db

package

v0.25.3-rc5 Latest Latest Go to latest Published: Jan 26, 2024 License: Apache-2.0 Imports: 12 Imported by: 30

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/smallstep/certificates

Documentation ¶

Index ¶

Variables
func NewContext(ctx context.Context, db AuthDB) context.Context
type AuthDB
type CertificateData
type CertificateRevocationListDB
type CertificateRevocationListInfo
type CertificateStorer
type Config
type DB
type MockAuthDB
type MockNoSQLDB
type ProvisionerData
type RevokedCertificateInfo
type SimpleDB

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAlreadyExists = errors.New("already exists")

ErrAlreadyExists can be returned if the DB attempts to set a key that has been previously set.

View Source

var ErrNotImplemented = errors.Errorf("not implemented")

ErrNotImplemented is an error returned when an operation is Not Implemented.

Functions ¶

func NewContext ¶ added in v0.20.0

func NewContext(ctx context.Context, db AuthDB) context.Context

NewContext adds the given authority database to the context.

Types ¶

type AuthDB ¶

type AuthDB interface {
	IsRevoked(sn string) (bool, error)
	IsSSHRevoked(sn string) (bool, error)
	Revoke(rci *RevokedCertificateInfo) error
	RevokeSSH(rci *RevokedCertificateInfo) error
	GetCertificate(serialNumber string) (*x509.Certificate, error)
	UseToken(id, tok string) (bool, error)
	IsSSHHost(name string) (bool, error)
	GetSSHHostPrincipals() ([]string, error)
	Shutdown() error
}

AuthDB is an interface over an Authority DB client that implements a nosql.DB interface.

func FromContext ¶ added in v0.20.0

func FromContext(ctx context.Context) (db AuthDB, ok bool)

FromContext returns the current authority database from the given context.

func MustFromContext ¶ added in v0.20.0

func MustFromContext(ctx context.Context) AuthDB

MustFromContext returns the current database from the given context. It will panic if it's not in the context.

func New ¶

func New(c *Config) (AuthDB, error)

New returns a new database client that implements the AuthDB interface.

type CertificateData ¶ added in v0.19.0

type CertificateData struct {
	Provisioner *ProvisionerData    `json:"provisioner,omitempty"`
	RaInfo      *provisioner.RAInfo `json:"ra,omitempty"`
}

CertificateData is the JSON representation of the data stored in x509_certs_data table.

type CertificateRevocationListDB ¶ added in v0.23.0

type CertificateRevocationListDB interface {
	GetRevokedCertificates() (*[]RevokedCertificateInfo, error)
	GetCRL() (*CertificateRevocationListInfo, error)
	StoreCRL(*CertificateRevocationListInfo) error
}

CertificateRevocationListDB is an interface to indicate whether the DB supports CRL generation

type CertificateRevocationListInfo ¶ added in v0.23.0

type CertificateRevocationListInfo struct {
	Number    int64
	ExpiresAt time.Time
	Duration  time.Duration
	DER       []byte
}

CertificateRevocationListInfo contains a CRL in DER format and associated metadata to allow a decision on whether to regenerate the CRL or not easier

type CertificateStorer ¶ added in v0.20.0

type CertificateStorer interface {
	StoreCertificate(crt *x509.Certificate) error
	StoreSSHCertificate(crt *ssh.Certificate) error
}

CertificateStorer is an extension of AuthDB that allows to store certificates.

type Config ¶

type Config struct {
	Type       string `json:"type"`
	DataSource string `json:"dataSource"`
	ValueDir   string `json:"valueDir,omitempty"`
	Database   string `json:"database,omitempty"`

	// BadgerFileLoadingMode can be set to 'FileIO' (instead of the default
	// 'MemoryMap') to avoid memory-mapping log files. This can be useful
	// in environments with low RAM
	BadgerFileLoadingMode string `json:"badgerFileLoadingMode"`
}

Config represents the JSON attributes used for configuring a step-ca DB.

type DB ¶

type DB struct {
	nosql.DB
	// contains filtered or unexported fields
}

DB is a wrapper over the nosql.DB interface.

func (*DB) GetCRL ¶ added in v0.23.0

func (db *DB) GetCRL() (*CertificateRevocationListInfo, error)

GetCRL gets the existing CRL from the database

func (*DB) GetCertificate ¶ added in v0.15.5

func (db *DB) GetCertificate(serialNumber string) (*x509.Certificate, error)

GetCertificate retrieves a certificate by the serial number.

func (*DB) GetCertificateData ¶ added in v0.19.0

func (db *DB) GetCertificateData(serialNumber string) (*CertificateData, error)

GetCertificateData returns the data stored for a provisioner

func (*DB) GetRevokedCertificates ¶ added in v0.23.0

func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

GetRevokedCertificates gets a list of all revoked certificates.

func (*DB) GetSSHHostPrincipals ¶ added in v0.14.0

func (db *DB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals gets a list of all valid host principals.

func (*DB) IsRevoked ¶

func (db *DB) IsRevoked(sn string) (bool, error)

IsRevoked returns whether or not a certificate with the given identifier has been revoked. In the case of an X509 Certificate the `id` should be the Serial Number of the Certificate.

func (*DB) IsSSHHost ¶ added in v0.14.0

func (db *DB) IsSSHHost(principal string) (bool, error)

IsSSHHost returns if a principal is present in the ssh hosts table.

func (*DB) IsSSHRevoked ¶ added in v0.14.0

func (db *DB) IsSSHRevoked(sn string) (bool, error)

IsSSHRevoked returns whether or not a certificate with the given identifier has been revoked. In the case of an X509 Certificate the `id` should be the Serial Number of the Certificate.

func (*DB) Revoke ¶

func (db *DB) Revoke(rci *RevokedCertificateInfo) error

Revoke adds a certificate to the revocation table.

func (*DB) RevokeSSH ¶ added in v0.14.0

func (db *DB) RevokeSSH(rci *RevokedCertificateInfo) error

RevokeSSH adds a SSH certificate to the revocation table.

func (*DB) Shutdown ¶

func (db *DB) Shutdown() error

Shutdown sends a shutdown message to the database.

func (*DB) StoreCRL ¶ added in v0.23.0

func (db *DB) StoreCRL(crlInfo *CertificateRevocationListInfo) error

StoreCRL stores a CRL in the DB

func (*DB) StoreCertificate ¶

func (db *DB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate stores a certificate PEM.

func (*DB) StoreCertificateChain ¶ added in v0.19.0

func (db *DB) StoreCertificateChain(p provisioner.Interface, chain ...*x509.Certificate) error

StoreCertificateChain stores the leaf certificate and the provisioner that authorized the certificate.

func (*DB) StoreRenewedCertificate ¶ added in v0.23.0

func (db *DB) StoreRenewedCertificate(oldCert *x509.Certificate, chain ...*x509.Certificate) error

StoreRenewedCertificate stores the leaf certificate and the provisioner that authorized the old certificate if available.

func (*DB) StoreSSHCertificate ¶ added in v0.14.0

func (db *DB) StoreSSHCertificate(crt *ssh.Certificate) error

StoreSSHCertificate stores an SSH certificate.

func (*DB) UseToken ¶ added in v0.11.0

func (db *DB) UseToken(id, tok string) (bool, error)

UseToken returns true if we were able to successfully store the token for for the first time, false otherwise.

type MockAuthDB ¶ added in v0.14.0

type MockAuthDB struct {
	Err                     error
	Ret1                    interface{}
	MIsRevoked              func(string) (bool, error)
	MIsSSHRevoked           func(string) (bool, error)
	MRevoke                 func(rci *RevokedCertificateInfo) error
	MRevokeSSH              func(rci *RevokedCertificateInfo) error
	MGetCertificate         func(serialNumber string) (*x509.Certificate, error)
	MGetCertificateData     func(serialNumber string) (*CertificateData, error)
	MStoreCertificate       func(crt *x509.Certificate) error
	MUseToken               func(id, tok string) (bool, error)
	MIsSSHHost              func(principal string) (bool, error)
	MStoreSSHCertificate    func(crt *ssh.Certificate) error
	MGetSSHHostPrincipals   func() ([]string, error)
	MShutdown               func() error
	MGetRevokedCertificates func() (*[]RevokedCertificateInfo, error)
	MGetCRL                 func() (*CertificateRevocationListInfo, error)
	MStoreCRL               func(*CertificateRevocationListInfo) error
}

MockAuthDB mocks the AuthDB interface. //

func (*MockAuthDB) GetCRL ¶ added in v0.23.0

func (m *MockAuthDB) GetCRL() (*CertificateRevocationListInfo, error)

func (*MockAuthDB) GetCertificate ¶ added in v0.15.5

func (m *MockAuthDB) GetCertificate(serialNumber string) (*x509.Certificate, error)

GetCertificate mock.

func (*MockAuthDB) GetCertificateData ¶ added in v0.19.0

func (m *MockAuthDB) GetCertificateData(serialNumber string) (*CertificateData, error)

GetCertificateData mock.

func (*MockAuthDB) GetRevokedCertificates ¶ added in v0.23.0

func (m *MockAuthDB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

func (*MockAuthDB) GetSSHHostPrincipals ¶ added in v0.14.0

func (m *MockAuthDB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals mock.

func (*MockAuthDB) IsRevoked ¶ added in v0.14.0

func (m *MockAuthDB) IsRevoked(sn string) (bool, error)

IsRevoked mock.

func (*MockAuthDB) IsSSHHost ¶ added in v0.14.0

func (m *MockAuthDB) IsSSHHost(principal string) (bool, error)

IsSSHHost mock.

func (*MockAuthDB) IsSSHRevoked ¶ added in v0.14.0

func (m *MockAuthDB) IsSSHRevoked(sn string) (bool, error)

IsSSHRevoked mock.

func (*MockAuthDB) Revoke ¶ added in v0.14.0

func (m *MockAuthDB) Revoke(rci *RevokedCertificateInfo) error

Revoke mock.

func (*MockAuthDB) RevokeSSH ¶ added in v0.14.0

func (m *MockAuthDB) RevokeSSH(rci *RevokedCertificateInfo) error

RevokeSSH mock.

func (*MockAuthDB) Shutdown ¶ added in v0.14.0

func (m *MockAuthDB) Shutdown() error

Shutdown mock.

func (*MockAuthDB) StoreCRL ¶ added in v0.23.0

func (m *MockAuthDB) StoreCRL(info *CertificateRevocationListInfo) error

func (*MockAuthDB) StoreCertificate ¶ added in v0.14.0

func (m *MockAuthDB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate mock.

func (*MockAuthDB) StoreSSHCertificate ¶ added in v0.14.0

func (m *MockAuthDB) StoreSSHCertificate(crt *ssh.Certificate) error

StoreSSHCertificate mock.

func (*MockAuthDB) UseToken ¶ added in v0.14.0

func (m *MockAuthDB) UseToken(id, tok string) (bool, error)

UseToken mock.

type MockNoSQLDB ¶ added in v0.13.0

type MockNoSQLDB struct {
	Err          error
	Ret1, Ret2   interface{}
	MGet         func(bucket, key []byte) ([]byte, error)
	MSet         func(bucket, key, value []byte) error
	MOpen        func(dataSourceName string, opt ...database.Option) error
	MClose       func() error
	MCreateTable func(bucket []byte) error
	MDeleteTable func(bucket []byte) error
	MDel         func(bucket, key []byte) error
	MList        func(bucket []byte) ([]*database.Entry, error)
	MUpdate      func(tx *database.Tx) error
	MCmpAndSwap  func(bucket, key, old, newval []byte) ([]byte, bool, error)
}

MockNoSQLDB //

func (*MockNoSQLDB) Close ¶ added in v0.13.0

func (m *MockNoSQLDB) Close() error

Close mock

func (*MockNoSQLDB) CmpAndSwap ¶ added in v0.13.0

func (m *MockNoSQLDB) CmpAndSwap(bucket, key, old, newval []byte) ([]byte, bool, error)

CmpAndSwap mock

func (*MockNoSQLDB) CreateTable ¶ added in v0.13.0

func (m *MockNoSQLDB) CreateTable(bucket []byte) error

CreateTable mock

func (*MockNoSQLDB) Del ¶ added in v0.13.0

func (m *MockNoSQLDB) Del(bucket, key []byte) error

Del mock

func (*MockNoSQLDB) DeleteTable ¶ added in v0.13.0

func (m *MockNoSQLDB) DeleteTable(bucket []byte) error

DeleteTable mock

func (*MockNoSQLDB) Get ¶ added in v0.13.0

func (m *MockNoSQLDB) Get(bucket, key []byte) ([]byte, error)

Get mock

func (*MockNoSQLDB) List ¶ added in v0.13.0

func (m *MockNoSQLDB) List(bucket []byte) ([]*database.Entry, error)

List mock

func (*MockNoSQLDB) Open ¶ added in v0.13.0

func (m *MockNoSQLDB) Open(dataSourceName string, opt ...database.Option) error

Open mock

func (*MockNoSQLDB) Set ¶ added in v0.13.0

func (m *MockNoSQLDB) Set(bucket, key, value []byte) error

Set mock

func (*MockNoSQLDB) Update ¶ added in v0.13.0

func (m *MockNoSQLDB) Update(tx *database.Tx) error

Update mock

type ProvisionerData ¶ added in v0.19.0

type ProvisionerData struct {
	ID   string `json:"id"`
	Name string `json:"name"`
	Type string `json:"type"`
}

ProvisionerData is the JSON representation of the provisioner stored in the x509_certs_data table.

type RevokedCertificateInfo ¶

type RevokedCertificateInfo struct {
	Serial        string
	ProvisionerID string
	ReasonCode    int
	Reason        string
	RevokedAt     time.Time
	ExpiresAt     time.Time
	TokenID       string
	MTLS          bool
	ACME          bool
}

RevokedCertificateInfo contains information regarding the certificate revocation action.

type SimpleDB ¶ added in v0.11.0

type SimpleDB struct {
	// contains filtered or unexported fields
}

SimpleDB is a barebones implementation of the DB interface. It is NOT an in memory implementation of the DB, but rather the bare minimum of functionality that the CA requires to operate securely.

func (*SimpleDB) Close ¶ added in v0.13.0

func (s *SimpleDB) Close() error

Close closes the current database.

func (*SimpleDB) CmpAndSwap ¶ added in v0.13.0

func (s *SimpleDB) CmpAndSwap([]byte, []byte, []byte, []byte) ([]byte, bool, error)

CmpAndSwap swaps the value at the given bucket and key if the current value is equivalent to the oldValue input. Returns 'true' if the swap was successful and 'false' otherwise.

func (*SimpleDB) CreateTable ¶ added in v0.13.0

func (s *SimpleDB) CreateTable([]byte) error

CreateTable creates a table or a bucket in the database.

func (*SimpleDB) Del ¶ added in v0.13.0

func (s *SimpleDB) Del([]byte, []byte) error

Del deletes the data in the given table/bucket and key.

func (*SimpleDB) DeleteTable ¶ added in v0.13.0

func (s *SimpleDB) DeleteTable([]byte) error

DeleteTable deletes a table or a bucket in the database.

func (*SimpleDB) Get ¶ added in v0.13.0

func (s *SimpleDB) Get([]byte, []byte) ([]byte, error)

Get returns the value stored in the given table/bucket and key.

func (*SimpleDB) GetCRL ¶ added in v0.23.0

func (s *SimpleDB) GetCRL() (*CertificateRevocationListInfo, error)

GetCRL returns a "NotImplemented" error.

func (*SimpleDB) GetCertificate ¶ added in v0.15.5

func (s *SimpleDB) GetCertificate(string) (*x509.Certificate, error)

GetCertificate returns a "NotImplemented" error.

func (*SimpleDB) GetRevokedCertificates ¶ added in v0.23.0

func (s *SimpleDB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

GetRevokedCertificates returns a "NotImplemented" error.

func (*SimpleDB) GetSSHHostPrincipals ¶ added in v0.14.0

func (s *SimpleDB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals returns a "NotImplemented" error.

func (*SimpleDB) IsRevoked ¶ added in v0.11.0

func (s *SimpleDB) IsRevoked(string) (bool, error)

IsRevoked noop

func (*SimpleDB) IsSSHHost ¶ added in v0.14.0

func (s *SimpleDB) IsSSHHost(string) (bool, error)

IsSSHHost returns a "NotImplemented" error.

func (*SimpleDB) IsSSHRevoked ¶ added in v0.14.0

func (s *SimpleDB) IsSSHRevoked(string) (bool, error)

IsSSHRevoked noop

func (*SimpleDB) List ¶ added in v0.13.0

func (s *SimpleDB) List([]byte) ([]*database.Entry, error)

List returns a list of all the entries in a given table/bucket.

func (*SimpleDB) Open ¶ added in v0.13.0

func (s *SimpleDB) Open(string, ...database.Option) error

Open opens the database available with the given options.

func (*SimpleDB) Revoke ¶ added in v0.11.0

func (s *SimpleDB) Revoke(*RevokedCertificateInfo) error

Revoke returns a "NotImplemented" error.

func (*SimpleDB) RevokeSSH ¶ added in v0.14.0

func (s *SimpleDB) RevokeSSH(*RevokedCertificateInfo) error

RevokeSSH returns a "NotImplemented" error.

func (*SimpleDB) Set ¶ added in v0.13.0

func (s *SimpleDB) Set([]byte, []byte, []byte) error

Set sets the given value in the given table/bucket and key.

func (*SimpleDB) Shutdown ¶ added in v0.11.0

func (s *SimpleDB) Shutdown() error

Shutdown returns nil

func (*SimpleDB) StoreCRL ¶ added in v0.23.0

func (s *SimpleDB) StoreCRL(*CertificateRevocationListInfo) error

StoreCRL returns a "NotImplemented" error.

func (*SimpleDB) StoreCertificate ¶ added in v0.11.0

func (s *SimpleDB) StoreCertificate(*x509.Certificate) error

StoreCertificate returns a "NotImplemented" error.

func (*SimpleDB) StoreSSHCertificate ¶ added in v0.14.0

func (s *SimpleDB) StoreSSHCertificate(*ssh.Certificate) error

StoreSSHCertificate returns a "NotImplemented" error.

func (*SimpleDB) Update ¶ added in v0.13.0

func (s *SimpleDB) Update(*database.Tx) error

Update performs a transaction with multiple read-write commands.

func (*SimpleDB) UseToken ¶ added in v0.11.0

func (s *SimpleDB) UseToken(id, tok string) (bool, error)

UseToken returns a "NotImplemented" error.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL