[][src]Crate ctclient

Certificate Transparency Log client suitable for monitoring, quick SCT validation, gossiping, etc.

The source code of this project contains some best-effort explanation comments for others trying to implement such a client. As of 2019, the documentation that exists out there are (in my opinion) pretty lacking, and I had some bad time trying to implement this.

All pub_key are in DER format, which is the format returned (in base64) by google's trusted log list. signatures are Digitally-signed structs, and raw_signatures are ASN1-encoded signatures.

Best effort are made to catch misbehavior by CT logs or invalid certificates. It is up to the user of this library to decide what to do when logs don't behave corrctly.

This project is not intended to be a beginner friendly tutorial on how a CT log works. To learn more about CT, you can read the RFC.

API calls are currently all blocking. If anyone is interested in rewriting them in Futures, PR is welcome.

Modules

certutils

Verious utilities for checking the content of a certificate.

google_log_list

Downloading of log list from Google.

internal

Things that are only useful if you are doing your own API calling.

jsons

Structs for parsing server response.

utils

Some utility functions.

Structs

CTClient

A stateful CT monitor.

SignedCertificateTimestamp

An unverified Signed Certificate Timestamp (SCT).

SignedTreeHead

An unverified signed tree head (STH), as returned from the server. This encapsulate the state of the tree at some point in time.

Enums

Error

Errors that this library could produce.

SctEntry

Either a X509 der, or (in case of pre-cert) tbs and issuer key hash.

SthResult

Either a fetched and checked SignedTreeHead, or a SignedTreeHead that has a valid signature but did not pass some internal checks, or just an Error.