monitor

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2019 License: MPL-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Package monitor provides the mechanisms used to monitor a single CT log. This includes fetching the log STH periodically as well as issuing certificates and submitting them to the log periodically.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FetcherOptions 

type FetcherOptions struct {
	// Interval describes the duration that the monitor will sleep between
	// fetching the STH.
	Interval time.Duration
	// Timeout is the STH fetch timeout.
	Timeout time.Duration
}

FetcherOptions is a struct holding options for STH fetching.

func (FetcherOptions) Valid 

func (o FetcherOptions) Valid() error

Valid checks that the FetcherOptions interval is positive.

type InclusionOptions 

type InclusionOptions struct {
	Interval       time.Duration
	FetchBatchSize int64
	MaxGetEntries  int64
	StartIndex     int64
}

type Monitor 

type Monitor struct {
	// contains filtered or unexported fields
}

Monitor is a struct for monitoring a CT log. It may fetch the log's STH periodically or submit certs periodically or both depending on whether fetcher and submitter are not nil.

func New 

func New(opts MonitorOptions, stdout, stderr *log.Logger, clk clock.Clock) (*Monitor, error)

New creates a Monitor for the given options. The monitor will not be started until Run() is called.

func (*Monitor) CertSubmitter 

func (m *Monitor) CertSubmitter() bool

CertSubmitter returns true if the monitor is configured to submit certificates or precertificates to the monitored log periodically.

func (*Monitor) Run 

func (m *Monitor) Run()

Run starts the log monitoring process by starting the log's STH fetcher, the cert submitter, and the inclusion checker.

func (*Monitor) STHFetcher 

func (m *Monitor) STHFetcher() bool

STHFetcher returns true if the monitor is configured to fetch the monitor log's STH periodically.

func (*Monitor) Stop 

func (m *Monitor) Stop()

type MonitorOptions 

type MonitorOptions struct {
	// LogURI is the URI of the log to be monitored
	LogURI string
	// LogKey is the BASE64 encoded DER of the log's public key (No PEM header/footer).
	LogKey string
	// MaximumMergeDelay is the fixed amount of time (expressed in seconds) that
	// the log commits to incorporating a certificate within after returning an
	// SCT.
	MaximumMergeDelay int

	DBURI string

	// FetchOpts holds the FetcherOptions for fetching the log STH periodically.
	// It may be nil if no STH fetching is to be performed.
	FetchOpts *FetcherOptions
	// SubmitOpts holds the optional SubmitterOptions for submitting certificates
	// to the log periodically. It may be nil if no certificate submission is to
	// be performed.
	SubmitOpts *SubmitterOptions
	// InclusionOpts holds the optional InclusionOptions for checking submitted
	// certificates for inclusion in the log. It may be nil if no certificate
	// inclusion checks are to be performed.
	InclusionOpts *InclusionOptions
}

MonitorOptions is a struct for holding monitor configuration options

func (MonitorOptions) Valid 

func (conf MonitorOptions) Valid() error

Valid enforces that a MonitorOptions instance is valid. There must be a non-empty LogURI and LogKey. One of FetchOpts or SubmitOpts must not be non-nil and valid.

type SubmitterOptions 

type SubmitterOptions struct {
	// Interval describes the duration that the monitor will sleep between
	// submitting certificates to the monitored log.
	Interval time.Duration
	// Timeout describes the timeout used for submitting precerts/certs to the
	// monitored log.
	Timeout time.Duration
	// IssuerKey is the ECDSA private key used to sign issued certificates
	IssuerKey *ecdsa.PrivateKey
	// IssuerCert is the issuer certificate used to issue certificates submitted
	// to the monitored log. Its public key must correspond to the private key in
	// IssuerKey
	IssuerCert *x509.Certificate
	// SubmitPreCert controls whether or not precertificates are submitted
	SubmitPreCert bool
	// SubmitCert controls whether or not final certificates are submitted
	SubmitCert bool
	// ResubmitIncluded controls whether or not already included duplicate
	// certificates are submitted
	ResubmitIncluded bool
	// If WindowStart or WindowEnd are not nil submitted certificate validity will
	// be constrained within the provided window.
	WindowStart *time.Time
	WindowEnd   *time.Time
}

SubmitterOptions is a struct holding options related to issuing and submitting certificates to the monitored log periodically.

func (SubmitterOptions) Valid 

func (o SubmitterOptions) Valid() error

Valid checks that the SubmitterOptions has a valid positive interval and that the IssuerKey and IssuerCert are not nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.