certdb

package

v0.0.0-...-14ff7ac Latest Latest Go to latest Published: Jan 13, 2025 License: BSD-2-Clause Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package certdb contains Go definitions for the database representation of certificates, as well as associated code for putting it into the database.

Index ¶

func Ensure(table Table, tx *sql.Tx) (bool, error)
func Finalize(err *error, tx *sql.Tx)
type AIA
- func NewAIA(cert *Certificate) *AIA
- func (aia *AIA) Insert(tx *sql.Tx) error
- func (aia *AIA) Select(tx *sql.Tx) error
type Certificate
type CertificateRelease
- func NewCertificateRelease(c *Certificate, r *Release) *CertificateRelease
- func (cr *CertificateRelease) Insert(tx *sql.Tx) error
- func (cr *CertificateRelease) Select(tx *sql.Tx) error
type Release
type Revocation
- func (rev *Revocation) Insert(tx *sql.Tx) error
- func (rev *Revocation) Select(tx *sql.Tx) error
type Table

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Ensure ¶

func Ensure(table Table, tx *sql.Tx) (bool, error)

Ensure ensures the value is present in the database. It calls Select, and if no rows are returned, it calls Insert. The boolean will be true if the value was inserted. This value is meaningless if err is non-nil.

func Finalize ¶

func Finalize(err *error, tx *sql.Tx)

Finalize finishes a transaction, committing it if needed or rolling back on error.

Types ¶

type AIA ¶

type AIA struct {
	SKI string // Primary key.
	URL string
}

AIA models the aia table.

func NewAIA ¶

func NewAIA(cert *Certificate) *AIA

NewAIA populates an AIA structure from a Certificate.

func (*AIA) Insert ¶

func (aia *AIA) Insert(tx *sql.Tx) error

Insert stores the release in the database.

func (*AIA) Select ¶

func (aia *AIA) Select(tx *sql.Tx) error

Select requires the SKI field to be filled in.

type Certificate ¶

type Certificate struct {
	SKI       string
	AKI       string
	Serial    []byte
	NotBefore int64
	NotAfter  int64
	Raw       []byte
	// contains filtered or unexported fields

} // UNIQUE(ski, serial)

Certificate models the certificate table.

func AllCertificates ¶

func AllCertificates(tx *sql.Tx) ([]*Certificate, error)

AllCertificates loads all the certificates in the database.

func CollectRelease ¶

func CollectRelease(bundle, version string, tx *sql.Tx) ([]*Certificate, error)

CollectRelease grabs all the certificates in a release, ordering them by the oldest.

func FindCertificateBySKI ¶

func FindCertificateBySKI(db *sql.DB, ski string) ([]*Certificate, error)

FindCertificateBySKI returns all the certificates with the given SKI.

func NewCertificate ¶

func NewCertificate(cert *x509.Certificate) *Certificate

NewCertificate creates a Certificate from a crypto/x509 Certificate structure.

func (*Certificate) Insert ¶

func (cert *Certificate) Insert(tx *sql.Tx) error

Insert stores the Certificate in the database.

func (*Certificate) Releases ¶

func (cert *Certificate) Releases(tx *sql.Tx) ([]*Release, error)

Releases looks up all the releases for a certificate.

func (*Certificate) Revoke ¶

func (cert *Certificate) Revoke(tx *sql.Tx, mechanism, reason string, when int64) error

Revoke marks the certificate as revoked.

func (*Certificate) Revoked ¶

func (cert *Certificate) Revoked(tx *sql.Tx, when int64) (bool, error)

Revoked returns true if the certificate was revoked before the timestamp passed in.

func (*Certificate) Select ¶

func (cert *Certificate) Select(tx *sql.Tx) error

Select requires the SKI and Serial fields to be filled in.

func (*Certificate) X509 ¶

func (cert *Certificate) X509() *x509.Certificate

X509 returns the *crypto/x509.Certificate from the certificate.

type CertificateRelease ¶

type CertificateRelease struct {
	Certificate *Certificate
	Release     *Release
}

A CertificateRelease pairs a Certificate and Release to enable adding certificates to the relevant release tables.

func NewCertificateRelease ¶

func NewCertificateRelease(c *Certificate, r *Release) *CertificateRelease

NewCertificateRelease is a convenience function for building a CertificateRelease structure.

func (*CertificateRelease) Insert ¶

func (cr *CertificateRelease) Insert(tx *sql.Tx) error

Insert stores the CertificateRelease in the database. It does no checking to determine if the CertificateRelease is already in the database, and will fail if it's already present in the database (due to UNIQUE constraints).

func (*CertificateRelease) Select ¶

func (cr *CertificateRelease) Select(tx *sql.Tx) error

Select requires the Certificate field to have the SKI and Serial filled in, and the Release field to have the Version field filled in.

type Release ¶

type Release struct {
	Bundle     string // Is this a CA or intermediate release?
	Version    string
	ReleasedAt int64
}

Release models the root_releases and intermediate_releases tables.

func AllReleases ¶

func AllReleases(db *sql.DB, bundle string) ([]*Release, error)

AllReleases returns the list of all releases, sorted in reverse chronological order.

func FetchRelease ¶

func FetchRelease(db *sql.DB, bundle, version string) (*Release, error)

FetchRelease looks for the specified release. It does its own transaction to match the style of the other release fetching functions.

func LatestRelease ¶

func LatestRelease(db *sql.DB, bundle string) (*Release, error)

LatestRelease returns the latest release.

func NewRelease ¶

func NewRelease(bundle, version string) (*Release, error)

NewRelease verifies the bundle is valid, and creates a new Release with the current time stamp.

func (*Release) Count ¶

func (r *Release) Count(db *sql.DB) (int, error)

Count requires the Release to be Selectable, and will return the number of certificates in the release.

func (*Release) Insert ¶

func (r *Release) Insert(tx *sql.Tx) error

Insert stores the Release in the database.

func (*Release) Previous ¶

func (r *Release) Previous(db *sql.DB) (*Release, error)

Previous returns the previous release. The Release must fully filled out.

func (*Release) Select ¶

func (r *Release) Select(tx *sql.Tx) error

Select requires the Version field to have been populated.

type Revocation ¶

type Revocation struct {
	SKI       string
	RevokedAt int64
	Mechanism string
	Reason    string
}

Revocation models the revocations table.

func (*Revocation) Insert ¶

func (rev *Revocation) Insert(tx *sql.Tx) error

Insert adds the revocation to the database if no revocation exists yet.

func (*Revocation) Select ¶

func (rev *Revocation) Select(tx *sql.Tx) error

Select requires the SKI field to be filled in. Note that only one revocation per SKI should exist.

type Table ¶

type Table interface {
	// Insert stores a value in the database; it doesn't check
	// whether the value exists in the database already and isn't
	// idempotent --- calling it twice on the same value will
	// likely violate UNIQUE constraints.
	Insert(tx *sql.Tx) error

	// Select fills in the value given certain primary fields
	// being filled in. The function comment for each struct's
	// implementation should note which fields should be filled in
	// prior to calling this. It should also return sql.ErrNoRows
	// if the item doesn't exist in the database.
	Select(tx *sql.Tx) error
}

Table provides an interface for mapping a struct to a table in the database.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL