Documentation ¶
Index ¶
- func NewDbMap(dbConnect string, maxOpenConns int) (*gorp.DbMap, error)
- func NewDbMapFromConfig(config *mysql.Config, maxOpenConns int) (*gorp.DbMap, error)
- func ReportDbConnCount(dbMap *gorp.DbMap, statter metrics.Scope)
- func ReverseName(domain string) string
- func Rollback(tx *gorp.Transaction, err error) error
- func SelectCertificate(s dbOneSelector, q string, args ...interface{}) (core.Certificate, error)
- func SelectCertificateStatus(s dbOneSelector, q string, args ...interface{}) (certStatusModel, error)
- func SelectCertificateStatuses(s dbSelector, q string, args ...interface{}) ([]core.CertificateStatus, error)
- func SelectCertificates(s dbSelector, q string, args map[string]interface{}) ([]core.Certificate, error)
- func SetSQLDebug(dbMap *gorp.DbMap, log blog.Logger)
- type BoulderTypeConverter
- type ErrNoReceipt
- type RollbackError
- type SQLLogger
- type SQLStorageAuthority
- func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, certDER []byte, regID int64, ocspResponse []byte) (string, error)
- func (ssa *SQLStorageAuthority) AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error)
- func (ssa *SQLStorageAuthority) AddSCTReceipt(ctx context.Context, sct core.SignedCertificateTimestamp) error
- func (ssa *SQLStorageAuthority) CountCertificatesByExactNames(ctx context.Context, domains []string, earliest, latest time.Time) ([]*sapb.CountByNames_MapElement, error)
- func (ssa *SQLStorageAuthority) CountCertificatesByNames(ctx context.Context, domains []string, earliest, latest time.Time) ([]*sapb.CountByNames_MapElement, error)
- func (ssa *SQLStorageAuthority) CountCertificatesRange(ctx context.Context, start, end time.Time) (int64, error)
- func (ssa *SQLStorageAuthority) CountFQDNSets(ctx context.Context, window time.Duration, names []string) (int64, error)
- func (ssa *SQLStorageAuthority) CountInvalidAuthorizations(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (count *sapb.Count, err error)
- func (ssa *SQLStorageAuthority) CountPendingAuthorizations(ctx context.Context, regID int64) (count int, err error)
- func (ssa *SQLStorageAuthority) CountPendingOrders(ctx context.Context, regID int64) (int, error)
- func (ssa *SQLStorageAuthority) CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest time.Time, latest time.Time) (int, error)
- func (ssa *SQLStorageAuthority) CountRegistrationsByIPRange(ctx context.Context, ip net.IP, earliest time.Time, latest time.Time) (int, error)
- func (ssa *SQLStorageAuthority) DeactivateAuthorization(ctx context.Context, id string) error
- func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, id int64) error
- func (ssa *SQLStorageAuthority) FQDNSetExists(ctx context.Context, names []string) (bool, error)
- func (ssa *SQLStorageAuthority) FinalizeAuthorization(ctx context.Context, authz core.Authorization) error
- func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *corepb.Order) error
- func (ssa *SQLStorageAuthority) GetAuthorization(ctx context.Context, id string) (core.Authorization, error)
- func (ssa *SQLStorageAuthority) GetAuthorizations(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthority) GetCertificate(ctx context.Context, serial string) (core.Certificate, error)
- func (ssa *SQLStorageAuthority) GetCertificateStatus(ctx context.Context, serial string) (core.CertificateStatus, error)
- func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthority) GetOrderAuthorizations(ctx context.Context, req *sapb.GetOrderAuthorizationsRequest) (map[string]*core.Authorization, error)
- func (ssa *SQLStorageAuthority) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthority) GetPendingAuthorization(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*core.Authorization, error)
- func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, id int64) (core.Registration, error)
- func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, key *jose.JSONWebKey) (core.Registration, error)
- func (ssa *SQLStorageAuthority) GetSCTReceipt(ctx context.Context, serial string, logID string) (core.SignedCertificateTimestamp, error)
- func (ssa *SQLStorageAuthority) GetValidAuthorizations(ctx context.Context, registrationID int64, names []string, now time.Time) (map[string]*core.Authorization, error)
- func (ssa *SQLStorageAuthority) MarkCertificateRevoked(ctx context.Context, serial string, reasonCode revocation.Reason) error
- func (ssa *SQLStorageAuthority) NewOrder(ctx context.Context, req *corepb.Order) (*corepb.Order, error)
- func (ssa *SQLStorageAuthority) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (core.Authorization, error)
- func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, reg core.Registration) (core.Registration, error)
- func (ssa *SQLStorageAuthority) PreviousCertificateExists(ctx context.Context, req *sapb.PreviousCertificateExistsRequest) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthority) RevokeAuthorizationsByDomain(ctx context.Context, ident core.AcmeIdentifier) (int64, int64, error)
- func (ssa *SQLStorageAuthority) SetOrderProcessing(ctx context.Context, req *corepb.Order) error
- func (ssa *SQLStorageAuthority) UpdatePendingAuthorization(ctx context.Context, authz core.Authorization) error
- func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, reg core.Registration) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewDbMap ¶
NewDbMap creates the root gorp mapping object. Create one of these for each database schema you wish to map. Each DbMap contains a list of mapped tables. It automatically maps the tables for the primary parts of Boulder around the Storage Authority.
func NewDbMapFromConfig ¶
NewDbMapFromConfig functions similarly to NewDbMap, but it takes the decomposed form of the connection string, a *mysql.Config.
func ReportDbConnCount ¶
func ReverseName ¶
func Rollback ¶
Rollback rolls back the provided transaction. If the rollback fails for any reason a `RollbackError` error is returned wrapping the original error. If no rollback error occurs then the original error is returned.
func SelectCertificate ¶
func SelectCertificate(s dbOneSelector, q string, args ...interface{}) (core.Certificate, error)
SelectCertificate selects all fields of one certificate object
func SelectCertificateStatus ¶
func SelectCertificateStatus(s dbOneSelector, q string, args ...interface{}) (certStatusModel, error)
SelectCertificateStatus selects all fields of one certificate status model
func SelectCertificateStatuses ¶
func SelectCertificateStatuses(s dbSelector, q string, args ...interface{}) ([]core.CertificateStatus, error)
SelectCertificateStatuses selects all fields of multiple certificate status objects
func SelectCertificates ¶
func SelectCertificates(s dbSelector, q string, args map[string]interface{}) ([]core.Certificate, error)
SelectCertificates selects all fields of multiple certificate objects
func SetSQLDebug ¶
SetSQLDebug enables GORP SQL-level Debugging
Types ¶
type BoulderTypeConverter ¶
type BoulderTypeConverter struct{}
BoulderTypeConverter is used by Gorp for storing objects in DB.
func (BoulderTypeConverter) FromDb ¶
func (tc BoulderTypeConverter) FromDb(target interface{}) (gorp.CustomScanner, bool)
FromDb converts a DB representation back into a Boulder object.
func (BoulderTypeConverter) ToDb ¶
func (tc BoulderTypeConverter) ToDb(val interface{}) (interface{}, error)
ToDb converts a Boulder object to one suitable for the DB representation.
type ErrNoReceipt ¶
type ErrNoReceipt string
ErrNoReceipt is an error type for non-existent SCT receipt
func (ErrNoReceipt) Error ¶
func (e ErrNoReceipt) Error() string
type RollbackError ¶
RollbackError is a combination of a database error and the error, if any, encountered while trying to rollback the transaction.
func (*RollbackError) Error ¶
func (re *RollbackError) Error() string
Error implements the error interface
type SQLStorageAuthority ¶
type SQLStorageAuthority struct {
// contains filtered or unexported fields
}
SQLStorageAuthority defines a Storage Authority
func NewSQLStorageAuthority ¶
func NewSQLStorageAuthority( dbMap *gorp.DbMap, clk clock.Clock, logger blog.Logger, scope metrics.Scope, parallelismPerRPC int, ) (*SQLStorageAuthority, error)
NewSQLStorageAuthority provides persistence using a SQL backend for Boulder. It will modify the given gorp.DbMap by adding relevant tables.
func (*SQLStorageAuthority) AddCertificate ¶
func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, certDER []byte, regID int64, ocspResponse []byte) (string, error)
AddCertificate stores an issued certificate and returns the digest as a string, or an error if any occurred.
func (*SQLStorageAuthority) AddPendingAuthorizations ¶
func (ssa *SQLStorageAuthority) AddPendingAuthorizations(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.AuthorizationIDs, error)
AddPendingAuthorizations creates a batch of pending authorizations and returns their IDs
func (*SQLStorageAuthority) AddSCTReceipt ¶
func (ssa *SQLStorageAuthority) AddSCTReceipt(ctx context.Context, sct core.SignedCertificateTimestamp) error
AddSCTReceipt adds a new SCT receipt to the (append-only) sctReceipts table
func (*SQLStorageAuthority) CountCertificatesByExactNames ¶
func (ssa *SQLStorageAuthority) CountCertificatesByExactNames(ctx context.Context, domains []string, earliest, latest time.Time) ([]*sapb.CountByNames_MapElement, error)
func (*SQLStorageAuthority) CountCertificatesByNames ¶
func (ssa *SQLStorageAuthority) CountCertificatesByNames(ctx context.Context, domains []string, earliest, latest time.Time) ([]*sapb.CountByNames_MapElement, error)
CountCertificatesByNames counts, for each input domain, the number of certificates issued in the given time range for that domain and its subdomains. It returns a map from domains to counts, which is guaranteed to contain an entry for each input domain, so long as err is nil. Queries will be run in parallel. If any of them error, only one error will be returned.
func (*SQLStorageAuthority) CountCertificatesRange ¶
func (ssa *SQLStorageAuthority) CountCertificatesRange(ctx context.Context, start, end time.Time) (int64, error)
CountCertificatesRange returns the number of certificates issued in a specific date range
func (*SQLStorageAuthority) CountFQDNSets ¶
func (ssa *SQLStorageAuthority) CountFQDNSets(ctx context.Context, window time.Duration, names []string) (int64, error)
CountFQDNSets returns the number of sets with hash |setHash| within the window |window|
func (*SQLStorageAuthority) CountInvalidAuthorizations ¶
func (ssa *SQLStorageAuthority) CountInvalidAuthorizations( ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest, ) (count *sapb.Count, err error)
CountInvalidAuthorizations counts invalid authorizations for a user expiring in a given time range. authorizations for the give registration.
func (*SQLStorageAuthority) CountPendingAuthorizations ¶
func (ssa *SQLStorageAuthority) CountPendingAuthorizations(ctx context.Context, regID int64) (count int, err error)
CountPendingAuthorizations returns the number of pending, unexpired authorizations for the given registration.
func (*SQLStorageAuthority) CountPendingOrders ¶
CountPendingOrders returns the number of pending, unexpired orders for the given registration.
func (*SQLStorageAuthority) CountRegistrationsByIP ¶
func (ssa *SQLStorageAuthority) CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest time.Time, latest time.Time) (int, error)
CountRegistrationsByIP returns the number of registrations created in the time range for a single IP address.
func (*SQLStorageAuthority) CountRegistrationsByIPRange ¶
func (ssa *SQLStorageAuthority) CountRegistrationsByIPRange(ctx context.Context, ip net.IP, earliest time.Time, latest time.Time) (int, error)
CountRegistrationsByIPRange returns the number of registrations created in the time range in an IP range. For IPv4 addresses, that range is limited to the single IP. For IPv6 addresses, that range is a /48, since it's not uncommon for one person to have a /48 to themselves.
func (*SQLStorageAuthority) DeactivateAuthorization ¶
func (ssa *SQLStorageAuthority) DeactivateAuthorization(ctx context.Context, id string) error
DeactivateAuthorization deactivates a currently valid or pending authorization
func (*SQLStorageAuthority) DeactivateRegistration ¶
func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, id int64) error
DeactivateRegistration deactivates a currently valid registration
func (*SQLStorageAuthority) FQDNSetExists ¶
FQDNSetExists returns a bool indicating if one or more FQDN sets |names| exists in the database
func (*SQLStorageAuthority) FinalizeAuthorization ¶
func (ssa *SQLStorageAuthority) FinalizeAuthorization(ctx context.Context, authz core.Authorization) error
FinalizeAuthorization converts a Pending Authorization to a final one. If the Authorization is not found a berrors.NotFound result is returned. If the Authorization is status pending a berrors.InternalServer error is returned.
func (*SQLStorageAuthority) FinalizeOrder ¶
FinalizeOrder finalizes a provided *corepb.Order by persisting the CertificateSerial and a valid status to the database. No fields other than CertificateSerial and the order ID on the provided order are processed (e.g. this is not a generic update RPC).
func (*SQLStorageAuthority) GetAuthorization ¶
func (ssa *SQLStorageAuthority) GetAuthorization(ctx context.Context, id string) (core.Authorization, error)
GetAuthorization obtains an Authorization by ID
func (*SQLStorageAuthority) GetAuthorizations ¶
func (ssa *SQLStorageAuthority) GetAuthorizations(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
GetAuthorizations returns a map of valid or pending authorizations for as many names as possible
func (*SQLStorageAuthority) GetCertificate ¶
func (ssa *SQLStorageAuthority) GetCertificate(ctx context.Context, serial string) (core.Certificate, error)
GetCertificate takes a serial number and returns the corresponding certificate, or error if it does not exist.
func (*SQLStorageAuthority) GetCertificateStatus ¶
func (ssa *SQLStorageAuthority) GetCertificateStatus(ctx context.Context, serial string) (core.CertificateStatus, error)
GetCertificateStatus takes a hexadecimal string representing the full 128-bit serial number of a certificate and returns data about that certificate's current validity.
func (*SQLStorageAuthority) GetOrder ¶
func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
GetOrder is used to retrieve an already existing order object
func (*SQLStorageAuthority) GetOrderAuthorizations ¶
func (ssa *SQLStorageAuthority) GetOrderAuthorizations( ctx context.Context, req *sapb.GetOrderAuthorizationsRequest) (map[string]*core.Authorization, error)
TODO(@cpu): Rename this to `GetValidOrderAuthorizations` GetOrderAuthorizations is used to find the valid, unexpired authorizations associated with a specific order and account ID.
func (*SQLStorageAuthority) GetOrderForNames ¶
func (ssa *SQLStorageAuthority) GetOrderForNames( ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
GetOrderForNames tries to find a **pending** order with the exact set of names requested, associated with the given accountID. Only unexpired orders with status pending are considered. If no order meeting these requirements is found a nil corepb.Order pointer is returned.
func (*SQLStorageAuthority) GetPendingAuthorization ¶
func (ssa *SQLStorageAuthority) GetPendingAuthorization( ctx context.Context, req *sapb.GetPendingAuthorizationRequest, ) (*core.Authorization, error)
GetPendingAuthorization returns the most recent Pending authorization with the given identifier, if available.
func (*SQLStorageAuthority) GetRegistration ¶
func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, id int64) (core.Registration, error)
GetRegistration obtains a Registration by ID
func (*SQLStorageAuthority) GetRegistrationByKey ¶
func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, key *jose.JSONWebKey) (core.Registration, error)
GetRegistrationByKey obtains a Registration by JWK
func (*SQLStorageAuthority) GetSCTReceipt ¶
func (ssa *SQLStorageAuthority) GetSCTReceipt(ctx context.Context, serial string, logID string) (core.SignedCertificateTimestamp, error)
GetSCTReceipt gets a specific SCT receipt for a given certificate serial and CT log ID
func (*SQLStorageAuthority) GetValidAuthorizations ¶
func (ssa *SQLStorageAuthority) GetValidAuthorizations(ctx context.Context, registrationID int64, names []string, now time.Time) (map[string]*core.Authorization, error)
GetValidAuthorizations returns the latest authorization object for all domain names from the parameters that the account has authorizations for.
func (*SQLStorageAuthority) MarkCertificateRevoked ¶
func (ssa *SQLStorageAuthority) MarkCertificateRevoked(ctx context.Context, serial string, reasonCode revocation.Reason) error
MarkCertificateRevoked stores the fact that a certificate is revoked, along with a timestamp and a reason.
func (*SQLStorageAuthority) NewOrder ¶
func (ssa *SQLStorageAuthority) NewOrder(ctx context.Context, req *corepb.Order) (*corepb.Order, error)
NewOrder adds a new v2 style order to the database
func (*SQLStorageAuthority) NewPendingAuthorization ¶
func (ssa *SQLStorageAuthority) NewPendingAuthorization(ctx context.Context, authz core.Authorization) (core.Authorization, error)
NewPendingAuthorization retrieves a pending authorization for authz.Identifier if one exists, or creates a new one otherwise.
func (*SQLStorageAuthority) NewRegistration ¶
func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, reg core.Registration) (core.Registration, error)
NewRegistration stores a new Registration
func (*SQLStorageAuthority) PreviousCertificateExists ¶
func (ssa *SQLStorageAuthority) PreviousCertificateExists( ctx context.Context, req *sapb.PreviousCertificateExistsRequest, ) (*sapb.Exists, error)
PreviousCertificateExists returns true iff there was at least one certificate issued with the provided domain name, and the most recent such certificate was issued by the provided registration ID. Note: This means that if two different accounts were issuing certificates for a domain, only one gets the right to revalidate using TLS-SNI-01. We think this is an acceptable tradeoff of complexity versus coverage, though we may reconsider in the future.
func (*SQLStorageAuthority) RevokeAuthorizationsByDomain ¶
func (ssa *SQLStorageAuthority) RevokeAuthorizationsByDomain(ctx context.Context, ident core.AcmeIdentifier) (int64, int64, error)
RevokeAuthorizationsByDomain invalidates all pending or finalized authorizations for a specific domain
func (*SQLStorageAuthority) SetOrderProcessing ¶
SetOrderProcessing updates a provided *corepb.Order in pending status to be in processing status by updating the `beganProcessing` field of the corresponding Order table row in the DB.
func (*SQLStorageAuthority) UpdatePendingAuthorization ¶
func (ssa *SQLStorageAuthority) UpdatePendingAuthorization(ctx context.Context, authz core.Authorization) error
UpdatePendingAuthorization updates a Pending Authorization's Challenges. Despite what the name "UpdatePendingAuthorization" (preserved for legacy reasons) may indicate, the pending authorization table row is not changed, only the associated challenges by way of `sa.updateChallenges`.
func (*SQLStorageAuthority) UpdateRegistration ¶
func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, reg core.Registration) error
UpdateRegistration stores an updated Registration