Documentation ¶
Index ¶
- func ClearEmail(ctx context.Context, dbMap db.DatabaseMap, regID int64, email string) error
- func DBMapForTest(dbConnect string) (*boulderDB.WrappedMap, error)
- func DBMapForTestWithLog(dbConnect string, log blog.Logger) (*boulderDB.WrappedMap, error)
- func InitWrappedDb(config cmd.DBConfig, scope prometheus.Registerer, logger blog.Logger) (*boulderDB.WrappedMap, error)
- func ReverseName(domain string) string
- func SelectAuthzsMatchingIssuance(ctx context.Context, s db.Selector, regID int64, issued time.Time, ...) ([]*corepb.Authorization, error)
- func SelectCertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
- func SelectCertificateStatus(ctx context.Context, s db.OneSelector, serial string) (core.CertificateStatus, error)
- func SelectPrecertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
- func SelectRevocationStatus(ctx context.Context, s db.OneSelector, serial string) (*sapb.RevocationStatus, error)
- type BoulderTypeConverter
- type CertStatusMetadata
- type CertWithID
- type DbSettings
- type RevocationStatusModel
- type SQLLogger
- type SQLStorageAuthority
- func (ssa *SQLStorageAuthority) AddBlockedKey(ctx context.Context, req *sapb.AddBlockedKeyRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, req *sapb.RegistrationID) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *sapb.FinalizeOrderRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) Health(ctx context.Context) error
- func (ssa *SQLStorageAuthority) LeaseCRLShard(ctx context.Context, req *sapb.LeaseCRLShardRequest) (*sapb.LeaseCRLShardResponse, error)
- func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, req *corepb.Registration) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthority) PauseIdentifiers(ctx context.Context, req *sapb.PauseRequest) (*sapb.PauseIdentifiersResponse, error)
- func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) SetCertificateStatusReady(ctx context.Context, req *sapb.Serial) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) SetOrderError(ctx context.Context, req *sapb.SetOrderErrorRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) UnpauseAccount(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
- func (ssa *SQLStorageAuthority) UpdateCRLShard(ctx context.Context, req *sapb.UpdateCRLShardRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, req *corepb.Registration) (*emptypb.Empty, error)deprecated
- func (ssa *SQLStorageAuthority) UpdateRegistrationContact(ctx context.Context, req *sapb.UpdateRegistrationContactRequest) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthority) UpdateRegistrationKey(ctx context.Context, req *sapb.UpdateRegistrationKeyRequest) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthority) UpdateRevokedCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
- type SQLStorageAuthorityRO
- func (ssa *SQLStorageAuthorityRO) CheckIdentifiersPaused(ctx context.Context, req *sapb.PauseRequest) (*sapb.Identifiers, error)
- func (ssa *SQLStorageAuthorityRO) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
- func (ssa *SQLStorageAuthorityRO) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthorityRO) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
- func (ssa *SQLStorageAuthorityRO) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
- func (ssa *SQLStorageAuthorityRO) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)deprecated
- func (ssa *SQLStorageAuthorityRO) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
- func (ssa *SQLStorageAuthorityRO) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
- func (ssa *SQLStorageAuthorityRO) GetLintPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
- func (ssa *SQLStorageAuthorityRO) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
- func (ssa *SQLStorageAuthorityRO) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthorityRO) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthorityRO) GetPausedIdentifiers(ctx context.Context, req *sapb.RegistrationID) (*sapb.Identifiers, error)
- func (ssa *SQLStorageAuthorityRO) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthorityRO) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthorityRO) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
- func (ssa *SQLStorageAuthorityRO) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, ...) error
- func (ssa *SQLStorageAuthorityRO) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
- func (ssa *SQLStorageAuthorityRO) GetSerialsByAccount(req *sapb.RegistrationID, stream grpc.ServerStreamingServer[sapb.Serial]) error
- func (ssa *SQLStorageAuthorityRO) GetSerialsByKey(req *sapb.SPKIHash, stream grpc.ServerStreamingServer[sapb.Serial]) error
- func (ssa *SQLStorageAuthorityRO) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthorityRO) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthorityRO) Health(ctx context.Context) error
- func (ssa *SQLStorageAuthorityRO) IncidentsForSerial(ctx context.Context, req *sapb.Serial) (*sapb.Incidents, error)
- func (ssa *SQLStorageAuthorityRO) KeyBlocked(ctx context.Context, req *sapb.SPKIHash) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthorityRO) ReplacementOrderExists(ctx context.Context, req *sapb.Serial) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthorityRO) SerialsForIncident(req *sapb.SerialsForIncidentRequest, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClearEmail ¶
ClearEmail removes the provided email address from one specified registration. If there are multiple email addresses present, it does not modify other ones. If the email address is not present, it does not modify the registration and will return a nil error.
func DBMapForTest ¶
func DBMapForTest(dbConnect string) (*boulderDB.WrappedMap, error)
DBMapForTest creates a wrapped root borp mapping object. Create one of these for each database schema you wish to map. Each DbMap contains a list of mapped tables. It automatically maps the tables for the primary parts of Boulder around the Storage Authority.
func DBMapForTestWithLog ¶
DBMapForTestWithLog does the same as DBMapForTest but also routes the debug logs from the database driver to the given log (usually a `blog.NewMock`).
func InitWrappedDb ¶
func InitWrappedDb(config cmd.DBConfig, scope prometheus.Registerer, logger blog.Logger) (*boulderDB.WrappedMap, error)
InitWrappedDb constructs a wrapped borp mapping object with the provided settings. If scope is non-nil, Prometheus metrics will be exported. If logger is non-nil, SQL debug-level logging will be enabled. The only required parameter is config.
func ReverseName ¶
func SelectAuthzsMatchingIssuance ¶
func SelectAuthzsMatchingIssuance( ctx context.Context, s db.Selector, regID int64, issued time.Time, dnsNames []string, ) ([]*corepb.Authorization, error)
SelectAuthzsMatchingIssuance looks for a set of authzs that would have authorized a given issuance that is known to have occurred. The returned authzs will all belong to the given regID, will have potentially been valid at the time of issuance, and will have the appropriate identifier type and value. This may return multiple authzs for the same identifier type and value.
This returns "potentially" valid authzs because a client may have set an authzs status to deactivated after issuance, so we return both valid and deactivated authzs. It also uses a small amount of leeway (1s) to account for possible clock skew.
This function doesn't do anything special for authzs with an expiration in the past. If the stored authz has a valid status, it is returned with a valid status regardless of whether it is also expired.
func SelectCertificate ¶
func SelectCertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
SelectCertificate selects all fields of one certificate object identified by a serial. If more than one row contains the same serial only the first is returned.
func SelectCertificateStatus ¶
func SelectCertificateStatus(ctx context.Context, s db.OneSelector, serial string) (core.CertificateStatus, error)
SelectCertificateStatus selects all fields of one certificate status model identified by serial
func SelectPrecertificate ¶
func SelectPrecertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
SelectPrecertificate selects all fields of one precertificate object identified by serial.
func SelectRevocationStatus ¶
func SelectRevocationStatus(ctx context.Context, s db.OneSelector, serial string) (*sapb.RevocationStatus, error)
SelectRevocationStatus returns the authoritative revocation information for the certificate with the given serial.
Types ¶
type BoulderTypeConverter ¶
type BoulderTypeConverter struct{}
BoulderTypeConverter is used by borp for storing objects in DB.
func (BoulderTypeConverter) FromDb ¶
func (tc BoulderTypeConverter) FromDb(target interface{}) (borp.CustomScanner, bool)
FromDb converts a DB representation back into a Boulder object.
func (BoulderTypeConverter) ToDb ¶
func (tc BoulderTypeConverter) ToDb(val interface{}) (interface{}, error)
ToDb converts a Boulder object to one suitable for the DB representation.
type CertStatusMetadata ¶
type CertStatusMetadata struct { ID int64 `db:"id"` Serial string `db:"serial"` Status core.OCSPStatus `db:"status"` OCSPLastUpdated time.Time `db:"ocspLastUpdated"` RevokedDate time.Time `db:"revokedDate"` RevokedReason revocation.Reason `db:"revokedReason"` LastExpirationNagSent time.Time `db:"lastExpirationNagSent"` NotAfter time.Time `db:"notAfter"` IsExpired bool `db:"isExpired"` IssuerID int64 `db:"issuerID"` }
type CertWithID ¶
type CertWithID struct { ID int64 core.Certificate }
func SelectCertificates ¶
func SelectCertificates(ctx context.Context, s db.Selector, q string, args map[string]interface{}) ([]CertWithID, error)
SelectCertificates selects all fields of multiple certificate objects
func SelectPrecertificates ¶
func SelectPrecertificates(ctx context.Context, s db.Selector, q string, args map[string]interface{}) ([]CertWithID, error)
SelectPrecertificates selects all fields of multiple precertificate objects.
type DbSettings ¶
type DbSettings struct { // MaxOpenConns sets the maximum number of open connections to the // database. If MaxIdleConns is greater than 0 and MaxOpenConns is // less than MaxIdleConns, then MaxIdleConns will be reduced to // match the new MaxOpenConns limit. If n < 0, then there is no // limit on the number of open connections. MaxOpenConns int // MaxIdleConns sets the maximum number of connections in the idle // connection pool. If MaxOpenConns is greater than 0 but less than // MaxIdleConns, then MaxIdleConns will be reduced to match the // MaxOpenConns limit. If n < 0, no idle connections are retained. MaxIdleConns int // ConnMaxLifetime sets the maximum amount of time a connection may // be reused. Expired connections may be closed lazily before reuse. // If d < 0, connections are not closed due to a connection's age. ConnMaxLifetime time.Duration // ConnMaxIdleTime sets the maximum amount of time a connection may // be idle. Expired connections may be closed lazily before reuse. // If d < 0, connections are not closed due to a connection's idle // time. ConnMaxIdleTime time.Duration }
DbSettings contains settings for the database/sql driver. The zero value of each field means use the default setting from database/sql. ConnMaxIdleTime and ConnMaxLifetime should be set lower than their mariab counterparts interactive_timeout and wait_timeout.
type RevocationStatusModel ¶
type RevocationStatusModel struct { Status core.OCSPStatus `db:"status"` RevokedDate time.Time `db:"revokedDate"` RevokedReason revocation.Reason `db:"revokedReason"` }
RevocationStatusModel represents a small subset of the columns in the certificateStatus table, used to determine the authoritative revocation status of a certificate.
type SQLStorageAuthority ¶
type SQLStorageAuthority struct { sapb.UnsafeStorageAuthorityServer *SQLStorageAuthorityRO // contains filtered or unexported fields }
SQLStorageAuthority defines a Storage Authority.
Note that although SQLStorageAuthority does have methods wrapping all of the read-only methods provided by the SQLStorageAuthorityRO, those wrapper implementations are in saro.go, next to the real implementations.
func NewSQLStorageAuthority ¶
func NewSQLStorageAuthority( dbMap *db.WrappedMap, dbReadOnlyMap *db.WrappedMap, dbIncidentsMap *db.WrappedMap, parallelismPerRPC int, lagFactor time.Duration, clk clock.Clock, logger blog.Logger, stats prometheus.Registerer, ) (*SQLStorageAuthority, error)
NewSQLStorageAuthority provides persistence using a SQL backend for Boulder. It constructs its own read-only storage authority to wrap.
func NewSQLStorageAuthorityWrapping ¶
func NewSQLStorageAuthorityWrapping( ssaro *SQLStorageAuthorityRO, dbMap *db.WrappedMap, stats prometheus.Registerer, ) (*SQLStorageAuthority, error)
NewSQLStorageAuthorityWrapping provides persistence using a SQL backend for Boulder. It takes a read-only storage authority to wrap, which is useful if you are constructing both types of implementations and want to share read-only database connections between them.
func (*SQLStorageAuthority) AddBlockedKey ¶
func (ssa *SQLStorageAuthority) AddBlockedKey(ctx context.Context, req *sapb.AddBlockedKeyRequest) (*emptypb.Empty, error)
AddBlockedKey adds a key hash to the blockedKeys table
func (*SQLStorageAuthority) AddCertificate ¶
func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
AddCertificate stores an issued certificate, returning an error if it is a duplicate or if any other failure occurs.
func (*SQLStorageAuthority) AddPrecertificate ¶
func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
AddPrecertificate writes a record of a linting certificate to the database.
Note: The name "AddPrecertificate" is a historical artifact, and this is now always called with a linting certificate. See #6807.
Note: this is not idempotent: it does not protect against inserting the same certificate multiple times. Calling code needs to first insert the cert's serial into the Serials table to ensure uniqueness.
func (*SQLStorageAuthority) AddSerial ¶
func (ssa *SQLStorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error)
AddSerial writes a record of a serial number generation to the DB.
func (*SQLStorageAuthority) DeactivateAuthorization2 ¶
func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*emptypb.Empty, error)
DeactivateAuthorization2 deactivates a currently valid or pending authorization.
func (*SQLStorageAuthority) DeactivateRegistration ¶
func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, req *sapb.RegistrationID) (*emptypb.Empty, error)
DeactivateRegistration deactivates a currently valid registration and removes its contact field
func (*SQLStorageAuthority) FinalizeAuthorization2 ¶
func (ssa *SQLStorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest) (*emptypb.Empty, error)
FinalizeAuthorization2 moves a pending authorization to either the valid or invalid status. If the authorization is being moved to invalid the validationError field must be set. If the authorization is being moved to valid the validationRecord and expires fields must be set.
func (*SQLStorageAuthority) FinalizeOrder ¶
func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *sapb.FinalizeOrderRequest) (*emptypb.Empty, error)
FinalizeOrder finalizes a provided *corepb.Order by persisting the CertificateSerial and a valid status to the database. No fields other than CertificateSerial and the order ID on the provided order are processed (e.g. this is not a generic update RPC).
func (*SQLStorageAuthority) Health ¶
func (ssa *SQLStorageAuthority) Health(ctx context.Context) error
Health implements the grpc.checker interface.
func (*SQLStorageAuthority) LeaseCRLShard ¶
func (ssa *SQLStorageAuthority) LeaseCRLShard(ctx context.Context, req *sapb.LeaseCRLShardRequest) (*sapb.LeaseCRLShardResponse, error)
LeaseCRLShard marks a single crlShards row as leased until the given time. If the request names a specific shard, this function will return an error if that shard is already leased. Otherwise, this function will return the index of the oldest shard for the given issuer.
func (*SQLStorageAuthority) NewOrderAndAuthzs ¶
func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error)
NewOrderAndAuthzs adds the given authorizations to the database, adds their autogenerated IDs to the given order, and then adds the order to the db. This is done inside a single transaction to prevent situations where new authorizations are created, but then their corresponding order is never created, leading to "invisible" pending authorizations.
func (*SQLStorageAuthority) NewRegistration ¶
func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, req *corepb.Registration) (*corepb.Registration, error)
NewRegistration stores a new Registration
func (*SQLStorageAuthority) PauseIdentifiers ¶
func (ssa *SQLStorageAuthority) PauseIdentifiers(ctx context.Context, req *sapb.PauseRequest) (*sapb.PauseIdentifiersResponse, error)
PauseIdentifiers pauses a set of identifiers for the provided account. If an identifier is currently paused, this is a no-op. If an identifier was previously paused and unpaused, it will be repaused unless it was unpaused less than two weeks ago. The response will indicate how many identifiers were paused and how many were repaused. All work is accomplished in a transaction to limit possible race conditions.
func (*SQLStorageAuthority) RevokeCertificate ¶
func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
RevokeCertificate stores revocation information about a certificate. It will only store this information if the certificate is not already marked as revoked.
func (*SQLStorageAuthority) SetCertificateStatusReady ¶
func (ssa *SQLStorageAuthority) SetCertificateStatusReady(ctx context.Context, req *sapb.Serial) (*emptypb.Empty, error)
SetCertificateStatusReady changes a serial's OCSP status from core.OCSPStatusNotReady to core.OCSPStatusGood. Called when precertificate issuance succeeds. returns an error if the serial doesn't have status core.OCSPStatusNotReady.
func (*SQLStorageAuthority) SetOrderError ¶
func (ssa *SQLStorageAuthority) SetOrderError(ctx context.Context, req *sapb.SetOrderErrorRequest) (*emptypb.Empty, error)
SetOrderError updates a provided Order's error field.
func (*SQLStorageAuthority) SetOrderProcessing ¶
func (ssa *SQLStorageAuthority) SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error)
SetOrderProcessing updates an order from pending status to processing status by updating the `beganProcessing` field of the corresponding Order table row in the DB.
func (*SQLStorageAuthority) UnpauseAccount ¶
func (ssa *SQLStorageAuthority) UnpauseAccount(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
UnpauseAccount uses up to 5 iterations of UPDATE queries each with a LIMIT of 10,000 to unpause up to 50,000 identifiers and returns a count of identifiers unpaused. If the returned count is 50,000 there may be more paused identifiers.
func (*SQLStorageAuthority) UpdateCRLShard ¶
func (ssa *SQLStorageAuthority) UpdateCRLShard(ctx context.Context, req *sapb.UpdateCRLShardRequest) (*emptypb.Empty, error)
UpdateCRLShard updates the thisUpdate and nextUpdate timestamps of a CRL shard. It rejects the update if it would cause the thisUpdate timestamp to move backwards, but if thisUpdate would stay the same (for instance, multiple CRL generations within a single second), it will succeed.
It does *not* reject the update if the shard is no longer leased: although this would be unexpected (because the lease timestamp should be the same as the crl-updater's context expiration), it's not inherently a sign of an update that should be skipped. It does reject the update if the identified CRL shard does not exist in the database (it should exist, as rows are created if necessary when leased). It also sets the leasedUntil time to be equal to thisUpdate, to indicate that the shard is no longer leased.
func (*SQLStorageAuthority) UpdateRegistration
deprecated
func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, req *corepb.Registration) (*emptypb.Empty, error)
UpdateRegistration stores an updated Registration
Deprecated: Use UpdateRegistrationContact or UpdateRegistrationKey instead.
func (*SQLStorageAuthority) UpdateRegistrationContact ¶
func (ssa *SQLStorageAuthority) UpdateRegistrationContact(ctx context.Context, req *sapb.UpdateRegistrationContactRequest) (*corepb.Registration, error)
UpdateRegistrationContact stores an updated contact in a Registration. The updated contacts field may be empty.
func (*SQLStorageAuthority) UpdateRegistrationKey ¶
func (ssa *SQLStorageAuthority) UpdateRegistrationKey(ctx context.Context, req *sapb.UpdateRegistrationKeyRequest) (*corepb.Registration, error)
UpdateRegistrationKey stores an updated key in a Registration.
func (*SQLStorageAuthority) UpdateRevokedCertificate ¶
func (ssa *SQLStorageAuthority) UpdateRevokedCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
UpdateRevokedCertificate stores new revocation information about an already-revoked certificate. It will only store this information if the cert is already revoked, if the new revocation reason is `KeyCompromise`, and if the revokedDate is identical to the current revokedDate.
type SQLStorageAuthorityRO ¶
type SQLStorageAuthorityRO struct { sapb.UnsafeStorageAuthorityReadOnlyServer // contains filtered or unexported fields }
SQLStorageAuthorityRO defines a read-only subset of a Storage Authority
func NewSQLStorageAuthorityRO ¶
func NewSQLStorageAuthorityRO( dbReadOnlyMap *db.WrappedMap, dbIncidentsMap *db.WrappedMap, stats prometheus.Registerer, parallelismPerRPC int, lagFactor time.Duration, clk clock.Clock, logger blog.Logger, ) (*SQLStorageAuthorityRO, error)
NewSQLStorageAuthorityRO provides persistence using a SQL backend for Boulder. It will modify the given borp.DbMap by adding relevant tables.
func (*SQLStorageAuthorityRO) CheckIdentifiersPaused ¶
func (ssa *SQLStorageAuthorityRO) CheckIdentifiersPaused(ctx context.Context, req *sapb.PauseRequest) (*sapb.Identifiers, error)
CheckIdentifiersPaused takes a slice of identifiers and returns a slice of the first 15 identifier values which are currently paused for the provided account. If no matches are found, an empty slice is returned.
func (*SQLStorageAuthorityRO) CountCertificatesByNames ¶
func (ssa *SQLStorageAuthorityRO) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
CountCertificatesByNames counts, for each input domain, the number of certificates issued in the given time range for that domain and its subdomains. It returns a map from domains to counts and a timestamp. The map of domains to counts is guaranteed to contain an entry for each input domain, so long as err is nil. The timestamp is the earliest time a certificate was issued for any of the domains during the provided range of time. Queries will be run in parallel. If any of them error, only one error will be returned.
func (*SQLStorageAuthorityRO) CountInvalidAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
CountInvalidAuthorizations2 counts invalid authorizations for a user expiring in a given time range. This method only supports DNS identifier types.
func (*SQLStorageAuthorityRO) CountOrders ¶
func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
func (*SQLStorageAuthorityRO) CountPendingAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
CountPendingAuthorizations2 returns the number of pending, unexpired authorizations for the given registration.
func (*SQLStorageAuthorityRO) FQDNSetExists ¶
func (ssa *SQLStorageAuthorityRO) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
FQDNSetExists returns a bool indicating if one or more FQDN sets |names| exists in the database
func (*SQLStorageAuthorityRO) FQDNSetTimestampsForWindow ¶
func (ssa *SQLStorageAuthorityRO) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
FQDNSetTimestampsForWindow returns the issuance timestamps for each certificate, issued for a set of domains, during a given window of time, starting from the most recent issuance.
func (*SQLStorageAuthorityRO) GetAuthorization2 ¶
func (ssa *SQLStorageAuthorityRO) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
GetAuthorization2 returns the authz2 style authorization identified by the provided ID or an error. If no authorization is found matching the ID a berrors.NotFound type error is returned.
func (*SQLStorageAuthorityRO) GetAuthorizations2
deprecated
func (ssa *SQLStorageAuthorityRO) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
GetAuthorizations2 returns a single pending or valid authorization owned by the given account for all given identifiers. If both a valid and pending authorization exist only the valid one will be returned. Currently only dns identifiers are supported.
Deprecated: Use GetValidAuthorizations2, as we stop pending authz reuse.
func (*SQLStorageAuthorityRO) GetCertificate ¶
func (ssa *SQLStorageAuthorityRO) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
GetCertificate takes a serial number and returns the corresponding certificate, or error if it does not exist.
func (*SQLStorageAuthorityRO) GetCertificateStatus ¶
func (ssa *SQLStorageAuthorityRO) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
GetCertificateStatus takes a hexadecimal string representing the full 128-bit serial number of a certificate and returns data about that certificate's current validity.
func (*SQLStorageAuthorityRO) GetLintPrecertificate ¶
func (ssa *SQLStorageAuthorityRO) GetLintPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
GetLintPrecertificate takes a serial number and returns the corresponding linting precertificate, or error if it does not exist. The returned precert is identical to the actual submitted-to-CT-logs precertificate, except for its signature.
func (*SQLStorageAuthorityRO) GetMaxExpiration ¶
func (ssa *SQLStorageAuthorityRO) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
GetMaxExpiration returns the timestamp of the farthest-future notAfter date found in the certificateStatus table. This provides an upper bound on how far forward operations that need to cover all currently-unexpired certificates have to look.
func (*SQLStorageAuthorityRO) GetOrder ¶
func (ssa *SQLStorageAuthorityRO) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
GetOrder is used to retrieve an already existing order object
func (*SQLStorageAuthorityRO) GetOrderForNames ¶
func (ssa *SQLStorageAuthorityRO) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
GetOrderForNames tries to find a **pending** or **ready** order with the exact set of names requested, associated with the given accountID. Only unexpired orders are considered. If no order meeting these requirements is found a nil corepb.Order pointer is returned.
func (*SQLStorageAuthorityRO) GetPausedIdentifiers ¶
func (ssa *SQLStorageAuthorityRO) GetPausedIdentifiers(ctx context.Context, req *sapb.RegistrationID) (*sapb.Identifiers, error)
GetPausedIdentifiers returns a slice of paused identifiers for the provided account. If no paused identifiers are found, an empty slice is returned. The results are limited to the first 15 paused identifiers.
func (*SQLStorageAuthorityRO) GetRegistration ¶
func (ssa *SQLStorageAuthorityRO) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
GetRegistration obtains a Registration by ID
func (*SQLStorageAuthorityRO) GetRegistrationByKey ¶
func (ssa *SQLStorageAuthorityRO) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
GetRegistrationByKey obtains a Registration by JWK
func (*SQLStorageAuthorityRO) GetRevocationStatus ¶
func (ssa *SQLStorageAuthorityRO) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
GetRevocationStatus takes a hexadecimal string representing the full serial number of a certificate and returns a minimal set of data about that cert's current validity.
func (*SQLStorageAuthorityRO) GetRevokedCerts ¶
func (ssa *SQLStorageAuthorityRO) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, stream grpc.ServerStreamingServer[corepb.CRLEntry]) error
GetRevokedCerts gets a request specifying an issuer and a period of time, and writes to the output stream the set of all certificates issued by that issuer which expire during that period of time and which have been revoked. The starting timestamp is treated as inclusive (certs with exactly that notAfter date are included), but the ending timestamp is exclusive (certs with exactly that notAfter date are *not* included).
func (*SQLStorageAuthorityRO) GetSerialMetadata ¶
func (ssa *SQLStorageAuthorityRO) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
GetSerialMetadata returns metadata stored alongside the serial number, such as the RegID whose certificate request created that serial, and when the certificate with that serial will expire.
func (*SQLStorageAuthorityRO) GetSerialsByAccount ¶
func (ssa *SQLStorageAuthorityRO) GetSerialsByAccount(req *sapb.RegistrationID, stream grpc.ServerStreamingServer[sapb.Serial]) error
GetSerialsByAccount returns a stream of all serials for all unexpired certificates issued to the given RegID. This is useful for revoking all of an account's certs upon their request.
func (*SQLStorageAuthorityRO) GetSerialsByKey ¶
func (ssa *SQLStorageAuthorityRO) GetSerialsByKey(req *sapb.SPKIHash, stream grpc.ServerStreamingServer[sapb.Serial]) error
GetSerialsByKey returns a stream of serials for all unexpired certificates whose public key matches the given SPKIHash. This is useful for revoking all certificates affected by a key compromise.
func (*SQLStorageAuthorityRO) GetValidAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
GetValidAuthorizations2 returns a single valid authorization owned by the given account for all given identifiers. If more than one valid authorization exists, only the one with the latest expiry will be returned. Currently only dns identifiers are supported.
func (*SQLStorageAuthorityRO) GetValidOrderAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
GetValidOrderAuthorizations2 is used to get all authorizations associated with the given Order ID. NOTE: The name is outdated. It does *not* filter out invalid or expired authorizations; that it left to the caller. It also ignores the RegID field of the input: ensuring that the returned authorizations match the same RegID as the Order is also left to the caller. This is because the caller is generally in a better position to provide insightful error messages, whereas simply omitting an authz from this method's response would leave the caller wondering why that authz was omitted.
func (*SQLStorageAuthorityRO) Health ¶
func (ssa *SQLStorageAuthorityRO) Health(ctx context.Context) error
Health implements the grpc.checker interface.
func (*SQLStorageAuthorityRO) IncidentsForSerial ¶
func (ssa *SQLStorageAuthorityRO) IncidentsForSerial(ctx context.Context, req *sapb.Serial) (*sapb.Incidents, error)
IncidentsForSerial queries each active incident table and returns every incident that currently impacts `req.Serial`.
func (*SQLStorageAuthorityRO) KeyBlocked ¶
func (ssa *SQLStorageAuthorityRO) KeyBlocked(ctx context.Context, req *sapb.SPKIHash) (*sapb.Exists, error)
KeyBlocked checks if a key, indicated by a hash, is present in the blockedKeys table
func (*SQLStorageAuthorityRO) ReplacementOrderExists ¶
func (ssa *SQLStorageAuthorityRO) ReplacementOrderExists(ctx context.Context, req *sapb.Serial) (*sapb.Exists, error)
ReplacementOrderExists returns whether a valid replacement order exists for the given certificate serial number. An existing but expired or otherwise invalid replacement order is not considered to exist.
func (*SQLStorageAuthorityRO) SerialsForIncident ¶
func (ssa *SQLStorageAuthorityRO) SerialsForIncident(req *sapb.SerialsForIncidentRequest, stream grpc.ServerStreamingServer[sapb.IncidentSerial]) error
SerialsForIncident queries the provided incident table and returns the resulting rows as a stream of `*sapb.IncidentSerial`s. An `io.EOF` error signals that there are no more serials to send. If the incident table in question contains zero rows, only an `io.EOF` error is returned. The IncidentSerial messages returned may have the zero-value for their OrderID, RegistrationID, and LastNoticeSent fields, if those are NULL in the database.