package mozilla

import "github.com/zmap/zcrypto/x509/revocation/mozilla"

Index ¶

• Constants
• type Entry
• func (entry *Entry) UnmarshalJSON(b []byte) error
• type EntryDetails
• type IssuerList
• type OneCRL
• func FetchAndParse() (*OneCRL, error)
• func Parse(raw []byte) (*OneCRL, error)
• func (c *OneCRL) Check(cert *x509.Certificate) *Entry
• func (c *OneCRL) FindIssuer(issuer *pkix.Name) *IssuerList
• type Provider
• func NewProvider(requestURL string) Provider
• type SubjectAndPublicKey

Constants ¶

const (
	// KintoRequestURL specifies a pre-populated URL where to send request
	KintoRequestURL = "https://settings.prod.mozaws.net/v1/buckets/security-state-staging/collections/onecrl/records"
	// OneCRLDistPoint specifies a pre-populated URL where to send request
	OneCRLDistPoint = "https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records"
)

Types ¶

type Entry ¶

type Entry struct {
	ID                  string
	Schema              time.Time
	Details             EntryDetails
	Enabled             bool
	Issuer              *pkix.Name
	SerialNumber        *big.Int
	SubjectAndPublicKey *SubjectAndPublicKey
	LastModified        time.Time
}

Entry - entry for a single certificate

func (*Entry) UnmarshalJSON ¶

func (entry *Entry) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface

type EntryDetails ¶

type EntryDetails struct {
	Bug     string     `json:"bug,omitempty"`
	Who     string     `json:"who,omitempty"`
	Why     string     `json:"why,omitempty"`
	Name    string     `json:"name,omitempty"`
	Created *time.Time `json:"created,omitempty"`
}

EntryDetails - revocation details for a single entry

type IssuerList ¶

type IssuerList struct {
	Issuer  *pkix.Name
	Entries []*Entry
}

IssuerList - list of Entry for a given issuer

type OneCRL ¶

type OneCRL struct {
	IssuerLists map[string]*IssuerList

	// Blocked provides a list of revoked entries by Subject and PubKeyHash
	Blocked []*SubjectAndPublicKey
}

OneCRL - data structure for storing OneCRL data, used by methods below

func FetchAndParse ¶

func FetchAndParse() (*OneCRL, error)

FetchAndParse - fetch from distribution point, parse to OneCRL struct as defined above

func Parse ¶

func Parse(raw []byte) (*OneCRL, error)

Parse - given raw bytes of OneCRL, parse and create OneCRL Object

func (*OneCRL) Check ¶

func (c *OneCRL) Check(cert *x509.Certificate) *Entry

Check - Given a parsed OneCRL, check if a given cert is present

func (*OneCRL) FindIssuer ¶

func (c *OneCRL) FindIssuer(issuer *pkix.Name) *IssuerList

FindIssuer - given an issuer pkix.name, find its corresponding IssuerList

type Provider ¶

type Provider interface {
	FetchAndParse() (*OneCRL, error)
}

Provider specifies OneCRL provider interface

func NewProvider ¶

func NewProvider(requestURL string) Provider

NewProvider returns default Provider

type SubjectAndPublicKey ¶

type SubjectAndPublicKey struct {
	RawSubject []byte
	Subject    *pkix.Name
	PubKeyHash []byte
}

SubjectAndPublicKey specifies a revocation entry by Subject and PubKeyHash

Source Files ¶

mozilla.go