scanner

package
v0.0.0-...-53fe175 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2020 License: Apache-2.0, ISC, MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type MatchAll 

type MatchAll struct{}

MatchAll is a Matcher which will match every possible Certificate and Precertificate.

func (MatchAll) CertificateMatches 

func (m MatchAll) CertificateMatches(_ *x509.Certificate) bool

func (MatchAll) PrecertificateMatches 

func (m MatchAll) PrecertificateMatches(_ *ct.Precertificate) bool

type MatchIssuerRegex 

type MatchIssuerRegex struct {
	CertificateIssuerRegex    *regexp.Regexp
	PrecertificateIssuerRegex *regexp.Regexp
}

Matches on issuer cn by regex

func (MatchIssuerRegex) CertificateMatches 

func (m MatchIssuerRegex) CertificateMatches(c *x509.Certificate) bool

func (MatchIssuerRegex) PrecertificateMatches 

func (m MatchIssuerRegex) PrecertificateMatches(p *ct.Precertificate) bool

type MatchNone 

type MatchNone struct{}

MatchNone is a Matcher which will never match any Certificate or Precertificate.

func (MatchNone) CertificateMatches 

func (m MatchNone) CertificateMatches(_ *x509.Certificate) bool

func (MatchNone) PrecertificateMatches 

func (m MatchNone) PrecertificateMatches(_ *ct.Precertificate) bool

type MatchSerialNumber 

type MatchSerialNumber struct {
	SerialNumber big.Int
}

func (MatchSerialNumber) CertificateMatches 

func (m MatchSerialNumber) CertificateMatches(c *x509.Certificate) bool

func (MatchSerialNumber) PrecertificateMatches 

func (m MatchSerialNumber) PrecertificateMatches(p *ct.Precertificate) bool

type MatchSubjectRegex 

type MatchSubjectRegex struct {
	CertificateSubjectRegex    *regexp.Regexp
	PrecertificateSubjectRegex *regexp.Regexp
}

MatchSubjectRegex is a Matcher which will use |CertificateSubjectRegex| and |PrecertificateSubjectRegex| to determine whether Certificates and Precertificates are interesting. The two regexes are tested against Subject Common Name as well as all Subject Alternative Names

func (MatchSubjectRegex) CertificateMatches 

func (m MatchSubjectRegex) CertificateMatches(c *x509.Certificate) bool

Returns true if either CN or any SAN of |c| matches |CertificateSubjectRegex|.

func (MatchSubjectRegex) PrecertificateMatches 

func (m MatchSubjectRegex) PrecertificateMatches(p *ct.Precertificate) bool

Returns true if either CN or any SAN of |p| matches |PrecertificatesubjectRegex|.

type Matcher 

type Matcher interface {
	// CertificateMatches is called by the scanner for each X509 Certificate found in the log.
	// The implementation should return |true| if the passed Certificate is interesting, and |false| otherwise.
	CertificateMatches(*x509.Certificate) bool

	// PrecertificateMatches is called by the scanner for each CT Precertificate found in the log.
	// The implementation should return |true| if the passed Precertificate is interesting, and |false| otherwise.
	PrecertificateMatches(*ct.Precertificate) bool
}

Clients wishing to implement their own Matchers should implement this interface:

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner is a tool to scan all the entries in a CT Log.

func NewScanner 

func NewScanner(client *client.LogClient, opts ScannerOptions, logger *log.Logger) *Scanner

Creates a new Scanner instance using |client| to talk to the log, and taking configuration options from |opts|.

func (*Scanner) Scan 

func (s *Scanner) Scan(foundCert func(*ct.LogEntry, string),
	foundPrecert func(*ct.LogEntry, string), updater chan int64) (int64, error)

Performs a scan against the Log. For each x509 certificate found, |foundCert| will be called with the index of the entry and certificate itself as arguments. For each precert found, |foundPrecert| will be called with the index of the entry and the raw precert string as the arguments.

This method blocks until the scan is complete.

type ScannerOptions 

type ScannerOptions struct {
	// Custom matcher for x509 Certificates, functor will be called for each
	// Certificate found during scanning.
	Matcher Matcher

	// Match precerts only (Matcher still applies to precerts)
	PrecertOnly bool

	// Number of entries to request in one batch from the Log
	BatchSize int64

	// Number of concurrent matchers to run
	NumWorkers int

	// Number of concurrent fethers to run
	ParallelFetch int

	// Log entry index to start fetching & matching at
	StartIndex int64

	// Don't print any status messages to stdout
	Quiet bool

	// The name of the CT server we're pulling certs from
	Name string

	MaximumIndex int64
}

ScannerOptions holds configuration options for the Scanner

func DefaultScannerOptions 

func DefaultScannerOptions() *ScannerOptions

Creates a new ScannerOptions struct with sensible defaults

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.