-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Interfaces for SCTs, feedback wanted #3467
Merged
Merged
Changes from 12 commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
e02ddc0
Stub API for SCTs, feedback wanted
alex 8852e90
grr, flake8
alex 2931bee
port this to being an ABC
alex a11685d
finish up the __init__
alex dcdf912
Two necessary enums
alex 008ba6f
Roll this back
alex b097102
Wrote some docs
alex 1140330
spell words correctly
alex c49f07e
linky
alex d8dfedb
more details
alex d695dc9
use the words UTC
alex 97d58ab
coverage
alex 860890f
Define MMD for the kids at some
alex f2d1baf
linky linky
alex File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
Certificate Transparency | ||
======================== | ||
|
||
.. currentmodule:: cryptography.x509.certificate_transparency | ||
|
||
Certificate Transparency is a set of protocols specified in :rfc:`6962` which | ||
allow X.509 certificates to be sent to append-only logs and have small | ||
cryptographic proofs that a certificate has been publicly logged. This allows | ||
for external auditing of the certificates that a certificate authority has | ||
issued. | ||
|
||
.. class:: SignedCertificateTimestamp | ||
|
||
.. versionadded:: 1.9 | ||
|
||
SignedCertificateTimestamps (SCTs) are small cryptographically signed | ||
assertions that the specified certificate has been submitted to a | ||
Certificate Transparency Log, and that it will be part of the public log | ||
within some time period. | ||
|
||
.. attribute:: version | ||
|
||
:type: :class:`~cryptography.x509.certificate_transparency.Version` | ||
|
||
The SCT version as an enumeration. Currently only one version has been | ||
specified. | ||
|
||
.. attribute:: log_id | ||
|
||
:type: bytes | ||
|
||
An opaque identifier, indicating which log this SCT is from. This is | ||
the SHA256 hash of the log's public key. | ||
|
||
.. attribute:: timestamp | ||
|
||
:type: :class:`datetime.datetime` | ||
|
||
A naïve datetime representing the time in UTC at which the log asserts | ||
the certificate had been submitted to it. | ||
|
||
.. attribute:: entry_type | ||
|
||
:type: | ||
:class:`~cryptography.x509.certificate_transparency.LogEntryType` | ||
|
||
The type of submission to the log that this SCT is for. Log submissions | ||
can either be certificates themselves or "pre-certificates" which | ||
indicate a binding-intent to issue a certificate for the same data, | ||
with SCTs embedded in it. | ||
|
||
|
||
.. class:: Version | ||
|
||
.. versionadded:: 1.9 | ||
|
||
An enumeration for SignedCertificateTimestamp versions. | ||
|
||
.. attribute:: v1 | ||
|
||
For version 1 SignedCertificateTimestamps. | ||
|
||
.. class:: LogEntryType | ||
|
||
.. versionadded:: 1.9 | ||
|
||
An enumeration for SignedCertificateTimestamp log entry types. | ||
|
||
.. attribute:: X509_CERTIFICATE | ||
|
||
For SCTs corresponding to X.509 certificates. | ||
|
||
.. attribute:: PRE_CERTIFICATE | ||
|
||
For SCTs corresponding to pre-certificates. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
# This file is dual licensed under the terms of the Apache License, Version | ||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository | ||
# for complete details. | ||
|
||
from __future__ import absolute_import, division, print_function | ||
|
||
import abc | ||
from enum import Enum | ||
|
||
import six | ||
|
||
|
||
class LogEntryType(Enum): | ||
X509_CERTIFICATE = 0 | ||
PRE_CERTIFICATE = 1 | ||
|
||
|
||
class Version(Enum): | ||
v1 = 0 | ||
|
||
|
||
@six.add_metaclass(abc.ABCMeta) | ||
class SignedCertificateTimestamp(object): | ||
@abc.abstractproperty | ||
def version(self): | ||
""" | ||
Returns the SCT version. | ||
""" | ||
|
||
@abc.abstractproperty | ||
def log_id(self): | ||
""" | ||
Returns an identifier indicating which log this SCT is for. | ||
""" | ||
|
||
@abc.abstractproperty | ||
def timestamp(self): | ||
""" | ||
Returns the timestamp for this SCT. | ||
""" | ||
|
||
@abc.abstractproperty | ||
def entry_type(self): | ||
""" | ||
Returns whether this is an SCT for a certificate or pre-certificate. | ||
""" |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the acceptable time period something each log decides?