aboutsummaryrefslogtreecommitdiff
path: root/x509.go
Commit message (Collapse)AuthorAgeFilesLines
* moved sth and sdi metrics into the signer componentRasmus Dahlberg2020-11-051-9/+10
|
* simplified encoding and decodingRasmus Dahlberg2020-11-051-10/+5
| | | | | Go's "encoding/json" already takes care of encoding and decoding byte slices as base64. As such, it need not be done explicitly by us.
* moved extended key usage to log parametersRasmus Dahlberg2020-11-041-1/+1
|
* allowed configuration of max-range and max-chainRasmus Dahlberg2020-11-041-2/+2
|
* added certificate chain length checkingRasmus Dahlberg2020-11-041-5/+8
|
* added chain processing with intermediate certificatesRasmus Dahlberg2020-11-031-1/+2
| | | | | Basic test chains can be generated manually with openssl, see details in server/testdata/x509/README.md.
* moved x509 chain loading to stfe packageRasmus Dahlberg2020-11-031-0/+31
|
* unified ed25519 signing key loading and parsingRasmus Dahlberg2020-11-031-8/+11
|
* added start on stfe clientRasmus Dahlberg2020-11-021-3/+3
| | | | | | ChecksumV1 entries can be submitted using client-side ed25519 signatures. The resulting SignedDebugInfoV1 is then verified using the log's announced signature scheme and public key (currently only ed25519).
* removed unused codeRasmus Dahlberg2020-10-301-35/+0
|
* refactor types and documentationRasmus Dahlberg2020-10-301-11/+9
| | | | | | Structured files a bit better, added more documentation, switched to pointers as default (unless specifically motivated not to do so), and encapsulated TLS (un)marshaling for the respective types that use it.
* started refactoring add-entry code path according to docRasmus Dahlberg2020-10-301-0/+68
|
* go fmtRasmus Dahlberg2020-10-281-4/+2
|
* added signed tree head and get-sth code pathRasmus Dahlberg2020-10-281-0/+16
|
* added ed25519 signing and SDIsRasmus Dahlberg2020-10-271-0/+45
|
* isolated chain and signature verificationRasmus Dahlberg2020-10-271-0/+35
|
* decoupled log instance and infoRasmus Dahlberg2020-10-271-0/+43
Makes things a bit more modular. As part of this process I also replaced ct/x509 with crypto/x509, which already suits our needs.