[−][src]Crate ctclient
Certificate Transparency Log client suitable for monitoring, quick SCT validation, gossiping, etc.
The source code of this project contains some best-effort explanation comments for others trying to implement such a client. As of 2019, the documentation that exists out there are (in my opinion) pretty lacking, and I had some bad time trying to implement this.
All pub_key
are in DER format, which is the format returned (in base64)
by google's trusted log list. signature
s are Digitally-signed structs, and
raw_signature
s are ASN1-encoded signatures.
Best effort are made to catch misbehavior by CT logs or invalid certificates. It is up to the user of this library to decide what to do when logs don't behave corrctly.
This project is not intended to be a beginner friendly tutorial on how a CT log works. To learn more about CT, you can read the RFC.
API calls are currently all blocking. If anyone is interested in rewriting them in Futures, PR is welcome.
Modules
certutils | Verious utilities for checking the content of a certificate. |
google_log_list | Downloading of log list from Google. |
internal | Things that are only useful if you are doing your own API calling. |
jsons | Structs for parsing server response. |
utils | Some utility functions. |
Structs
CTClient | A stateful CT monitor. |
SignedCertificateTimestamp | An unverified Signed Certificate Timestamp (SCT). |
SignedTreeHead | An unverified signed tree head (STH), as returned from the server. This encapsulate the state of the tree at some point in time. |
Enums
Error | Errors that this library could produce. |
SctEntry | Either a X509 der, or (in case of pre-cert) tbs and issuer key hash. |
SthResult | Either a fetched and checked |