Documentation
¶
Overview ¶
Package ct provides Certificate Transparency log monitoring via crt.sh.
Index ¶
Constants ¶
View Source
const ( // FindingCTUnknown indicates a certificate in CT logs not found in the cluster. FindingCTUnknown = "CT_UNKNOWN_CERT" // FindingCTRogue indicates a certificate issued by an unexpected CA. FindingCTRogue = "CT_ROGUE_ISSUER" )
Variables ¶
This section is empty.
Functions ¶
func Check ¶
func Check(entries []Entry, knownSerials map[string]bool, allowedIssuers []string) []store.CertFinding
Check compares CT log entries against known cluster serials and allowed issuers. Returns findings for unknown certs and rogue issuers.
func WithBaseURL ¶
WithBaseURL overrides the crt.sh base URL (for testing).
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client queries crt.sh for CT log entries.
type Entry ¶
type Entry struct {
SerialNumber string `json:"serial_number"`
CommonName string `json:"common_name"`
NameValue string `json:"name_value"`
IssuerName string `json:"issuer_name"`
NotBefore string `json:"not_before"`
NotAfter string `json:"not_after"`
ID int64 `json:"id"`
}
Entry represents a certificate record from crt.sh.
Source Files
Click to show internal directories.
Click to hide internal directories.