db

package

v0.0.0-...-efbc38a Latest Latest Go to latest Published: Jan 23, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/canonical/notary

Documentation ¶

Overview ¶

Package db provides a simplistic ORM to communicate with an SQL database for storage

Example ¶

database, err := db.NewDatabase("./certs.db")
if err != nil {
	log.Fatalln(err)
}
err = database.CreateCertificateRequest(BananaCSR)
if err != nil {
	log.Fatalln(err)
}
err = database.AddCertificateChainToCertificateRequest(db.ByCSRPEM(BananaCSR), BananaCert)
if err != nil {
	log.Fatalln(err)
}
err = database.Close()
if err != nil {
	log.Fatalln(err)
}

Output:

Index ¶

func CertificateMatchesCSR(cert string, csr string) error
func HashPassword(password string) (string, error)
func ValidateCertificate(cert string) error
func ValidateCertificateRequest(csr string) error
type CSRFilter
- func ByCSRID(id int) CSRFilter
- func ByCSRPEM(pem string) CSRFilter
type Certificate
type CertificateFilter
- func ByCertificateID(id int) CertificateFilter
- func ByCertificatePEM(pem string) CertificateFilter
type CertificateRequest
type CertificateRequestWithChain
type Database
- func NewDatabase(databasePath string) (*Database, error)
type NumUsers
type PrivateKey
type User
type UserFilter
- func ByUserID(id int) UserFilter
- func ByUsername(username string) UserFilter

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CertificateMatchesCSR ¶

func CertificateMatchesCSR(cert string, csr string) error

CertificateMatchesCSR makes sure that the given certificate and CSR match. The given CSR and Cert must pass their respective validation functions The given CSR and Cert must share the same public key

func HashPassword ¶

func HashPassword(password string) (string, error)

Takes the password string, makes sure it's not empty, and hashes it using bcrypt

func ValidateCertificate ¶

func ValidateCertificate(cert string) error

ValidateCertificate validates the given Cert string to the following:

The string must include 2 or more PEM formatted certificate strings. Each cert must be a valid PEM string, and should be capable of being parsed into type x509 CERTIFICATE Each subsequent certificate in the string should be the issuer of the previous string, which means:

All except the first certificate should have the "is a CA" Basic Constraint. The public key of the certificate should match the public key of the following certificate. The issuer field of the certificate should match the subject field of the following certificate.

func ValidateCertificateRequest ¶

func ValidateCertificateRequest(csr string) error

ValidateCertificateRequest validates the given CSR string to the following: The string must be a valid PEM string, and should be of type CERTIFICATE REQUEST The PEM string should be able to be parsed into a x509 Certificate Request

Types ¶

type CSRFilter ¶

type CSRFilter struct {
	ID  *int
	PEM *string
}

func ByCSRID ¶

func ByCSRID(id int) CSRFilter

func ByCSRPEM ¶

func ByCSRPEM(pem string) CSRFilter

type Certificate ¶

type Certificate struct {
	CertificateID int `db:"certificate_id"`

	Issuer       int `db:"issuer_id"`      // if the issuer id == certificate_id, then this is a self-signed certificate
	PrivateKeyID int `db:"private_key_id"` // if there is no private key, then this certificate cannot sign CSR's

	CertificatePEM string `db:"certificate"`
}

type CertificateFilter ¶

type CertificateFilter struct {
	ID  *int
	PEM *string
}

func ByCertificateID ¶

func ByCertificateID(id int) CertificateFilter

func ByCertificatePEM ¶

func ByCertificatePEM(pem string) CertificateFilter

type CertificateRequest ¶

type CertificateRequest struct {
	CSR_ID int `db:"csr_id"`

	CSR           string `db:"csr"`
	Status        string `db:"status"`
	CertificateID int    `db:"certificate_id"`
}

type CertificateRequestWithChain ¶

type CertificateRequestWithChain struct {
	CSR_ID int `db:"csr_id"`

	CSR              string `db:"csr"`
	Status           string `db:"status"`
	CertificateChain string `db:"certificate_chain"`
}

type Database ¶

type Database struct {
	// contains filtered or unexported fields
}

Database is the object used to communicate with the established repository.

func NewDatabase ¶

func NewDatabase(databasePath string) (*Database, error)

NewDatabase connects to a given table in a given database, stores the connection information and returns an object containing the information. The database path must be a valid file path or ":memory:". The table will be created if it doesn't exist in the format expected by the package.

func (*Database) AddCertificateChainToCertificateRequest ¶

func (db *Database) AddCertificateChainToCertificateRequest(csrFilter CSRFilter, certPEM string) error

AddCertificateChainToCertificateRequestByCSR adds a new certificate chain to a row for a given CSR string.

func (*Database) Close ¶

func (db *Database) Close() error

Close closes the connection to the repository cleanly.

func (*Database) CreateCertificateRequest ¶

func (db *Database) CreateCertificateRequest(csr string) error

CreateCertificateRequest creates a new CSR entry in the repository. The string must be a valid CSR and unique.

func (*Database) CreateUser ¶

func (db *Database) CreateUser(username string, password string, permission int) error

CreateUser creates a new user from a given username, password and permission level. The permission level 1 represents an admin, and a 0 represents a regular user. The password passed in should be in plaintext. This function handles hashing and salting the password before storing it in the database.

func (*Database) DeleteCertificate ¶

func (db *Database) DeleteCertificate(filter CertificateFilter) error

DeleteCertificate removes a certificate from the database.

func (*Database) DeleteCertificateRequest ¶

func (db *Database) DeleteCertificateRequest(filter CSRFilter) error

DeleteCertificateRequest removes a CSR from the database.

func (*Database) DeleteUser ¶

func (db *Database) DeleteUser(filter UserFilter) error

DeleteUserByID removes a user from the table.

func (*Database) GetCertificate ¶

func (db *Database) GetCertificate(filter CertificateFilter) (*Certificate, error)

GetCertificateByID gets a certificate row from the repository from a given ID.

func (*Database) GetCertificateChain ¶

func (db *Database) GetCertificateChain(filter CertificateFilter) ([]Certificate, error)

GetCertificateChainByID gets a certificate chain row from the repository from a given ID.

func (*Database) GetCertificateRequest ¶

func (db *Database) GetCertificateRequest(filter CSRFilter) (*CertificateRequest, error)

GetCertificateRequestByID gets a CSR row from the repository from a given ID.

func (*Database) GetCertificateRequestAndChain ¶

func (db *Database) GetCertificateRequestAndChain(filter CSRFilter) (*CertificateRequestWithChain, error)

GetCertificateRequestAndChain gets a CSR row from the repository from a given ID.

func (*Database) GetUser ¶

func (db *Database) GetUser(filter UserFilter) (*User, error)

GetUserByID retrieves the name, password and the permission level of a user.

func (*Database) ListCertificateRequestWithCertificates ¶

func (db *Database) ListCertificateRequestWithCertificates() ([]CertificateRequestWithChain, error)

ListCertificateRequestWithCertificates gets every CertificateRequest entry in the table.

func (*Database) ListCertificateRequests ¶

func (db *Database) ListCertificateRequests() ([]CertificateRequest, error)

ListCertificateRequests gets every CertificateRequest entry in the table.

func (*Database) ListCertificates ¶

func (db *Database) ListCertificates() ([]Certificate, error)

ListCertificateRequests gets every CertificateRequest entry in the table.

func (*Database) ListUsers ¶

func (db *Database) ListUsers() ([]User, error)

ListUsers returns all of the users and their fields available in the database.

func (*Database) NumUsers ¶

func (db *Database) NumUsers() (int, error)

NumUsers returns the number of users in the database.

func (*Database) RejectCertificateRequest ¶

func (db *Database) RejectCertificateRequest(filter CSRFilter) error

RejectCertificateRequest updates input CSR's row by setting the certificate bundle to "" and moving the row status to "Rejected".

func (*Database) RevokeCertificate ¶

func (db *Database) RevokeCertificate(filter CSRFilter) error

RevokeCertificate updates the input CSR's row by setting the certificate bundle to "" and sets the row status to "Revoked".

func (*Database) UpdateUserPassword ¶

func (db *Database) UpdateUserPassword(filter UserFilter, password string) error

UpdateUser updates the password of the given user. Just like with CreateUser, this function handles hashing and salting the password before storage.

type NumUsers ¶

type NumUsers struct {
	Count int `db:"count"`
}

type PrivateKey ¶

type PrivateKey struct {
	ID int `db:"private_key_id"`

	PrivateKey string `db:"private_key"`
}

type User ¶

type User struct {
	ID int `db:"id"`

	Username       string `db:"username"`
	HashedPassword string `db:"hashed_password"`
	Permissions    int    `db:"permissions"`
}

type UserFilter ¶

type UserFilter struct {
	ID       *int
	Username *string
}

func ByUserID ¶

func ByUserID(id int) UserFilter

func ByUsername ¶

func ByUsername(username string) UserFilter

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL