Class: CertificateTransparency::Client

Inherits:
Object
  • Object
show all
Defined in:
lib/certificate-transparency/client.rb

Overview

Interact with a Certificate Transparency server.

Defined Under Namespace

Classes: DataError, Error, HTTPError

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(url, opts = {}) ⇒ CT::Client

Create thyself a new CT::Client.

Parameters:

  • url (String)

    the "base" URL to the CT log, without any /ct/v1 bits in it.

  • opts (Hash) (defaults to: {})

    any options you'd like to pass.

  • public_key (Hash)

    a customizable set of options



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/certificate-transparency/client.rb', line 39

def initialize(url, opts = {})
  unless opts.is_a? Hash
    raise ArgumentError,
          "Must pass a hash of options as second argument"
  end

  if opts[:public_key]
    pkdata = if opts[:public_key].valid_encoding? && opts[:public_key] =~ /^[A-Za-z0-9+\/]+=*$/
      opts[:public_key].unpack("m").first
    else
      opts[:public_key]
    end

    @public_key = begin
      OpenSSL::PKey::EC.new(pkdata)
    rescue ArgumentError
      begin
        OpenSSL::PKey::RSA.new(pkdata)
      rescue StandardError => ex
        raise "Invalid public key: #{ex.message} (#{ex.class})"
      end
    rescue StandardError => ex
      raise ArgumentError,
            "Invalid public key: #{ex.message} (#{ex.class})"
    end
  end

  @url = URI(url)
end

Instance Attribute Details

#public_keyOpenSSL::PKey::PKey (readonly)

The public key of the log, as specified in the constructor.

Returns:

  • (OpenSSL::PKey::PKey) 


25
26
27
 
# File 'lib/certificate-transparency/client.rb', line 25

def public_key
  @public_key
end

Instance Method Details

#get_entries(first, last = nil) ⇒ Array<CT::LogEntry>

Retrieve one or more entries from the log.

Parameters:

  • first (Integer)

    the 0-based index of the first entry in the log that you wish to retrieve.

  • last (Integer) (defaults to: nil)

    the 0-base indexd of the last entry in the log that you wish to retrieve. Note that you may not get as many entries as you requested, due to limits in the response size that are imposed by many log servers.

    If last is not specified, this method will attempt to retrieve as many entries as the log is willing and able to hand over.

Returns:

  • (Array<CT::LogEntry>)

Raises:

  • (CT::Client::HTTPError)

    if something goes wrong with the HTTP request.



98
99
100
101
102
103
104
105
 
# File 'lib/certificate-transparency/client.rb', line 98

def get_entries(first, last = nil)
  last ||= get_sth.tree_size - 1

  entries_json = make_request("get-entries", :start => first, :end => last)
  JSON.parse(entries_json)["entries"].map do |entry|
    CT::LogEntry.from_json(entry.to_json)
  end
end

#get_rootsArray<OpenSSL::X509::Certificate>

Retrieve the full set of roots publicised as being supported by this log.

Returns:

  • (Array<OpenSSL::X509::Certificate>)

Raises:

  • (CT::Client::HTTPError)

    if something went wrong with the HTTP request.

  • (CT::Client::DataError)

    if the data returned didn't meet our expectations.



115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/certificate-transparency/client.rb', line 115

def get_roots
  json = make_request("get-roots")

  begin
    JSON.parse(json)["certificates"].map do |c|
      OpenSSL::X509::Certificate.new(c.unpack("m").first)
    end
  rescue StandardError => ex
    raise CT::Client::DataError,
          "Failed to parse get-roots response: #{ex.message} (#{ex.class})"
  end
end

#get_sthCT::SignedTreeHead

Retrieve the current Signed Tree Head from the log.

Returns:

  • (CT::SignedTreeHead)

Raises:

  • (CT::Client::HTTPError)

    if something goes wrong with the HTTP request.



76
77
78
 
# File 'lib/certificate-transparency/client.rb', line 76

def get_sth
  CT::SignedTreeHead.from_json(make_request("get-sth"))
end