communication

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2025 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package communication provides secure communication utilities for the LLMrecon tool.

Package communication provides secure communication utilities for the LLMrecon tool.

Package communication provides secure communication utilities for the LLMrecon tool.

Package communication provides secure communication utilities for the LLMrecon tool.

Package communication provides secure communication utilities for the LLMrecon tool.

Package communication provides secure communication utilities for the LLMrecon tool.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConfigureTLSForServer

func ConfigureTLSForServer(config *TLSConfig) (*tls.Config, error)

ConfigureTLSForServer configures TLS for an HTTP server

func ExportCertificate

func ExportCertificate(cert *x509.Certificate, filePath string, format CertificateFormat) error

ExportCertificate exports a certificate to a file

func ExtractCertificatePin

func ExtractCertificatePin(cert *x509.Certificate) string

ExtractCertificatePin extracts a certificate pin from a certificate

func FetchCertificatePin

func FetchCertificatePin(hostname string, port int) (string, error)

FetchCertificatePin fetches a certificate pin from a host

func FormatCertificateInfo

func FormatCertificateInfo(cert *x509.Certificate) string

FormatCertificateInfo formats certificate information as a string

func GetCertificateChainFromFile

func GetCertificateChainFromFile(filePath string) ([]*x509.Certificate, error)

GetCertificateChainFromFile extracts a certificate chain from a file

func GetCertificateChainFromPEM

func GetCertificateChainFromPEM(pemData []byte) ([]*x509.Certificate, error)

GetCertificateChainFromPEM extracts a certificate chain from PEM data

func GetCertificateInfo

func GetCertificateInfo(cert *x509.Certificate) map[string]interface{}

GetCertificateInfo returns information about a certificate

func VerifyCertificateChain

func VerifyCertificateChain(certs []*x509.Certificate, roots *x509.CertPool) error

VerifyCertificateChain verifies a certificate chain

Types

type CRLInfo

type CRLInfo struct {
	CRL         *pkix.CertificateList
	LastUpdated time.Time
	NextUpdate  time.Time
	URL         string
}

CRLInfo contains information about a Certificate Revocation List

type CertificateFormat

type CertificateFormat int

CertificateFormat represents the format of a certificate

const (
	// CertFormatPEM represents PEM format
	CertFormatPEM CertificateFormat = iota
	// CertFormatDER represents DER format
	CertFormatDER
)

type CertificateInfo

type CertificateInfo struct {
	Certificate     *x509.Certificate
	Status          CertificateStatus
	TrustChain      []*x509.Certificate
	ValidationError error
	LastChecked     time.Time
}

CertificateInfo contains information about a certificate

type CertificatePinner

type CertificatePinner struct {
	// contains filtered or unexported fields
}

CertificatePinner implements certificate pinning for HTTP clients

func NewCertificatePinner

func NewCertificatePinner(enforced bool) *CertificatePinner

NewCertificatePinner creates a new certificate pinner

func (*CertificatePinner) AddPin

func (p *CertificatePinner) AddPin(hostname string, pin string)

AddPin adds a certificate pin for a host The pin should be a base64-encoded SHA-256 hash of the certificate's public key

func (*CertificatePinner) AddPins

func (p *CertificatePinner) AddPins(hostname string, pins []string)

AddPins adds multiple certificate pins for a host

func (*CertificatePinner) ClearPins

func (p *CertificatePinner) ClearPins(hostname string)

ClearPins removes all pins for a host

func (*CertificatePinner) CreatePinnedClient

func (p *CertificatePinner) CreatePinnedClient(hostname string, pins []string) *http.Client

CreatePinnedClient creates an HTTP client with certificate pinning

func (*CertificatePinner) IsEnforced

func (p *CertificatePinner) IsEnforced() bool

IsEnforced returns whether certificate pinning is enforced

func (*CertificatePinner) RemovePin

func (p *CertificatePinner) RemovePin(hostname string, pin string)

RemovePin removes a certificate pin for a host

func (*CertificatePinner) SetEnforced

func (p *CertificatePinner) SetEnforced(enforced bool)

SetEnforced sets whether certificate pinning is enforced

func (*CertificatePinner) VerifyCertificate

func (p *CertificatePinner) VerifyCertificate(hostname string, cert *x509.Certificate) error

VerifyCertificate verifies that a certificate matches a pinned hash for a host

func (*CertificatePinner) WrapTransport

func (p *CertificatePinner) WrapTransport(transport *http.Transport) *http.Transport

WrapTransport wraps an HTTP transport with certificate pinning

type CertificateStatus

type CertificateStatus int

CertificateStatus represents the status of a certificate

const (
	// CertStatusValid indicates a valid certificate
	CertStatusValid CertificateStatus = iota
	// CertStatusExpired indicates an expired certificate
	CertStatusExpired
	// CertStatusRevoked indicates a revoked certificate
	CertStatusRevoked
	// CertStatusUntrusted indicates an untrusted certificate
	CertStatusUntrusted
	// CertStatusInvalid indicates an invalid certificate
	CertStatusInvalid
)

type ErrorHandler

type ErrorHandler struct {
	// DevelopmentMode indicates whether to include detailed error information
	DevelopmentMode bool
	// ErrorCodeMap maps error types to error codes
	ErrorCodeMap map[string]string
}

ErrorHandler handles errors securely

func NewErrorHandler

func NewErrorHandler(developmentMode bool) *ErrorHandler

NewErrorHandler creates a new error handler

func (*ErrorHandler) GetErrorCode

func (h *ErrorHandler) GetErrorCode(err error) string

GetErrorCode gets the error code for an error

func (*ErrorHandler) HandleError

func (h *ErrorHandler) HandleError(w http.ResponseWriter, r *http.Request, err error, defaultMessage string)

HandleError handles an error securely

func (*ErrorHandler) RegisterErrorCode

func (h *ErrorHandler) RegisterErrorCode(errorType string, code string)

RegisterErrorCode registers an error code for an error type

func (*ErrorHandler) SanitizeErrorForLogging

func (h *ErrorHandler) SanitizeErrorForLogging(err error) string

SanitizeErrorForLogging sanitizes an error for logging

type ErrorLevel

type ErrorLevel int

ErrorLevel represents the severity level of an error

const (
	// ErrorLevelInfo is for informational errors
	ErrorLevelInfo ErrorLevel = iota
	// ErrorLevelWarning is for warning errors
	ErrorLevelWarning
	// ErrorLevelError is for standard errors
	ErrorLevelError
	// ErrorLevelCritical is for critical errors
	ErrorLevelCritical
)

type ErrorResponse

type ErrorResponse struct {
	// Code is a unique error code
	Code string `json:"code"`
	// Message is a user-friendly error message
	Message string `json:"message"`
	// RequestID is a unique identifier for the request
	RequestID string `json:"request_id,omitempty"`
}

ErrorResponse represents an error response

type SecureError

type SecureError struct {
	// Code is a unique error code
	Code string `json:"code"`
	// Message is a user-friendly error message
	Message string `json:"message"`
	// Level is the severity level of the error
	Level ErrorLevel `json:"level"`
	// Details is additional information (only shown in development mode)
	Details string `json:"-"`
	// OriginalError is the original error (not exposed to clients)
	OriginalError error `json:"-"`
}

SecureError represents a secure error that doesn't leak sensitive information

func NewSecureError

func NewSecureError(code string, message string, level ErrorLevel, originalError error) *SecureError

NewSecureError creates a new secure error

func (*SecureError) Error

func (e *SecureError) Error() string

Error implements the error interface

func (*SecureError) WithDetails

func (e *SecureError) WithDetails(details string) *SecureError

WithDetails adds details to a secure error

type TLSConfig

type TLSConfig struct {
	// MinVersion is the minimum TLS version to use
	MinVersion uint16
	// CertFile is the path to the certificate file
	CertFile string
	// KeyFile is the path to the key file
	KeyFile string
	// CAFile is the path to the CA certificate file
	CAFile string
	// InsecureSkipVerify skips certificate verification (not recommended for production)
	InsecureSkipVerify bool
	// CertPinning enables certificate pinning
	CertPinning bool
	// PinnedCerts is a list of pinned certificate hashes
	PinnedCerts []string
	// ServerName is the server name to check against
	ServerName string
}

TLSConfig represents the configuration for TLS

func DefaultTLSConfig

func DefaultTLSConfig() *TLSConfig

DefaultTLSConfig returns the default TLS configuration

type TLSManager

type TLSManager struct {
	// contains filtered or unexported fields
}

TLSManager manages TLS configurations and clients

func NewTLSManager

func NewTLSManager() *TLSManager

NewTLSManager creates a new TLS manager

func (*TLSManager) AddConfig

func (m *TLSManager) AddConfig(name string, config *TLSConfig) error

AddConfig adds a TLS configuration

func (*TLSManager) GetClient

func (m *TLSManager) GetClient(name string) (*http.Client, error)

GetClient returns an HTTP client with the specified TLS configuration

func (*TLSManager) GetDefaultClient

func (m *TLSManager) GetDefaultClient() (*http.Client, error)

GetDefaultClient returns the default HTTP client

func (*TLSManager) LoadSystemCertificates

func (m *TLSManager) LoadSystemCertificates() error

LoadSystemCertificates loads system certificates into the cert pool

func (*TLSManager) SetDefaultConfig

func (m *TLSManager) SetDefaultConfig(name string) error

SetDefaultConfig sets the default TLS configuration

func (*TLSManager) VerifyCertificate

func (m *TLSManager) VerifyCertificate(cert *x509.Certificate) error

VerifyCertificate verifies a certificate against the cert pool

type TrustChainManager

type TrustChainManager struct {
	// contains filtered or unexported fields
}

TrustChainManager manages certificate trust chains and validation

func NewTrustChainManager

func NewTrustChainManager() *TrustChainManager

NewTrustChainManager creates a new trust chain manager

func (*TrustChainManager) AddIntermediateCertificate

func (m *TrustChainManager) AddIntermediateCertificate(cert *x509.Certificate) error

AddIntermediateCertificate adds an intermediate certificate to the trust store

func (*TrustChainManager) AddIntermediateCertificateFromFile

func (m *TrustChainManager) AddIntermediateCertificateFromFile(filePath string) error

AddIntermediateCertificateFromFile adds an intermediate certificate from a file

func (*TrustChainManager) AddIntermediateCertificateFromPEM

func (m *TrustChainManager) AddIntermediateCertificateFromPEM(pemData []byte) error

AddIntermediateCertificateFromPEM adds an intermediate certificate from PEM data

func (*TrustChainManager) AddRootCertificate

func (m *TrustChainManager) AddRootCertificate(cert *x509.Certificate) error

AddRootCertificate adds a root certificate to the trust store

func (*TrustChainManager) AddRootCertificateFromFile

func (m *TrustChainManager) AddRootCertificateFromFile(filePath string) error

AddRootCertificateFromFile adds a root certificate from a file

func (*TrustChainManager) AddRootCertificateFromPEM

func (m *TrustChainManager) AddRootCertificateFromPEM(pemData []byte) error

AddRootCertificateFromPEM adds a root certificate from PEM data

func (*TrustChainManager) ClearCRLCache

func (m *TrustChainManager) ClearCRLCache()

ClearCRLCache clears the CRL cache

func (*TrustChainManager) ClearCertificateCache

func (m *TrustChainManager) ClearCertificateCache()

ClearCertificateCache clears the certificate validation cache

func (*TrustChainManager) CreateCertificatePool

func (m *TrustChainManager) CreateCertificatePool() *x509.CertPool

CreateCertificatePool creates an x509.CertPool from the trusted certificates

func (*TrustChainManager) CreateHTTPClient

func (m *TrustChainManager) CreateHTTPClient() *http.Client

CreateHTTPClient creates an HTTP client with the trusted certificates

func (*TrustChainManager) CreateTLSConfig

func (m *TrustChainManager) CreateTLSConfig() *tls.Config

CreateTLSConfig creates a tls.Config with the trusted certificates

func (*TrustChainManager) GetIntermediateCertificates

func (m *TrustChainManager) GetIntermediateCertificates() []*x509.Certificate

GetIntermediateCertificates returns all intermediate certificates

func (*TrustChainManager) GetRootCertificates

func (m *TrustChainManager) GetRootCertificates() []*x509.Certificate

GetRootCertificates returns all root certificates

func (*TrustChainManager) GetTrustedCertificates

func (m *TrustChainManager) GetTrustedCertificates() []*x509.Certificate

GetTrustedCertificates returns all trusted certificates (roots and intermediates)

func (*TrustChainManager) ImportCertificatesFromDirectory

func (m *TrustChainManager) ImportCertificatesFromDirectory(dirPath string, isRoot bool) error

ImportCertificatesFromDirectory imports certificates from a directory

func (*TrustChainManager) RemoveCertificate

func (m *TrustChainManager) RemoveCertificate(cert *x509.Certificate)

RemoveCertificate removes a certificate from the trust store

func (*TrustChainManager) SetCRLCheckEnabled

func (m *TrustChainManager) SetCRLCheckEnabled(enabled bool)

SetCRLCheckEnabled sets whether CRL checking is enabled

func (*TrustChainManager) SetCacheExpiration

func (m *TrustChainManager) SetCacheExpiration(duration time.Duration)

SetCacheExpiration sets the cache expiration duration

func (*TrustChainManager) SetOCSPCheckEnabled

func (m *TrustChainManager) SetOCSPCheckEnabled(enabled bool)

SetOCSPCheckEnabled sets whether OCSP checking is enabled

func (*TrustChainManager) ValidateCertificate

func (m *TrustChainManager) ValidateCertificate(cert *x509.Certificate) (*CertificateInfo, error)

ValidateCertificate validates a certificate and returns certificate information

func (*TrustChainManager) ValidateCertificateFromFile

func (m *TrustChainManager) ValidateCertificateFromFile(filePath string) (*CertificateInfo, error)

ValidateCertificateFromFile validates a certificate from a file

func (*TrustChainManager) ValidateCertificateFromPEM

func (m *TrustChainManager) ValidateCertificateFromPEM(pemData []byte) (*CertificateInfo, error)

ValidateCertificateFromPEM validates a certificate from PEM data

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL