package ctpolicy

certificate-transparency-go – github.com/google/certificate-transparency-go/ctpolicy Index | Files

package ctpolicy

import "github.com/google/certificate-transparency-go/ctpolicy"

Package ctpolicy contains structs describing CT policy requirements and corresponding logic.

Index ¶

Constants
func GroupByLogs(lg LogPolicyData) map[string]GroupSet
type AppleCTPolicy

func (appleP AppleCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)
func (appleP AppleCTPolicy) Name() string

type CTPolicy
type ChromeCTPolicy

func (chromeP ChromeCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)
func (chromeP ChromeCTPolicy) Name() string

type GroupSet
type LogGroupInfo

func BaseGroupFor(approved *loglist3.LogList, incCount int) (*LogGroupInfo, error)
func (group *LogGroupInfo) GetSubmissionSession() []string
func (group *LogGroupInfo) SetLogWeight(logURL string, w float32) error
func (group *LogGroupInfo) SetLogWeights(weights map[string]float32) error

type LogPolicyData

func (groups LogPolicyData) TotalLogs() int

Constants ¶

const (
	// BaseName is name for the group covering all logs.
	BaseName = "All-logs"
)

Functions ¶

func GroupByLogs ¶

func GroupByLogs(lg LogPolicyData) map[string]GroupSet

GroupByLogs reverses match-map between Logs and Groups. Returns map from log-URLs to set of Group-names that contain the log.

Types ¶

type AppleCTPolicy ¶

type AppleCTPolicy struct{}

AppleCTPolicy implements logic for complying with Apple's CT log policy.

func (AppleCTPolicy) LogsByGroup ¶

func (appleP AppleCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)

LogsByGroup describes submission requirements for embedded SCTs according to https://support.apple.com/en-us/HT205280. Returns an error if it's not possible to satisfy the policy with the provided loglist.

func (AppleCTPolicy) Name ¶

func (appleP AppleCTPolicy) Name() string

Name returns label for the submission policy.

type CTPolicy ¶

type CTPolicy interface {
	// LogsByGroup provides info on Log-grouping. Returns an error if it's not
	// possible to satisfy the policy with the provided loglist.
	LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)
	Name() string
}

CTPolicy interface describes requirements determined for logs in terms of per-group-submit.

type ChromeCTPolicy ¶

type ChromeCTPolicy struct {
}

ChromeCTPolicy implements logic for complying with Chrome's CT log policy

func (ChromeCTPolicy) LogsByGroup ¶

func (chromeP ChromeCTPolicy) LogsByGroup(cert *x509.Certificate, approved *loglist3.LogList) (LogPolicyData, error)

LogsByGroup describes submission requirements for embedded SCTs according to https://github.com/chromium/ct-policy/blob/master/ct_policy.md#qualifying-certificate. Returns an error if it's not possible to satisfy the policy with the provided loglist.

func (ChromeCTPolicy) Name ¶

func (chromeP ChromeCTPolicy) Name() string

Name returns label for the submission policy.

type GroupSet ¶

type GroupSet map[string]bool

GroupSet is set of Log-group names.

type LogGroupInfo ¶

type LogGroupInfo struct {
	Name          string
	LogURLs       map[string]bool    // set of members
	MinInclusions int                // Required number of submissions.
	IsBase        bool               // True only for Log-group covering all logs.
	LogWeights    map[string]float32 // weights used for submission, default weight is 1
	// contains filtered or unexported fields
}

LogGroupInfo holds information on a single group of logs specified by Policy.

func BaseGroupFor ¶

func BaseGroupFor(approved *loglist3.LogList, incCount int) (*LogGroupInfo, error)

BaseGroupFor creates and propagates all-log group.

func (*LogGroupInfo) GetSubmissionSession ¶

func (group *LogGroupInfo) GetSubmissionSession() []string

GetSubmissionSession produces list of log-URLs of the Log-group. Order of the list is weighted random defined by Log-weights within the group

func (*LogGroupInfo) SetLogWeight ¶

func (group *LogGroupInfo) SetLogWeight(logURL string, w float32) error

SetLogWeight tries setting the weight for a single Log of the Log-group. Does not reset the weight and returns error if weight is non-positive and its setting will result in inability to reach minimal inclusion number.

func (*LogGroupInfo) SetLogWeights ¶

func (group *LogGroupInfo) SetLogWeights(weights map[string]float32) error

SetLogWeights applies suggested weights to the Log-group. Does not reset weights and returns error when there are not enough positive weights provided to reach minimal inclusion number.

type LogPolicyData ¶

type LogPolicyData map[string]*LogGroupInfo

LogPolicyData contains info on log-partition and submission requirements for a single cert. Key always matches value Name field.

func (LogPolicyData) TotalLogs ¶

func (groups LogPolicyData) TotalLogs() int

TotalLogs returns number of logs within set of Log-groups. Taking possible intersection into account.

Source Files ¶

applepolicy.go chromepolicy.go ctpolicy.go tools.go

Version: v1.3.1 (latest)
Published: Jan 15, 2025
Platform: linux/amd64
Imports: 5 packages
Last checked: 4 days ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples