db

package

v0.0.0-...-748217a Latest Latest Go to latest Published: Jun 20, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/adtsign/certificates

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func NewContext(ctx context.Context, db AuthDB) context.Context
type AuthDB
type CertificateData
type CertificateRevocationListDB
type CertificateRevocationListInfo
type CertificateStorer
type Config
type DB
type MockAuthDB
type MockNoSQLDB
type ProvisionerData
type RevokedCertificateInfo
type SimpleDB

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAlreadyExists = errors.New("already exists")

ErrAlreadyExists can be returned if the DB attempts to set a key that has been previously set.

View Source

var ErrNotImplemented = errors.Errorf("not implemented")

ErrNotImplemented is an error returned when an operation is Not Implemented.

Functions ¶

func NewContext ¶

func NewContext(ctx context.Context, db AuthDB) context.Context

NewContext adds the given authority database to the context.

Types ¶

type AuthDB ¶

type AuthDB interface {
	IsRevoked(sn string) (bool, error)
	IsSSHRevoked(sn string) (bool, error)
	Revoke(rci *RevokedCertificateInfo) error
	RevokeSSH(rci *RevokedCertificateInfo) error
	GetCertificate(serialNumber string) (*x509.Certificate, error)
	UseToken(id, tok string) (bool, error)
	IsSSHHost(name string) (bool, error)
	GetSSHHostPrincipals() ([]string, error)
	Shutdown() error
}

AuthDB is an interface over an Authority DB client that implements a nosql.DB interface.

func FromContext ¶

func FromContext(ctx context.Context) (db AuthDB, ok bool)

FromContext returns the current authority database from the given context.

func MustFromContext ¶

func MustFromContext(ctx context.Context) AuthDB

MustFromContext returns the current database from the given context. It will panic if it's not in the context.

func New ¶

func New(c *Config) (AuthDB, error)

New returns a new database client that implements the AuthDB interface.

type CertificateData ¶

type CertificateData struct {
	Provisioner *ProvisionerData    `json:"provisioner,omitempty"`
	RaInfo      *provisioner.RAInfo `json:"ra,omitempty"`
}

CertificateData is the JSON representation of the data stored in x509_certs_data table.

type CertificateRevocationListDB ¶

type CertificateRevocationListDB interface {
	GetRevokedCertificates() (*[]RevokedCertificateInfo, error)
	GetCRL() (*CertificateRevocationListInfo, error)
	StoreCRL(*CertificateRevocationListInfo) error
}

CertificateRevocationListDB is an interface to indicate whether the DB supports CRL generation

type CertificateRevocationListInfo ¶

type CertificateRevocationListInfo struct {
	Number    int64
	ExpiresAt time.Time
	Duration  time.Duration
	DER       []byte
}

CertificateRevocationListInfo contains a CRL in DER format and associated metadata to allow a decision on whether to regenerate the CRL or not easier

type CertificateStorer ¶

type CertificateStorer interface {
	StoreCertificate(crt *x509.Certificate) error
	StoreSSHCertificate(crt *ssh.Certificate) error
}

CertificateStorer is an extension of AuthDB that allows to store certificates.

type Config ¶

type Config struct {
	Type       string `json:"type"`
	DataSource string `json:"dataSource"`
	ValueDir   string `json:"valueDir,omitempty"`
	Database   string `json:"database,omitempty"`

	// BadgerFileLoadingMode can be set to 'FileIO' (instead of the default
	// 'MemoryMap') to avoid memory-mapping log files. This can be useful
	// in environments with low RAM
	BadgerFileLoadingMode string `json:"badgerFileLoadingMode"`
}

Config represents the JSON attributes used for configuring a step-ca DB.

type DB ¶

type DB struct {
	nosql.DB
	// contains filtered or unexported fields
}

DB is a wrapper over the nosql.DB interface.

func (*DB) GetCRL ¶

func (db *DB) GetCRL() (*CertificateRevocationListInfo, error)

GetCRL gets the existing CRL from the database

func (*DB) GetCertificate ¶

func (db *DB) GetCertificate(serialNumber string) (*x509.Certificate, error)

GetCertificate retrieves a certificate by the serial number.

func (*DB) GetCertificateData ¶

func (db *DB) GetCertificateData(serialNumber string) (*CertificateData, error)

GetCertificateData returns the data stored for a provisioner

func (*DB) GetRevokedCertificates ¶

func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

GetRevokedCertificates gets a list of all revoked certificates.

func (*DB) GetSSHHostPrincipals ¶

func (db *DB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals gets a list of all valid host principals.

func (*DB) IsRevoked ¶

func (db *DB) IsRevoked(sn string) (bool, error)

IsRevoked returns whether or not a certificate with the given identifier has been revoked. In the case of an X509 Certificate the `id` should be the Serial Number of the Certificate.

func (*DB) IsSSHHost ¶

func (db *DB) IsSSHHost(principal string) (bool, error)

IsSSHHost returns if a principal is present in the ssh hosts table.

func (*DB) IsSSHRevoked ¶

func (db *DB) IsSSHRevoked(sn string) (bool, error)

IsSSHRevoked returns whether or not a certificate with the given identifier has been revoked. In the case of an X509 Certificate the `id` should be the Serial Number of the Certificate.

func (*DB) Revoke ¶

func (db *DB) Revoke(rci *RevokedCertificateInfo) error

Revoke adds a certificate to the revocation table.

func (*DB) RevokeSSH ¶

func (db *DB) RevokeSSH(rci *RevokedCertificateInfo) error

RevokeSSH adds a SSH certificate to the revocation table.

func (*DB) Shutdown ¶

func (db *DB) Shutdown() error

Shutdown sends a shutdown message to the database.

func (*DB) StoreCRL ¶

func (db *DB) StoreCRL(crlInfo *CertificateRevocationListInfo) error

StoreCRL stores a CRL in the DB

func (*DB) StoreCertificate ¶

func (db *DB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate stores a certificate PEM.

func (*DB) StoreCertificateChain ¶

func (db *DB) StoreCertificateChain(p provisioner.Interface, chain ...*x509.Certificate) error

StoreCertificateChain stores the leaf certificate and the provisioner that authorized the certificate.

func (*DB) StoreRenewedCertificate ¶

func (db *DB) StoreRenewedCertificate(oldCert *x509.Certificate, chain ...*x509.Certificate) error

StoreRenewedCertificate stores the leaf certificate and the provisioner that authorized the old certificate if available.

func (*DB) StoreSSHCertificate ¶

func (db *DB) StoreSSHCertificate(crt *ssh.Certificate) error

StoreSSHCertificate stores an SSH certificate.

func (*DB) UseToken ¶

func (db *DB) UseToken(id, tok string) (bool, error)

UseToken returns true if we were able to successfully store the token for for the first time, false otherwise.

type MockAuthDB ¶

type MockAuthDB struct {
	Err                     error
	Ret1                    interface{}
	MIsRevoked              func(string) (bool, error)
	MIsSSHRevoked           func(string) (bool, error)
	MRevoke                 func(rci *RevokedCertificateInfo) error
	MRevokeSSH              func(rci *RevokedCertificateInfo) error
	MGetCertificate         func(serialNumber string) (*x509.Certificate, error)
	MGetCertificateData     func(serialNumber string) (*CertificateData, error)
	MStoreCertificate       func(crt *x509.Certificate) error
	MUseToken               func(id, tok string) (bool, error)
	MIsSSHHost              func(principal string) (bool, error)
	MStoreSSHCertificate    func(crt *ssh.Certificate) error
	MGetSSHHostPrincipals   func() ([]string, error)
	MShutdown               func() error
	MGetRevokedCertificates func() (*[]RevokedCertificateInfo, error)
	MGetCRL                 func() (*CertificateRevocationListInfo, error)
	MStoreCRL               func(*CertificateRevocationListInfo) error
}

MockAuthDB mocks the AuthDB interface. //

func (*MockAuthDB) GetCRL ¶

func (m *MockAuthDB) GetCRL() (*CertificateRevocationListInfo, error)

func (*MockAuthDB) GetCertificate ¶

func (m *MockAuthDB) GetCertificate(serialNumber string) (*x509.Certificate, error)

GetCertificate mock.

func (*MockAuthDB) GetCertificateData ¶

func (m *MockAuthDB) GetCertificateData(serialNumber string) (*CertificateData, error)

GetCertificateData mock.

func (*MockAuthDB) GetRevokedCertificates ¶

func (m *MockAuthDB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

func (*MockAuthDB) GetSSHHostPrincipals ¶

func (m *MockAuthDB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals mock.

func (*MockAuthDB) IsRevoked ¶

func (m *MockAuthDB) IsRevoked(sn string) (bool, error)

IsRevoked mock.

func (*MockAuthDB) IsSSHHost ¶

func (m *MockAuthDB) IsSSHHost(principal string) (bool, error)

IsSSHHost mock.

func (*MockAuthDB) IsSSHRevoked ¶

func (m *MockAuthDB) IsSSHRevoked(sn string) (bool, error)

IsSSHRevoked mock.

func (*MockAuthDB) Revoke ¶

func (m *MockAuthDB) Revoke(rci *RevokedCertificateInfo) error

Revoke mock.

func (*MockAuthDB) RevokeSSH ¶

func (m *MockAuthDB) RevokeSSH(rci *RevokedCertificateInfo) error

RevokeSSH mock.

func (*MockAuthDB) Shutdown ¶

func (m *MockAuthDB) Shutdown() error

Shutdown mock.

func (*MockAuthDB) StoreCRL ¶

func (m *MockAuthDB) StoreCRL(info *CertificateRevocationListInfo) error

func (*MockAuthDB) StoreCertificate ¶

func (m *MockAuthDB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate mock.

func (*MockAuthDB) StoreSSHCertificate ¶

func (m *MockAuthDB) StoreSSHCertificate(crt *ssh.Certificate) error

StoreSSHCertificate mock.

func (*MockAuthDB) UseToken ¶

func (m *MockAuthDB) UseToken(id, tok string) (bool, error)

UseToken mock.

type MockNoSQLDB ¶

type MockNoSQLDB struct {
	Err          error
	Ret1, Ret2   interface{}
	MGet         func(bucket, key []byte) ([]byte, error)
	MSet         func(bucket, key, value []byte) error
	MOpen        func(dataSourceName string, opt ...database.Option) error
	MClose       func() error
	MCreateTable func(bucket []byte) error
	MDeleteTable func(bucket []byte) error
	MDel         func(bucket, key []byte) error
	MList        func(bucket []byte) ([]*database.Entry, error)
	MUpdate      func(tx *database.Tx) error
	MCmpAndSwap  func(bucket, key, old, newval []byte) ([]byte, bool, error)
}

MockNoSQLDB //

func (*MockNoSQLDB) Close ¶

func (m *MockNoSQLDB) Close() error

Close mock

func (*MockNoSQLDB) CmpAndSwap ¶

func (m *MockNoSQLDB) CmpAndSwap(bucket, key, old, newval []byte) ([]byte, bool, error)

CmpAndSwap mock

func (*MockNoSQLDB) CreateTable ¶

func (m *MockNoSQLDB) CreateTable(bucket []byte) error

CreateTable mock

func (*MockNoSQLDB) Del ¶

func (m *MockNoSQLDB) Del(bucket, key []byte) error

Del mock

func (*MockNoSQLDB) DeleteTable ¶

func (m *MockNoSQLDB) DeleteTable(bucket []byte) error

DeleteTable mock

func (*MockNoSQLDB) Get ¶

func (m *MockNoSQLDB) Get(bucket, key []byte) ([]byte, error)

Get mock

func (*MockNoSQLDB) List ¶

func (m *MockNoSQLDB) List(bucket []byte) ([]*database.Entry, error)

List mock

func (*MockNoSQLDB) Open ¶

func (m *MockNoSQLDB) Open(dataSourceName string, opt ...database.Option) error

Open mock

func (*MockNoSQLDB) Set ¶

func (m *MockNoSQLDB) Set(bucket, key, value []byte) error

Set mock

func (*MockNoSQLDB) Update ¶

func (m *MockNoSQLDB) Update(tx *database.Tx) error

Update mock

type ProvisionerData ¶

type ProvisionerData struct {
	ID   string `json:"id"`
	Name string `json:"name"`
	Type string `json:"type"`
}

ProvisionerData is the JSON representation of the provisioner stored in the x509_certs_data table.

type RevokedCertificateInfo ¶

type RevokedCertificateInfo struct {
	Serial        string
	ProvisionerID string
	ReasonCode    int
	Reason        string
	RevokedAt     time.Time
	ExpiresAt     time.Time
	TokenID       string
	MTLS          bool
	ACME          bool
}

RevokedCertificateInfo contains information regarding the certificate revocation action.

type SimpleDB ¶

type SimpleDB struct {
	// contains filtered or unexported fields
}

SimpleDB is a barebones implementation of the DB interface. It is NOT an in memory implementation of the DB, but rather the bare minimum of functionality that the CA requires to operate securely.

func (*SimpleDB) Close ¶

func (s *SimpleDB) Close() error

Close closes the current database.

func (*SimpleDB) CmpAndSwap ¶

func (s *SimpleDB) CmpAndSwap([]byte, []byte, []byte, []byte) ([]byte, bool, error)

CmpAndSwap swaps the value at the given bucket and key if the current value is equivalent to the oldValue input. Returns 'true' if the swap was successful and 'false' otherwise.

func (*SimpleDB) CreateTable ¶

func (s *SimpleDB) CreateTable([]byte) error

CreateTable creates a table or a bucket in the database.

func (*SimpleDB) Del ¶

func (s *SimpleDB) Del([]byte, []byte) error

Del deletes the data in the given table/bucket and key.

func (*SimpleDB) DeleteTable ¶

func (s *SimpleDB) DeleteTable([]byte) error

DeleteTable deletes a table or a bucket in the database.

func (*SimpleDB) Get ¶

func (s *SimpleDB) Get([]byte, []byte) ([]byte, error)

Get returns the value stored in the given table/bucket and key.

func (*SimpleDB) GetCRL ¶

func (s *SimpleDB) GetCRL() (*CertificateRevocationListInfo, error)

GetCRL returns a "NotImplemented" error.

func (*SimpleDB) GetCertificate ¶

func (s *SimpleDB) GetCertificate(string) (*x509.Certificate, error)

GetCertificate returns a "NotImplemented" error.

func (*SimpleDB) GetRevokedCertificates ¶

func (s *SimpleDB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

GetRevokedCertificates returns a "NotImplemented" error.

func (*SimpleDB) GetSSHHostPrincipals ¶

func (s *SimpleDB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals returns a "NotImplemented" error.

func (*SimpleDB) IsRevoked ¶

func (s *SimpleDB) IsRevoked(string) (bool, error)

IsRevoked noop

func (*SimpleDB) IsSSHHost ¶

func (s *SimpleDB) IsSSHHost(string) (bool, error)

IsSSHHost returns a "NotImplemented" error.

func (*SimpleDB) IsSSHRevoked ¶

func (s *SimpleDB) IsSSHRevoked(string) (bool, error)

IsSSHRevoked noop

func (*SimpleDB) List ¶

func (s *SimpleDB) List([]byte) ([]*database.Entry, error)

List returns a list of all the entries in a given table/bucket.

func (*SimpleDB) Open ¶

func (s *SimpleDB) Open(string, ...database.Option) error

Open opens the database available with the given options.

func (*SimpleDB) Revoke ¶

func (s *SimpleDB) Revoke(*RevokedCertificateInfo) error

Revoke returns a "NotImplemented" error.

func (*SimpleDB) RevokeSSH ¶

func (s *SimpleDB) RevokeSSH(*RevokedCertificateInfo) error

RevokeSSH returns a "NotImplemented" error.

func (*SimpleDB) Set ¶

func (s *SimpleDB) Set([]byte, []byte, []byte) error

Set sets the given value in the given table/bucket and key.

func (*SimpleDB) Shutdown ¶

func (s *SimpleDB) Shutdown() error

Shutdown returns nil

func (*SimpleDB) StoreCRL ¶

func (s *SimpleDB) StoreCRL(*CertificateRevocationListInfo) error

StoreCRL returns a "NotImplemented" error.

func (*SimpleDB) StoreCertificate ¶

func (s *SimpleDB) StoreCertificate(*x509.Certificate) error

StoreCertificate returns a "NotImplemented" error.

func (*SimpleDB) StoreSSHCertificate ¶

func (s *SimpleDB) StoreSSHCertificate(*ssh.Certificate) error

StoreSSHCertificate returns a "NotImplemented" error.

func (*SimpleDB) Update ¶

func (s *SimpleDB) Update(*database.Tx) error

Update performs a transaction with multiple read-write commands.

func (*SimpleDB) UseToken ¶

func (s *SimpleDB) UseToken(id, tok string) (bool, error)

UseToken returns a "NotImplemented" error.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL