[−][src]Struct ctclient::CTClient
A stateful CT monitor.
One instance of this struct only concerns with one particular log. To monitor multiple logs, you can create multiple such instances and run them on different threads.
It remembers a last checked tree root, so that it only checks the newly added
certificates. It's state can be load from / stored as a [u8], which you can
then e.g. store in a file / database.
Implementations
impl CTClient[src]
pub fn new_from_latest_th(base_url: &str, pub_key: &[u8]) -> Result<Self, Error>[src]
Construct a new CTClient instance, and fetch the latest tree root.
Previous certificates in this log will not be checked.
Errors
- If
base_urldoes not ends with/.
Example
use ctclient::CTClient; use base64::decode; // URL and public key copy-pasted from https://www.gstatic.com/ct/log_list/v2/all_logs_list.json . let public_key = decode("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01EAhx4o0zPQrXTcYjgCt4MVFsT0Pwjzb1RwrM0lhWDlxAYPP6/gyMCXNkOn/7KFsjL7rwk78tHMpY8rXn8AYg==").unwrap(); let client = CTClient::new_from_latest_th("https://ct.cloudflare.com/logs/nimbus2020/", &public_key).unwrap();
pub fn new_from_perv_tree_hash(
base_url: &str,
pub_key: &[u8],
tree_hash: [u8; 32],
tree_size: u64
) -> Result<Self, Error>[src]
base_url: &str,
pub_key: &[u8],
tree_hash: [u8; 32],
tree_size: u64
) -> Result<Self, Error>
Construct a new CTClient that will check all certificates included after
the given tree state.
Previous certificates in this log before the provided tree hash will not be checked.
Example
use ctclient::{CTClient, utils}; use base64::decode; // URL and public key copy-pasted from https://www.gstatic.com/ct/log_list/v2/all_logs_list.json . let public_key = decode("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE01EAhx4o0zPQrXTcYjgCt4MVFsT0Pwjzb1RwrM0lhWDlxAYPP6/gyMCXNkOn/7KFsjL7rwk78tHMpY8rXn8AYg==").unwrap(); use std::convert::TryInto; // Tree captured on 2020-05-12 15:34:11 UTC let th: [u8; 32] = (&utils::hex_to_u8("63875e88a3e37dc5b6cdbe213fe1df490d40193e4777f79467958ee157de70d6")[..]).try_into().unwrap(); let client = CTClient::new_from_perv_tree_hash("https://ct.cloudflare.com/logs/nimbus2020/", &public_key, th, 299304276).unwrap();
pub fn get_checked_tree_head(&self) -> (u64, [u8; 32])[src]
Get the last checked tree head. Returns (tree_size, root_hash).
pub fn get_reqwest_client(&self) -> &Client[src]
Get the underlying http client used to call CT APIs.
pub fn light_update(&mut self) -> SthResult[src]
Calls self.update() with None as cert_handler.
pub fn update<H>(&mut self, cert_handler: Option<H>) -> SthResult where
H: FnMut(&[X509]), [src]
H: FnMut(&[X509]),
Fetch the latest tree root, check all the new certificates if cert_handler is a Some, and update our
internal "last checked tree root".
This function should never panic, no matter what the server does to us.
Return the latest SignedTreeHead (STH) returned by the server, even if
it is the same as last time, or if it rolled back (new tree_size < current tree_size).
To log the behavior of CT logs, store the returned tree head and signature in some kind of database (even when error). This can be used to prove a misconduct (such as a non-extending-only tree) in the future.
pub fn check_leaf<H>(
&self,
leaf: &Leaf,
cert_handler: &mut Option<H>
) -> Result<(), Error> where
H: FnMut(&[X509]), [src]
&self,
leaf: &Leaf,
cert_handler: &mut Option<H>
) -> Result<(), Error> where
H: FnMut(&[X509]),
Called by Self::update for each leaf received
to check the certificates. Usually no need to call yourself.
pub fn check_inclusion_proof_for_sct(
&self,
sct: &SignedCertificateTimestamp
) -> Result<u64, Error>[src]
&self,
sct: &SignedCertificateTimestamp
) -> Result<u64, Error>
Given a SignedCertificateTimestamp, check that the CT log monitored by this client can provide
an inclusion proof that backs the sct, and return the leaf index.
Does not check the signature on the sct, and also does not check that the maximum merge delay has passed.
pub fn first_leaf_after(
&self,
timestamp: u64
) -> Result<Option<(u64, Leaf)>, Error>[src]
&self,
timestamp: u64
) -> Result<Option<(u64, Leaf)>, Error>
pub fn first_tree_head_after(
&self,
timestamp: u64
) -> Result<Option<(u64, [u8; 32])>, Error>[src]
&self,
timestamp: u64
) -> Result<Option<(u64, [u8; 32])>, Error>
pub fn rollback_to_timestamp(&mut self, timestamp: u64) -> Result<(), Error>[src]
pub fn as_bytes(&self) -> Result<Vec<u8>, Error>[src]
Serialize the state of this client into bytes
pub fn from_bytes(bytes: &[u8]) -> Result<Self, Error>[src]
Parse a byte string returned by Self::as_bytes.
Trait Implementations
Auto Trait Implementations
impl !RefUnwindSafe for CTClient
impl Send for CTClient
impl Sync for CTClient
impl Unpin for CTClient
impl !UnwindSafe for CTClient
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized, [src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized, [src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized, [src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T[src]
impl<T> From<T> for T[src]
impl<T, U> Into<U> for T where
U: From<T>, [src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>, [src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,