawLogEntry 

type RawLogEntry struct {
	// Index is a position of the entry in the log.
	Index int64
	// Leaf is a parsed Merkle leaf hash input.
	Leaf MerkleTreeLeaf
	// Cert is:
	// - A certificate if Leaf.TimestampedEntry.EntryType is X509LogEntryType.
	// - A precertificate if Leaf.TimestampedEntry.EntryType is
	//   PrecertLogEntryType, in the form of a DER-encoded Certificate as
	//   originally added (which includes the poison extension and a signature
	//   generated over the pre-cert by the pre-cert issuer).
	// - Empty otherwise.
	Cert ASN1Cert
	// Chain is the issuing certificate chain starting with the issuer of Cert,
	// or an empty slice if Cert is empty.
	Chain []ASN1Cert
}

RawLogEntry represents the (TLS-parsed) contents of an entry in a CT log.

func RawLogEntryFromLeaf 

func RawLogEntryFromLeaf(index int64, entry *LeafEntry) (*RawLogEntry, error)

RawLogEntryFromLeaf converts a LeafEntry object (which has the raw leaf data after JSON parsing) into a RawLogEntry object (i.e. a TLS-parsed structure).

func (*RawLogEntry) ToLogEntry 

func (rle *RawLogEntry) ToLogEntry() (*LogEntry, error)

ToLogEntry converts RawLogEntry to a LogEntry, which includes an x509-parsed (pre-)certificate.

Note that this function may return a valid LogEntry object and a non-nil error value, when the error indicates a non-fatal parsing error.

type SHA256Hash 

type SHA256Hash [sha256.Size]byte

SHA256Hash represents the output from the SHA256 hash function.

func PublicKeyFromPEM 

func PublicKeyFromPEM(b []byte) (crypto.PublicKey, SHA256Hash, []byte, error)

PublicKeyFromPEM parses a PEM formatted block and returns the public key contained within and any remaining unread bytes, or an error.

func (SHA256Hash) Base64String 

func (s SHA256Hash) Base64String() string

Base64String returns the base64 representation of this SHA256Hash.

func (*SHA256Hash) FromBase64String 

func (s *SHA256Hash) FromBase64String(b64 string) error

FromBase64String populates the SHA256 struct with the contents of the base64 data passed in.

func (SHA256Hash) MarshalJSON 

func (s SHA256Hash) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for SHA256Hash.

func (*SHA256Hash) UnmarshalJSON 

func (s *SHA256Hash) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaller interface.

type SignatureType 

type SignatureType tls.Enum // tls:"maxval:255"

SignatureType differentiates STH signatures from SCT signatures, see section 3.2. 

enum { certificate_timestamp(0), tree_hash(1), (255) } SignatureType;

const (
	CertificateTimestampSignatureType SignatureType = 0
	TreeHashSignatureType             SignatureType = 1
)

SignatureType constants from section 3.2.

func (SignatureType) String 

func (st SignatureType) String() string

type SignatureVerifier 

type SignatureVerifier struct {
	PubKey crypto.PublicKey
}

SignatureVerifier can verify signatures on SCTs and STHs

func NewSignatureVerifier 

func NewSignatureVerifier(pk crypto.PublicKey) (*SignatureVerifier, error)

NewSignatureVerifier creates a new SignatureVerifier using the passed in PublicKey.

func (SignatureVerifier) VerifySCTSignature 

func (s SignatureVerifier) VerifySCTSignature(sct SignedCertificateTimestamp, entry LogEntry) error

VerifySCTSignature verifies that the SCT's signature is valid for the given LogEntry.

func (SignatureVerifier) VerifySTHSignature 

func (s SignatureVerifier) VerifySTHSignature(sth SignedTreeHead) error

VerifySTHSignature verifies that the STH's signature is valid.

func (SignatureVerifier) VerifySignature 

func (s SignatureVerifier) VerifySignature(data []byte, sig tls.DigitallySigned) error

VerifySignature verifies the given signature sig matches the data.

type SignedCertificateTimestamp 

type SignedCertificateTimestamp struct {
	SCTVersion Version `tls:"maxval:255"`
	LogID      LogID
	Timestamp  uint64
	Extensions CTExtensions    `tls:"minlen:0,maxlen:65535"`
	Signature  DigitallySigned // Signature over TLS-encoded CertificateTimestamp
}

SignedCertificateTimestamp represents the structure returned by the add-chain and add-pre-chain methods after base64 decoding; see sections 3.2, 4.1 and 4.2.

func (SignedCertificateTimestamp) String 

func (s SignedCertificateTimestamp) String() string

type SignedTreeHead 

type SignedTreeHead struct {
	Version           Version         `json:"sth_version"`         // The version of the protocol to which the STH conforms
	TreeSize          uint64          `json:"tree_size"`           // The number of entries in the new tree
	Timestamp         uint64          `json:"timestamp"`           // The time at which the STH was created
	SHA256RootHash    SHA256Hash      `json:"sha256_root_hash"`    // The root hash of the log's Merkle tree
	TreeHeadSignature DigitallySigned `json:"tree_head_signature"` // Log's signature over a TLS-encoded TreeHeadSignature
	LogID             SHA256Hash      `json:"log_id"`              // The SHA256 hash of the log's public key
}

SignedTreeHead represents the structure returned by the get-sth CT method after base64 decoding; see sections 3.5 and 4.3.

func (SignedTreeHead) String 

func (s SignedTreeHead) String() string

type TimestampedEntry 

type TimestampedEntry struct {
	Timestamp    uint64
	EntryType    LogEntryType   `tls:"maxval:65535"`
	X509Entry    *ASN1Cert      `tls:"selector:EntryType,val:0"`
	PrecertEntry *PreCert       `tls:"selector:EntryType,val:1"`
	JSONEntry    *JSONDataEntry `tls:"selector:EntryType,val:32768"`
	Extensions   CTExtensions   `tls:"minlen:0,maxlen:65535"`
}

TimestampedEntry is part of the MerkleTreeLeaf structure; see section 3.4.

type TreeHeadSignature 

type TreeHeadSignature struct {
	Version        Version       `tls:"maxval:255"`
	SignatureType  SignatureType `tls:"maxval:255"` // == TreeHashSignatureType
	Timestamp      uint64
	TreeSize       uint64
	SHA256RootHash SHA256Hash
}

TreeHeadSignature holds the data over which the signature in an STH is generated; see section 3.5

type Version 

type Version tls.Enum // tls:"maxval:255"

Version represents the Version enum from section 3.2: 

enum { v1(0), (255) } Version;

const (
	V1 Version = 0
)

CT Version constants from section 3.2.

func (Version) String 

func (v Version) String() string

Source Files

proto_gen.go serialization.go signatures.go types.go

Directories

PathSynopsis
asn1Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690.
clientPackage client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances.
client/configpb
client/ctclientctclient is a command-line utility for interacting with CT logs.
client/ctclient/cmdPackage cmd implements subcommands of ctclient, the command-line utility for interacting with CT logs.
ctpolicyPackage ctpolicy contains structs describing CT policy requirements and corresponding logic.
ctutilPackage ctutil contains utilities for Certificate Transparency.
ctutil/sctchecksctcheck is a utility to show and check embedded SCTs (Signed Certificate Timestamps) in certificates.
ctutil/sctscansctscan is a utility to scan a CT log and check embedded SCTs (Signed Certificate Timestamps) in certificates in the log.
fixchainPackage fixchain holds code to help fix the validation chains for certificates.
fixchain/chainfixchainfix is a utility program for fixing the validation chains for certificates.
gossip
gossip/minimal
gossip/minimal/x509extPackage x509ext holds extensions types and values for minimal gossip.
internal
jsonclientPackage jsonclient provides a simple client for fetching and parsing JSON CT structures from a log.
logidPackage logid provides a type and accompanying helpers for manipulating log IDs.
loglist3Package loglist3 allows parsing and searching of the master CT Log list.
preloadPackage preload holds code for adding batches of certificates to CT logs.
preload/dumpsctsDumpscts prints out SCTs written to a file by the preloader command in the ../preloader directory.
preload/preloaderBinary preloader submits certificates that may not already be present in CT Logs.
scannerPackage scanner holds code for iterating through the contents of a CT log.
scanner/scanlogBinary scanlog allows an existing CT Log to be scanned for certificates of interest.
schedulePackage schedule provides support for periodically running a function.
submissionPackage submission contains code and structs for certificates submission proxy.
submission/hammerHammer tool sends multiple add-pre-chain requests to Submission proxy at the same time.
submission/serverThe submission_server runs (pre-)certs multi-Log submission complying with CT-policy provided.
tlsPackage tls implements functionality for dealing with TLS-encoded data, as defined in RFC 5246.
trillian
trillian/ctfePackage ctfe contains a usage example by providing an implementation of an RFC6962 compatible CT log server using a Trillian log server as backend storage via its GRPC API.
trillian/ctfe/cachePackage cache defines the IssuanceChainCache type, which allows different cache implementation with Get and Set operations.
trillian/ctfe/cache/lruPackage lru defines the IssuanceChainCache type, which implements IssuanceChainCache interface with Get and Set operations.
trillian/ctfe/cache/noopPackage noop defines the IssuanceChainCache type, which implements IssuanceChainCache interface with Get and Set operations.
trillian/ctfe/configpb
trillian/ctfe/ct_serverThe ct_server binary runs the CT personality.
trillian/ctfe/storagePackage storage defines the IssuanceChainStorage type, which allows different storage implementation for the key-value pairs of issuance chains.
trillian/ctfe/storage/mysqlPackage mysql defines the IssuanceChainStorage type, which implements IssuanceChainStorage interface with FindByKey and Add methods.
trillian/ctfe/storage/postgresqlPackage postgresql defines the IssuanceChainStorage type, which implements IssuanceChainStorage interface with FindByKey and Add methods.
trillian/ctfe/testonlyPackage testonly contains code and data that should only be used by tests.
trillian/integrationPackage integration holds test-only code for running tests on an integrated system of the CT personality and a Trillian log.
trillian/integration/ct_hammerct_hammer is a stress/load test for a CT log.
trillian/migrillianMigrillian tool transfers certs from CT logs to Trillian pre-ordered logs in the same order.
trillian/migrillian/configpb
trillian/migrillian/corePackage core provides transport-agnostic implementation of Migrillian tool.
trillian/mockclientPackage mockclient provides a mockable version of the Trillian log client API.
trillian/utilPackage util provides general utility functions for the CT personality.
x509Package x509 parses X.509-encoded keys and certificates.
x509/pkixPackage pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.
x509utilPackage x509util includes utility code for working with X.509 certificates from the x509 package.
x509util/certcheckcertcheck is a utility to show and check the contents of certificates.
x509util/crlcheckcrlcheck is a utility to show and check the contents of certificate revocation lists (CRLs).
Version
v1.3.1 (latest)
Published
Jan 15, 2025
Platform
linux/amd64
Imports
13 packages
Last checked
4 days ago

Tools for package owners.