Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CCADBConf ¶
type CCADBConf struct {
AllCertificatesCSVURL string `yaml:"allCertificatesCSVURL"`
CertificatePEMsURL string `yaml:"certificatePEMsURL"`
CAOwner string `yaml:"caOwner"`
CRLAgeLimit string `yaml:"crlAgeLimit"`
// Because this prober fetches URLs controlled by external input (CCADB), we
// check this regexp to avoid arbitrary content fetching (SSRF).
CRLRegexp string `yaml:"crlRegexp"`
}
CCADBConf is exported to receive YAML configuration.
func (CCADBConf) Instrument ¶
func (c CCADBConf) Instrument() map[string]prometheus.Collector
Instrument constructs any `prometheus.Collector` objects the `CCADBProber` will need to report its own metrics. A map is returned containing the constructed objects, indexed by the name of the Prometheus metric. If no objects were constructed, nil is returned.
func (CCADBConf) MakeProber ¶
MakeProber constructs a `CCADBProbe` object from the contents of the bound `CCADBConf` object. If the `CCADBConf` cannot be validated, an error appropriate for end-user consumption is returned instead.
func (CCADBConf) UnmarshalSettings ¶
func (c CCADBConf) UnmarshalSettings(settings []byte) (probers.Configurer, error)
UnmarshalSettings takes YAML as bytes and unmarshals it to a CCADBConf object.
type CCADBProber ¶
type CCADBProber struct {
// contains filtered or unexported fields
}
CCADBProber fetches the AllCertificatesRecordsReport from CCADB, filters for a specific CA Owner (defaults to 'Internet Security Research Group'), and fetches all CRLs found.
It checks that the CRLs:
- Are not too old
- Have an issuingDistributionPoint that matches the URL from which they were fetched
- Have a valid signature based on their issuer SKID from CCADB
- Don't have duplicate serial numbers across different CRLs
func (CCADBProber) Kind ¶
func (c CCADBProber) Kind() string
func (CCADBProber) Name ¶
func (c CCADBProber) Name() string
Source Files