db

package
v0.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2024 License: Apache-2.0 Imports: 12 Imported by: 30

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrAlreadyExists = errors.New("already exists")

ErrAlreadyExists can be returned if the DB attempts to set a key that has been previously set.

View Source
var ErrNotImplemented = errors.Errorf("not implemented")

ErrNotImplemented is an error returned when an operation is Not Implemented.

Functions

func NewContext added in v0.20.0

func NewContext(ctx context.Context, db AuthDB) context.Context

NewContext adds the given authority database to the context.

Types

type AuthDB

type AuthDB interface {
	IsRevoked(sn string) (bool, error)
	IsSSHRevoked(sn string) (bool, error)
	Revoke(rci *RevokedCertificateInfo) error
	RevokeSSH(rci *RevokedCertificateInfo) error
	GetCertificate(serialNumber string) (*x509.Certificate, error)
	UseToken(id, tok string) (bool, error)
	IsSSHHost(name string) (bool, error)
	GetSSHHostPrincipals() ([]string, error)
	Shutdown() error
}

AuthDB is an interface over an Authority DB client that implements a nosql.DB interface.

func FromContext added in v0.20.0

func FromContext(ctx context.Context) (db AuthDB, ok bool)

FromContext returns the current authority database from the given context.

func MustFromContext added in v0.20.0

func MustFromContext(ctx context.Context) AuthDB

MustFromContext returns the current database from the given context. It will panic if it's not in the context.

func New

func New(c *Config) (AuthDB, error)

New returns a new database client that implements the AuthDB interface.

type CertificateData added in v0.19.0

type CertificateData struct {
	Provisioner *ProvisionerData    `json:"provisioner,omitempty"`
	RaInfo      *provisioner.RAInfo `json:"ra,omitempty"`
}

CertificateData is the JSON representation of the data stored in x509_certs_data table.

type CertificateRevocationListDB added in v0.23.0

type CertificateRevocationListDB interface {
	GetRevokedCertificates() (*[]RevokedCertificateInfo, error)
	GetCRL() (*CertificateRevocationListInfo, error)
	StoreCRL(*CertificateRevocationListInfo) error
}

CertificateRevocationListDB is an interface to indicate whether the DB supports CRL generation

type CertificateRevocationListInfo added in v0.23.0

type CertificateRevocationListInfo struct {
	Number    int64
	ExpiresAt time.Time
	Duration  time.Duration
	DER       []byte
}

CertificateRevocationListInfo contains a CRL in DER format and associated metadata to allow a decision on whether to regenerate the CRL or not easier

type CertificateStorer added in v0.20.0

type CertificateStorer interface {
	StoreCertificate(crt *x509.Certificate) error
	StoreSSHCertificate(crt *ssh.Certificate) error
}

CertificateStorer is an extension of AuthDB that allows to store certificates.

type Config

type Config struct {
	Type       string `json:"type"`
	DataSource string `json:"dataSource"`
	ValueDir   string `json:"valueDir,omitempty"`
	Database   string `json:"database,omitempty"`

	// BadgerFileLoadingMode can be set to 'FileIO' (instead of the default
	// 'MemoryMap') to avoid memory-mapping log files. This can be useful
	// in environments with low RAM
	BadgerFileLoadingMode string `json:"badgerFileLoadingMode"`
}

Config represents the JSON attributes used for configuring a step-ca DB.

type DB

type DB struct {
	nosql.DB
	// contains filtered or unexported fields
}

DB is a wrapper over the nosql.DB interface.

func (*DB) GetCRL added in v0.23.0

func (db *DB) GetCRL() (*CertificateRevocationListInfo, error)

GetCRL gets the existing CRL from the database

func (*DB) GetCertificate added in v0.15.5

func (db *DB) GetCertificate(serialNumber string) (*x509.Certificate, error)

GetCertificate retrieves a certificate by the serial number.

func (*DB) GetCertificateData added in v0.19.0

func (db *DB) GetCertificateData(serialNumber string) (*CertificateData, error)

GetCertificateData returns the data stored for a provisioner

func (*DB) GetRevokedCertificates added in v0.23.0

func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

GetRevokedCertificates gets a list of all revoked certificates.

func (*DB) GetSSHHostPrincipals added in v0.14.0

func (db *DB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals gets a list of all valid host principals.

func (*DB) IsRevoked

func (db *DB) IsRevoked(sn string) (bool, error)

IsRevoked returns whether or not a certificate with the given identifier has been revoked. In the case of an X509 Certificate the `id` should be the Serial Number of the Certificate.

func (*DB) IsSSHHost added in v0.14.0

func (db *DB) IsSSHHost(principal string) (bool, error)

IsSSHHost returns if a principal is present in the ssh hosts table.

func (*DB) IsSSHRevoked added in v0.14.0

func (db *DB) IsSSHRevoked(sn string) (bool, error)

IsSSHRevoked returns whether or not a certificate with the given identifier has been revoked. In the case of an X509 Certificate the `id` should be the Serial Number of the Certificate.

func (*DB) Revoke

func (db *DB) Revoke(rci *RevokedCertificateInfo) error

Revoke adds a certificate to the revocation table.

func (*DB) RevokeSSH added in v0.14.0

func (db *DB) RevokeSSH(rci *RevokedCertificateInfo) error

RevokeSSH adds a SSH certificate to the revocation table.

func (*DB) Shutdown

func (db *DB) Shutdown() error

Shutdown sends a shutdown message to the database.

func (*DB) StoreCRL added in v0.23.0

func (db *DB) StoreCRL(crlInfo *CertificateRevocationListInfo) error

StoreCRL stores a CRL in the DB

func (*DB) StoreCertificate

func (db *DB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate stores a certificate PEM.

func (*DB) StoreCertificateChain added in v0.19.0

func (db *DB) StoreCertificateChain(p provisioner.Interface, chain ...*x509.Certificate) error

StoreCertificateChain stores the leaf certificate and the provisioner that authorized the certificate.

func (*DB) StoreRenewedCertificate added in v0.23.0

func (db *DB) StoreRenewedCertificate(oldCert *x509.Certificate, chain ...*x509.Certificate) error

StoreRenewedCertificate stores the leaf certificate and the provisioner that authorized the old certificate if available.

func (*DB) StoreSSHCertificate added in v0.14.0

func (db *DB) StoreSSHCertificate(crt *ssh.Certificate) error

StoreSSHCertificate stores an SSH certificate.

func (*DB) UseToken added in v0.11.0

func (db *DB) UseToken(id, tok string) (bool, error)

UseToken returns true if we were able to successfully store the token for for the first time, false otherwise.

type MockAuthDB added in v0.14.0

type MockAuthDB struct {
	Err                     error
	Ret1                    interface{}
	MIsRevoked              func(string) (bool, error)
	MIsSSHRevoked           func(string) (bool, error)
	MRevoke                 func(rci *RevokedCertificateInfo) error
	MRevokeSSH              func(rci *RevokedCertificateInfo) error
	MGetCertificate         func(serialNumber string) (*x509.Certificate, error)
	MGetCertificateData     func(serialNumber string) (*CertificateData, error)
	MStoreCertificate       func(crt *x509.Certificate) error
	MUseToken               func(id, tok string) (bool, error)
	MIsSSHHost              func(principal string) (bool, error)
	MStoreSSHCertificate    func(crt *ssh.Certificate) error
	MGetSSHHostPrincipals   func() ([]string, error)
	MShutdown               func() error
	MGetRevokedCertificates func() (*[]RevokedCertificateInfo, error)
	MGetCRL                 func() (*CertificateRevocationListInfo, error)
	MStoreCRL               func(*CertificateRevocationListInfo) error
}

MockAuthDB mocks the AuthDB interface. //

func (*MockAuthDB) GetCRL added in v0.23.0

func (*MockAuthDB) GetCertificate added in v0.15.5

func (m *MockAuthDB) GetCertificate(serialNumber string) (*x509.Certificate, error)

GetCertificate mock.

func (*MockAuthDB) GetCertificateData added in v0.19.0

func (m *MockAuthDB) GetCertificateData(serialNumber string) (*CertificateData, error)

GetCertificateData mock.

func (*MockAuthDB) GetRevokedCertificates added in v0.23.0

func (m *MockAuthDB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

func (*MockAuthDB) GetSSHHostPrincipals added in v0.14.0

func (m *MockAuthDB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals mock.

func (*MockAuthDB) IsRevoked added in v0.14.0

func (m *MockAuthDB) IsRevoked(sn string) (bool, error)

IsRevoked mock.

func (*MockAuthDB) IsSSHHost added in v0.14.0

func (m *MockAuthDB) IsSSHHost(principal string) (bool, error)

IsSSHHost mock.

func (*MockAuthDB) IsSSHRevoked added in v0.14.0

func (m *MockAuthDB) IsSSHRevoked(sn string) (bool, error)

IsSSHRevoked mock.

func (*MockAuthDB) Revoke added in v0.14.0

func (m *MockAuthDB) Revoke(rci *RevokedCertificateInfo) error

Revoke mock.

func (*MockAuthDB) RevokeSSH added in v0.14.0

func (m *MockAuthDB) RevokeSSH(rci *RevokedCertificateInfo) error

RevokeSSH mock.

func (*MockAuthDB) Shutdown added in v0.14.0

func (m *MockAuthDB) Shutdown() error

Shutdown mock.

func (*MockAuthDB) StoreCRL added in v0.23.0

func (m *MockAuthDB) StoreCRL(info *CertificateRevocationListInfo) error

func (*MockAuthDB) StoreCertificate added in v0.14.0

func (m *MockAuthDB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate mock.

func (*MockAuthDB) StoreSSHCertificate added in v0.14.0

func (m *MockAuthDB) StoreSSHCertificate(crt *ssh.Certificate) error

StoreSSHCertificate mock.

func (*MockAuthDB) UseToken added in v0.14.0

func (m *MockAuthDB) UseToken(id, tok string) (bool, error)

UseToken mock.

type MockNoSQLDB added in v0.13.0

type MockNoSQLDB struct {
	Err          error
	Ret1, Ret2   interface{}
	MGet         func(bucket, key []byte) ([]byte, error)
	MSet         func(bucket, key, value []byte) error
	MOpen        func(dataSourceName string, opt ...database.Option) error
	MClose       func() error
	MCreateTable func(bucket []byte) error
	MDeleteTable func(bucket []byte) error
	MDel         func(bucket, key []byte) error
	MList        func(bucket []byte) ([]*database.Entry, error)
	MUpdate      func(tx *database.Tx) error
	MCmpAndSwap  func(bucket, key, old, newval []byte) ([]byte, bool, error)
}

MockNoSQLDB //

func (*MockNoSQLDB) Close added in v0.13.0

func (m *MockNoSQLDB) Close() error

Close mock

func (*MockNoSQLDB) CmpAndSwap added in v0.13.0

func (m *MockNoSQLDB) CmpAndSwap(bucket, key, old, newval []byte) ([]byte, bool, error)

CmpAndSwap mock

func (*MockNoSQLDB) CreateTable added in v0.13.0

func (m *MockNoSQLDB) CreateTable(bucket []byte) error

CreateTable mock

func (*MockNoSQLDB) Del added in v0.13.0

func (m *MockNoSQLDB) Del(bucket, key []byte) error

Del mock

func (*MockNoSQLDB) DeleteTable added in v0.13.0

func (m *MockNoSQLDB) DeleteTable(bucket []byte) error

DeleteTable mock

func (*MockNoSQLDB) Get added in v0.13.0

func (m *MockNoSQLDB) Get(bucket, key []byte) ([]byte, error)

Get mock

func (*MockNoSQLDB) List added in v0.13.0

func (m *MockNoSQLDB) List(bucket []byte) ([]*database.Entry, error)

List mock

func (*MockNoSQLDB) Open added in v0.13.0

func (m *MockNoSQLDB) Open(dataSourceName string, opt ...database.Option) error

Open mock

func (*MockNoSQLDB) Set added in v0.13.0

func (m *MockNoSQLDB) Set(bucket, key, value []byte) error

Set mock

func (*MockNoSQLDB) Update added in v0.13.0

func (m *MockNoSQLDB) Update(tx *database.Tx) error

Update mock

type ProvisionerData added in v0.19.0

type ProvisionerData struct {
	ID   string `json:"id"`
	Name string `json:"name"`
	Type string `json:"type"`
}

ProvisionerData is the JSON representation of the provisioner stored in the x509_certs_data table.

type RevokedCertificateInfo

type RevokedCertificateInfo struct {
	Serial        string
	ProvisionerID string
	ReasonCode    int
	Reason        string
	RevokedAt     time.Time
	ExpiresAt     time.Time
	TokenID       string
	MTLS          bool
	ACME          bool
}

RevokedCertificateInfo contains information regarding the certificate revocation action.

type SimpleDB added in v0.11.0

type SimpleDB struct {
	// contains filtered or unexported fields
}

SimpleDB is a barebones implementation of the DB interface. It is NOT an in memory implementation of the DB, but rather the bare minimum of functionality that the CA requires to operate securely.

func (*SimpleDB) Close added in v0.13.0

func (s *SimpleDB) Close() error

Close closes the current database.

func (*SimpleDB) CmpAndSwap added in v0.13.0

func (s *SimpleDB) CmpAndSwap([]byte, []byte, []byte, []byte) ([]byte, bool, error)

CmpAndSwap swaps the value at the given bucket and key if the current value is equivalent to the oldValue input. Returns 'true' if the swap was successful and 'false' otherwise.

func (*SimpleDB) CreateTable added in v0.13.0

func (s *SimpleDB) CreateTable([]byte) error

CreateTable creates a table or a bucket in the database.

func (*SimpleDB) Del added in v0.13.0

func (s *SimpleDB) Del([]byte, []byte) error

Del deletes the data in the given table/bucket and key.

func (*SimpleDB) DeleteTable added in v0.13.0

func (s *SimpleDB) DeleteTable([]byte) error

DeleteTable deletes a table or a bucket in the database.

func (*SimpleDB) Get added in v0.13.0

func (s *SimpleDB) Get([]byte, []byte) ([]byte, error)

Get returns the value stored in the given table/bucket and key.

func (*SimpleDB) GetCRL added in v0.23.0

GetCRL returns a "NotImplemented" error.

func (*SimpleDB) GetCertificate added in v0.15.5

func (s *SimpleDB) GetCertificate(string) (*x509.Certificate, error)

GetCertificate returns a "NotImplemented" error.

func (*SimpleDB) GetRevokedCertificates added in v0.23.0

func (s *SimpleDB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error)

GetRevokedCertificates returns a "NotImplemented" error.

func (*SimpleDB) GetSSHHostPrincipals added in v0.14.0

func (s *SimpleDB) GetSSHHostPrincipals() ([]string, error)

GetSSHHostPrincipals returns a "NotImplemented" error.

func (*SimpleDB) IsRevoked added in v0.11.0

func (s *SimpleDB) IsRevoked(string) (bool, error)

IsRevoked noop

func (*SimpleDB) IsSSHHost added in v0.14.0

func (s *SimpleDB) IsSSHHost(string) (bool, error)

IsSSHHost returns a "NotImplemented" error.

func (*SimpleDB) IsSSHRevoked added in v0.14.0

func (s *SimpleDB) IsSSHRevoked(string) (bool, error)

IsSSHRevoked noop

func (*SimpleDB) List added in v0.13.0

func (s *SimpleDB) List([]byte) ([]*database.Entry, error)

List returns a list of all the entries in a given table/bucket.

func (*SimpleDB) Open added in v0.13.0

func (s *SimpleDB) Open(string, ...database.Option) error

Open opens the database available with the given options.

func (*SimpleDB) Revoke added in v0.11.0

Revoke returns a "NotImplemented" error.

func (*SimpleDB) RevokeSSH added in v0.14.0

func (s *SimpleDB) RevokeSSH(*RevokedCertificateInfo) error

RevokeSSH returns a "NotImplemented" error.

func (*SimpleDB) Set added in v0.13.0

func (s *SimpleDB) Set([]byte, []byte, []byte) error

Set sets the given value in the given table/bucket and key.

func (*SimpleDB) Shutdown added in v0.11.0

func (s *SimpleDB) Shutdown() error

Shutdown returns nil

func (*SimpleDB) StoreCRL added in v0.23.0

StoreCRL returns a "NotImplemented" error.

func (*SimpleDB) StoreCertificate added in v0.11.0

func (s *SimpleDB) StoreCertificate(*x509.Certificate) error

StoreCertificate returns a "NotImplemented" error.

func (*SimpleDB) StoreSSHCertificate added in v0.14.0

func (s *SimpleDB) StoreSSHCertificate(*ssh.Certificate) error

StoreSSHCertificate returns a "NotImplemented" error.

func (*SimpleDB) Update added in v0.13.0

func (s *SimpleDB) Update(*database.Tx) error

Update performs a transaction with multiple read-write commands.

func (*SimpleDB) UseToken added in v0.11.0

func (s *SimpleDB) UseToken(id, tok string) (bool, error)

UseToken returns a "NotImplemented" error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL