Documentation
¶
Overview ¶
Package communication provides secure communication utilities for the LLMrecon tool.
Package communication provides secure communication utilities for the LLMrecon tool.
Package communication provides secure communication utilities for the LLMrecon tool.
Package communication provides secure communication utilities for the LLMrecon tool.
Package communication provides secure communication utilities for the LLMrecon tool.
Package communication provides secure communication utilities for the LLMrecon tool.
Index ¶
- func ConfigureTLSForServer(config *TLSConfig) (*tls.Config, error)
- func ExportCertificate(cert *x509.Certificate, filePath string, format CertificateFormat) error
- func ExtractCertificatePin(cert *x509.Certificate) string
- func FetchCertificatePin(hostname string, port int) (string, error)
- func FormatCertificateInfo(cert *x509.Certificate) string
- func GetCertificateChainFromFile(filePath string) ([]*x509.Certificate, error)
- func GetCertificateChainFromPEM(pemData []byte) ([]*x509.Certificate, error)
- func GetCertificateInfo(cert *x509.Certificate) map[string]interface{}
- func VerifyCertificateChain(certs []*x509.Certificate, roots *x509.CertPool) error
- type CRLInfo
- type CertificateFormat
- type CertificateInfo
- type CertificatePinner
- func (p *CertificatePinner) AddPin(hostname string, pin string)
- func (p *CertificatePinner) AddPins(hostname string, pins []string)
- func (p *CertificatePinner) ClearPins(hostname string)
- func (p *CertificatePinner) CreatePinnedClient(hostname string, pins []string) *http.Client
- func (p *CertificatePinner) IsEnforced() bool
- func (p *CertificatePinner) RemovePin(hostname string, pin string)
- func (p *CertificatePinner) SetEnforced(enforced bool)
- func (p *CertificatePinner) VerifyCertificate(hostname string, cert *x509.Certificate) error
- func (p *CertificatePinner) WrapTransport(transport *http.Transport) *http.Transport
- type CertificateStatus
- type ErrorHandler
- type ErrorLevel
- type ErrorResponse
- type SecureError
- type TLSConfig
- type TLSManager
- func (m *TLSManager) AddConfig(name string, config *TLSConfig) error
- func (m *TLSManager) GetClient(name string) (*http.Client, error)
- func (m *TLSManager) GetDefaultClient() (*http.Client, error)
- func (m *TLSManager) LoadSystemCertificates() error
- func (m *TLSManager) SetDefaultConfig(name string) error
- func (m *TLSManager) VerifyCertificate(cert *x509.Certificate) error
- type TrustChainManager
- func (m *TrustChainManager) AddIntermediateCertificate(cert *x509.Certificate) error
- func (m *TrustChainManager) AddIntermediateCertificateFromFile(filePath string) error
- func (m *TrustChainManager) AddIntermediateCertificateFromPEM(pemData []byte) error
- func (m *TrustChainManager) AddRootCertificate(cert *x509.Certificate) error
- func (m *TrustChainManager) AddRootCertificateFromFile(filePath string) error
- func (m *TrustChainManager) AddRootCertificateFromPEM(pemData []byte) error
- func (m *TrustChainManager) ClearCRLCache()
- func (m *TrustChainManager) ClearCertificateCache()
- func (m *TrustChainManager) CreateCertificatePool() *x509.CertPool
- func (m *TrustChainManager) CreateHTTPClient() *http.Client
- func (m *TrustChainManager) CreateTLSConfig() *tls.Config
- func (m *TrustChainManager) GetIntermediateCertificates() []*x509.Certificate
- func (m *TrustChainManager) GetRootCertificates() []*x509.Certificate
- func (m *TrustChainManager) GetTrustedCertificates() []*x509.Certificate
- func (m *TrustChainManager) ImportCertificatesFromDirectory(dirPath string, isRoot bool) error
- func (m *TrustChainManager) RemoveCertificate(cert *x509.Certificate)
- func (m *TrustChainManager) SetCRLCheckEnabled(enabled bool)
- func (m *TrustChainManager) SetCacheExpiration(duration time.Duration)
- func (m *TrustChainManager) SetOCSPCheckEnabled(enabled bool)
- func (m *TrustChainManager) ValidateCertificate(cert *x509.Certificate) (*CertificateInfo, error)
- func (m *TrustChainManager) ValidateCertificateFromFile(filePath string) (*CertificateInfo, error)
- func (m *TrustChainManager) ValidateCertificateFromPEM(pemData []byte) (*CertificateInfo, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConfigureTLSForServer ¶
ConfigureTLSForServer configures TLS for an HTTP server
func ExportCertificate ¶
func ExportCertificate(cert *x509.Certificate, filePath string, format CertificateFormat) error
ExportCertificate exports a certificate to a file
func ExtractCertificatePin ¶
func ExtractCertificatePin(cert *x509.Certificate) string
ExtractCertificatePin extracts a certificate pin from a certificate
func FetchCertificatePin ¶
FetchCertificatePin fetches a certificate pin from a host
func FormatCertificateInfo ¶
func FormatCertificateInfo(cert *x509.Certificate) string
FormatCertificateInfo formats certificate information as a string
func GetCertificateChainFromFile ¶
func GetCertificateChainFromFile(filePath string) ([]*x509.Certificate, error)
GetCertificateChainFromFile extracts a certificate chain from a file
func GetCertificateChainFromPEM ¶
func GetCertificateChainFromPEM(pemData []byte) ([]*x509.Certificate, error)
GetCertificateChainFromPEM extracts a certificate chain from PEM data
func GetCertificateInfo ¶
func GetCertificateInfo(cert *x509.Certificate) map[string]interface{}
GetCertificateInfo returns information about a certificate
func VerifyCertificateChain ¶
func VerifyCertificateChain(certs []*x509.Certificate, roots *x509.CertPool) error
VerifyCertificateChain verifies a certificate chain
Types ¶
type CRLInfo ¶
type CRLInfo struct {
CRL *pkix.CertificateList
LastUpdated time.Time
NextUpdate time.Time
URL string
}
CRLInfo contains information about a Certificate Revocation List
type CertificateFormat ¶
type CertificateFormat int
CertificateFormat represents the format of a certificate
const ( // CertFormatPEM represents PEM format CertFormatPEM CertificateFormat = iota // CertFormatDER represents DER format CertFormatDER )
type CertificateInfo ¶
type CertificateInfo struct {
Certificate *x509.Certificate
Status CertificateStatus
TrustChain []*x509.Certificate
ValidationError error
LastChecked time.Time
}
CertificateInfo contains information about a certificate
type CertificatePinner ¶
type CertificatePinner struct {
// contains filtered or unexported fields
}
CertificatePinner implements certificate pinning for HTTP clients
func NewCertificatePinner ¶
func NewCertificatePinner(enforced bool) *CertificatePinner
NewCertificatePinner creates a new certificate pinner
func (*CertificatePinner) AddPin ¶
func (p *CertificatePinner) AddPin(hostname string, pin string)
AddPin adds a certificate pin for a host The pin should be a base64-encoded SHA-256 hash of the certificate's public key
func (*CertificatePinner) AddPins ¶
func (p *CertificatePinner) AddPins(hostname string, pins []string)
AddPins adds multiple certificate pins for a host
func (*CertificatePinner) ClearPins ¶
func (p *CertificatePinner) ClearPins(hostname string)
ClearPins removes all pins for a host
func (*CertificatePinner) CreatePinnedClient ¶
func (p *CertificatePinner) CreatePinnedClient(hostname string, pins []string) *http.Client
CreatePinnedClient creates an HTTP client with certificate pinning
func (*CertificatePinner) IsEnforced ¶
func (p *CertificatePinner) IsEnforced() bool
IsEnforced returns whether certificate pinning is enforced
func (*CertificatePinner) RemovePin ¶
func (p *CertificatePinner) RemovePin(hostname string, pin string)
RemovePin removes a certificate pin for a host
func (*CertificatePinner) SetEnforced ¶
func (p *CertificatePinner) SetEnforced(enforced bool)
SetEnforced sets whether certificate pinning is enforced
func (*CertificatePinner) VerifyCertificate ¶
func (p *CertificatePinner) VerifyCertificate(hostname string, cert *x509.Certificate) error
VerifyCertificate verifies that a certificate matches a pinned hash for a host
func (*CertificatePinner) WrapTransport ¶
func (p *CertificatePinner) WrapTransport(transport *http.Transport) *http.Transport
WrapTransport wraps an HTTP transport with certificate pinning
type CertificateStatus ¶
type CertificateStatus int
CertificateStatus represents the status of a certificate
const ( // CertStatusValid indicates a valid certificate CertStatusValid CertificateStatus = iota // CertStatusExpired indicates an expired certificate CertStatusExpired // CertStatusRevoked indicates a revoked certificate CertStatusRevoked // CertStatusUntrusted indicates an untrusted certificate CertStatusUntrusted // CertStatusInvalid indicates an invalid certificate CertStatusInvalid )
type ErrorHandler ¶
type ErrorHandler struct {
// DevelopmentMode indicates whether to include detailed error information
DevelopmentMode bool
// ErrorCodeMap maps error types to error codes
ErrorCodeMap map[string]string
}
ErrorHandler handles errors securely
func NewErrorHandler ¶
func NewErrorHandler(developmentMode bool) *ErrorHandler
NewErrorHandler creates a new error handler
func (*ErrorHandler) GetErrorCode ¶
func (h *ErrorHandler) GetErrorCode(err error) string
GetErrorCode gets the error code for an error
func (*ErrorHandler) HandleError ¶
func (h *ErrorHandler) HandleError(w http.ResponseWriter, r *http.Request, err error, defaultMessage string)
HandleError handles an error securely
func (*ErrorHandler) RegisterErrorCode ¶
func (h *ErrorHandler) RegisterErrorCode(errorType string, code string)
RegisterErrorCode registers an error code for an error type
func (*ErrorHandler) SanitizeErrorForLogging ¶
func (h *ErrorHandler) SanitizeErrorForLogging(err error) string
SanitizeErrorForLogging sanitizes an error for logging
type ErrorLevel ¶
type ErrorLevel int
ErrorLevel represents the severity level of an error
const ( // ErrorLevelInfo is for informational errors ErrorLevelInfo ErrorLevel = iota // ErrorLevelWarning is for warning errors ErrorLevelWarning // ErrorLevelError is for standard errors ErrorLevelError // ErrorLevelCritical is for critical errors ErrorLevelCritical )
type ErrorResponse ¶
type ErrorResponse struct {
// Code is a unique error code
Code string `json:"code"`
// Message is a user-friendly error message
Message string `json:"message"`
// RequestID is a unique identifier for the request
RequestID string `json:"request_id,omitempty"`
}
ErrorResponse represents an error response
type SecureError ¶
type SecureError struct {
// Code is a unique error code
Code string `json:"code"`
// Message is a user-friendly error message
Message string `json:"message"`
// Level is the severity level of the error
Level ErrorLevel `json:"level"`
// Details is additional information (only shown in development mode)
Details string `json:"-"`
// OriginalError is the original error (not exposed to clients)
OriginalError error `json:"-"`
}
SecureError represents a secure error that doesn't leak sensitive information
func NewSecureError ¶
func NewSecureError(code string, message string, level ErrorLevel, originalError error) *SecureError
NewSecureError creates a new secure error
func (*SecureError) Error ¶
func (e *SecureError) Error() string
Error implements the error interface
func (*SecureError) WithDetails ¶
func (e *SecureError) WithDetails(details string) *SecureError
WithDetails adds details to a secure error
type TLSConfig ¶
type TLSConfig struct {
// MinVersion is the minimum TLS version to use
MinVersion uint16
// CertFile is the path to the certificate file
CertFile string
// KeyFile is the path to the key file
KeyFile string
// CAFile is the path to the CA certificate file
CAFile string
// InsecureSkipVerify skips certificate verification (not recommended for production)
InsecureSkipVerify bool
// CertPinning enables certificate pinning
CertPinning bool
// PinnedCerts is a list of pinned certificate hashes
PinnedCerts []string
// ServerName is the server name to check against
ServerName string
}
TLSConfig represents the configuration for TLS
func DefaultTLSConfig ¶
func DefaultTLSConfig() *TLSConfig
DefaultTLSConfig returns the default TLS configuration
type TLSManager ¶
type TLSManager struct {
// contains filtered or unexported fields
}
TLSManager manages TLS configurations and clients
func (*TLSManager) AddConfig ¶
func (m *TLSManager) AddConfig(name string, config *TLSConfig) error
AddConfig adds a TLS configuration
func (*TLSManager) GetClient ¶
func (m *TLSManager) GetClient(name string) (*http.Client, error)
GetClient returns an HTTP client with the specified TLS configuration
func (*TLSManager) GetDefaultClient ¶
func (m *TLSManager) GetDefaultClient() (*http.Client, error)
GetDefaultClient returns the default HTTP client
func (*TLSManager) LoadSystemCertificates ¶
func (m *TLSManager) LoadSystemCertificates() error
LoadSystemCertificates loads system certificates into the cert pool
func (*TLSManager) SetDefaultConfig ¶
func (m *TLSManager) SetDefaultConfig(name string) error
SetDefaultConfig sets the default TLS configuration
func (*TLSManager) VerifyCertificate ¶
func (m *TLSManager) VerifyCertificate(cert *x509.Certificate) error
VerifyCertificate verifies a certificate against the cert pool
type TrustChainManager ¶
type TrustChainManager struct {
// contains filtered or unexported fields
}
TrustChainManager manages certificate trust chains and validation
func NewTrustChainManager ¶
func NewTrustChainManager() *TrustChainManager
NewTrustChainManager creates a new trust chain manager
func (*TrustChainManager) AddIntermediateCertificate ¶
func (m *TrustChainManager) AddIntermediateCertificate(cert *x509.Certificate) error
AddIntermediateCertificate adds an intermediate certificate to the trust store
func (*TrustChainManager) AddIntermediateCertificateFromFile ¶
func (m *TrustChainManager) AddIntermediateCertificateFromFile(filePath string) error
AddIntermediateCertificateFromFile adds an intermediate certificate from a file
func (*TrustChainManager) AddIntermediateCertificateFromPEM ¶
func (m *TrustChainManager) AddIntermediateCertificateFromPEM(pemData []byte) error
AddIntermediateCertificateFromPEM adds an intermediate certificate from PEM data
func (*TrustChainManager) AddRootCertificate ¶
func (m *TrustChainManager) AddRootCertificate(cert *x509.Certificate) error
AddRootCertificate adds a root certificate to the trust store
func (*TrustChainManager) AddRootCertificateFromFile ¶
func (m *TrustChainManager) AddRootCertificateFromFile(filePath string) error
AddRootCertificateFromFile adds a root certificate from a file
func (*TrustChainManager) AddRootCertificateFromPEM ¶
func (m *TrustChainManager) AddRootCertificateFromPEM(pemData []byte) error
AddRootCertificateFromPEM adds a root certificate from PEM data
func (*TrustChainManager) ClearCRLCache ¶
func (m *TrustChainManager) ClearCRLCache()
ClearCRLCache clears the CRL cache
func (*TrustChainManager) ClearCertificateCache ¶
func (m *TrustChainManager) ClearCertificateCache()
ClearCertificateCache clears the certificate validation cache
func (*TrustChainManager) CreateCertificatePool ¶
func (m *TrustChainManager) CreateCertificatePool() *x509.CertPool
CreateCertificatePool creates an x509.CertPool from the trusted certificates
func (*TrustChainManager) CreateHTTPClient ¶
func (m *TrustChainManager) CreateHTTPClient() *http.Client
CreateHTTPClient creates an HTTP client with the trusted certificates
func (*TrustChainManager) CreateTLSConfig ¶
func (m *TrustChainManager) CreateTLSConfig() *tls.Config
CreateTLSConfig creates a tls.Config with the trusted certificates
func (*TrustChainManager) GetIntermediateCertificates ¶
func (m *TrustChainManager) GetIntermediateCertificates() []*x509.Certificate
GetIntermediateCertificates returns all intermediate certificates
func (*TrustChainManager) GetRootCertificates ¶
func (m *TrustChainManager) GetRootCertificates() []*x509.Certificate
GetRootCertificates returns all root certificates
func (*TrustChainManager) GetTrustedCertificates ¶
func (m *TrustChainManager) GetTrustedCertificates() []*x509.Certificate
GetTrustedCertificates returns all trusted certificates (roots and intermediates)
func (*TrustChainManager) ImportCertificatesFromDirectory ¶
func (m *TrustChainManager) ImportCertificatesFromDirectory(dirPath string, isRoot bool) error
ImportCertificatesFromDirectory imports certificates from a directory
func (*TrustChainManager) RemoveCertificate ¶
func (m *TrustChainManager) RemoveCertificate(cert *x509.Certificate)
RemoveCertificate removes a certificate from the trust store
func (*TrustChainManager) SetCRLCheckEnabled ¶
func (m *TrustChainManager) SetCRLCheckEnabled(enabled bool)
SetCRLCheckEnabled sets whether CRL checking is enabled
func (*TrustChainManager) SetCacheExpiration ¶
func (m *TrustChainManager) SetCacheExpiration(duration time.Duration)
SetCacheExpiration sets the cache expiration duration
func (*TrustChainManager) SetOCSPCheckEnabled ¶
func (m *TrustChainManager) SetOCSPCheckEnabled(enabled bool)
SetOCSPCheckEnabled sets whether OCSP checking is enabled
func (*TrustChainManager) ValidateCertificate ¶
func (m *TrustChainManager) ValidateCertificate(cert *x509.Certificate) (*CertificateInfo, error)
ValidateCertificate validates a certificate and returns certificate information
func (*TrustChainManager) ValidateCertificateFromFile ¶
func (m *TrustChainManager) ValidateCertificateFromFile(filePath string) (*CertificateInfo, error)
ValidateCertificateFromFile validates a certificate from a file
func (*TrustChainManager) ValidateCertificateFromPEM ¶
func (m *TrustChainManager) ValidateCertificateFromPEM(pemData []byte) (*CertificateInfo, error)
ValidateCertificateFromPEM validates a certificate from PEM data