db

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2023 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// The base of serial number.
	SerialBase = 16
	// The max octet length of serial number.
	SerialMaxOctetLength = 20
)
View Source 
const (
	// RFC 5280: 4.1.2.5.1. UTCTime.
	ASN1UTCTime = "060102150405Z"
	// RFC 5280: 4.1.2.5.2. GeneralizedTime.
	ASN1GeneralizedTime = "20060102150405Z"
)
View Source 
const (
	// Values of CRLReason.
	UnspecifieValue          = "unspecified"
	KeyCompromisValue        = "keyCompromise"
	CACompromisValue         = "CACompromise"
	AffiliationChangeValue   = "affiliationChanged"
	SupersedeValue           = "superseded"
	CessationOfOperatioValue = "cessationOfOperation"
	CertificateHolValue      = "certificateHold"
	RemoveFromCRValue        = "removeFromCRL"
	PrivilegeWithdrawValue   = "privilegeWithdrawn"
	AACompromisValue         = "AACompromise"
)
View Source 
const (
	// Revocation Type.
	FileDBColRevTypeIdx int = 0
	// Expiration Date.
	FileDBColExpDateIdx int = 1
	// Comma delimited Revocation Date and CRL Reason.
	FileDBColRevDateAndCRLReasonIdx int = 2
	// Serial Number.
	FileDBColSerialIdx int = 3
)

Indexes of tab delimited columns in DB file.

View Source 
const (
	// Revocation Date.
	IdxRevDate int = 0
	// CRL Reason.
	IdxCRLReason int = 1
)

Indexes of comma delimited RevDate and CRLReason.

View Source 
const (
	// YY Boundary value for RFC 5280: 4.1.2.5.1. UTCTime specification.
	// "Where YY is greater than or equal to 50, the year SHALL be
	// interpreted as 19YY; and Where YY is less than 50, the year SHALL be interpreted as 20YY."
	// (https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.5.1)
	UTCTimeYYBoundary = 50
)

Variables

This section is empty.

Functions

func SerialStrToBigInt 

func SerialStrToBigInt(serial string) (*big.Int, bool)

SerialStrToBigInt convert serial number string to *big.Int.

func WithLogger 

func WithLogger(logger Logger) func(*ExpirationControl)

func WithWarnOnExpiration 

func WithWarnOnExpiration() func(*ExpirationControl)

WithWarnOnExpiration sets the value of the Warn On Expiration flag to true. When this flag is set to true, the instance will emit warnings instead of deleting entries.

Types

type CertificateEntry 

type CertificateEntry struct {
	Ca        string
	Serial    *big.Int
	RevType   EntryRevType
	ExpDate   time.Time
	RevDate   time.Time
	CRLReason EntryCRLReason
	Errors    map[InvalidWith]error
}

CertificateEntry is a revocation status entry used in the process of creating a pre-signed response cache with verification. In the process, it can contain errors in CertificateEntry.Errors that explain why the entry is invalid.

type DynamoDBClient 

type DynamoDBClient struct {
	// contains filtered or unexported fields
}

The DynamoDBClient is an implementation of the CADBClient interface. It is used to scan the certificate revocation status from the DynamoDB. Please refer to the documentation for specifications on the table and index.

func NewDynamoDBClient 

func NewDynamoDBClient(
	client *dynamodb.Client,
	caName *string,
	tableName *string,
	indexName *string,
	timeout int,
) DynamoDBClient

NewDynamoDBClient creates and returns new DynamoDBClient instance.

func (DynamoDBClient) Scan 

func (d DynamoDBClient) Scan(ctx context.Context) ([]IntermidiateEntry, error)

Scan read sthe items from the table. Set the filter expression to the secondary global index with the "ca" hash key. Retrieve the items and unmarshal them into IntermediateEntry.

type EntryCRLReason 

type EntryCRLReason int
const (
	NotRevoked EntryCRLReason = ocsp.Unspecified - 1
	// RFC 5280: 5.3.1. Reason Codes.
	Unspecified          EntryCRLReason = ocsp.Unspecified
	KeyCompromise        EntryCRLReason = ocsp.KeyCompromise
	CACompromise         EntryCRLReason = ocsp.CACompromise
	AffiliationChanged   EntryCRLReason = ocsp.AffiliationChanged
	Superseded           EntryCRLReason = ocsp.Superseded
	CessationOfOperation EntryCRLReason = ocsp.CessationOfOperation
	CertificateHold      EntryCRLReason = ocsp.CertificateHold
	RemoveFromCRL        EntryCRLReason = ocsp.RemoveFromCRL
	PrivilegeWithdrawn   EntryCRLReason = ocsp.PrivilegeWithdrawn
	AACompromise         EntryCRLReason = ocsp.AACompromise
)

type EntryExchange 

type EntryExchange struct{}

EntryExchange provides methods for parsing CertificateEntry from IntermidiateEntry, but only in one direction.

func NewEntryExchange 

func NewEntryExchange() EntryExchange

NewEntryExchange creates and returns s new EntryExchange instance.

func (*EntryExchange) ParseCertificateEntry 

func (e *EntryExchange) ParseCertificateEntry(
	itmdEntry IntermidiateEntry,
) CertificateEntry

ParseCertificateEntry parses a CertificateEntry from an IntermediateEntry using the ParseCertificateEntry.Verify* methods. Set errors from the `Verify*` methods to `EntryExchange.Errors` when the entry is invalid.

func (*EntryExchange) VerifyCRLReason 

func (e *EntryExchange) VerifyCRLReason(target string) (EntryCRLReason, error)

VerifyCRLReason verifies if the CRLReason is correct (case-insensitive).

func (*EntryExchange) VerifyExpDate 

func (e *EntryExchange) VerifyExpDate(target string) (time.Time, error)

VerifyExpDate verifies expiration date is valid and returns it as a time.Time value. It accepts following time format.

func (*EntryExchange) VerifyRevDate 

func (e *EntryExchange) VerifyRevDate(target string) (time.Time, error)

VerifyRevDate verifies revocation date is valid and returns it as a time.Time value. Empty string "" (Not Revoked) is ok. It accepts following time format.

func (*EntryExchange) VerifyRevType 

func (e *EntryExchange) VerifyRevType(
	target string, revDate string, crlReason string,
) (EntryRevType, error)

VerifyRevType verifies the value of the revocation type, revDate and crlReason are collected for the status. This function only accepts two status values: 'V' and 'R'. Any other status value will be considered invalid.

func (*EntryExchange) VerifySerial 

func (e *EntryExchange) VerifySerial(target string) (*big.Int, error)

VerifySerial verifies serial string, and convert to *big.Int.

type EntryRevType 

type EntryRevType string

This certificate revocation type is based on the index database of OpenSSL, which can be found at 'https://github.com/openssl/openssl'. 

const (
	// Valid status.
	Valid EntryRevType = "V"
	// Revoked status.
	Revoked EntryRevType = "R"
)

type ExpirationControl 

type ExpirationControl struct {
	// contains filtered or unexported fields
}

ExpirationControl is responsible for checking if the Expiration Date of a CertificateEntry is in the past, as per the application's requirements.

func NewExpirationControl 

func NewExpirationControl(options ...ExpirationControlOption) *ExpirationControl

NewExpirationControl creates and returns a new instance of ExpirationControl. It accepts optional functions.

func (*ExpirationControl) Do 

func (c *ExpirationControl) Do(now time.Time, entries []CertificateEntry) []CertificateEntry

The Do method checks the expiration date of each entry in the received entry slice. If the current time is later than the expiration date, the entry is considered invalid. Otherwise, the entry is considered valid. If the status is 'R', the entry has already expired but is still considered valid as an entry.

type ExpirationControlOption 

type ExpirationControlOption = func(*ExpirationControl)

ExpirationControlOption is an implementation of the functional options pattern.

type FileDBClient 

type FileDBClient struct {
	// contains filtered or unexported fields
}

FileDBClient is an implementation of the CADBClient interface. It scans the certificate revocation status from a DB file. The DB file format is based on the index file of 'https://github.com/openssl/openssl'.

func NewFileDBClient 

func NewFileDBClient(caName string, dbFile string) FileDBClient

NewFileDBClient creates and returns a new instance of FileDBClient.

func (FileDBClient) Scan 

func (h FileDBClient) Scan(ctx context.Context) ([]IntermidiateEntry, error)

Scan reads a file and parses each line into an IntermediateEntry.

type IntermidiateEntry 

type IntermidiateEntry struct {
	Ca        string
	Serial    string
	RevType   string
	ExpDate   string
	RevDate   string
	CRLReason string
}

IntermediateEntry is a struct that holds raw data scanned from the database without any modifications. This structure handles variations in data originating from diverse background databases.

func UnmarshalDynamoDBItem 

func UnmarshalDynamoDBItem(item map[string]types.AttributeValue) (IntermidiateEntry, error)

Unmarshal the item data retrieved from the DynamoDB read API and use it to create an IntermediateEntry.

type InvalidEntryError 

type InvalidEntryError struct {
	// contains filtered or unexported fields
}

InvalidEntryError provides an explanation for why a certificate revocation entry is invalid.

func (InvalidEntryError) Error 

func (e InvalidEntryError) Error() string

InvalidEntryError returns error message.

type InvalidWith 

type InvalidWith int

Indexes of CertificateEntry.Erros. 

const (
	NoError InvalidWith = iota
	MalformSerial
	UndefinedRevType
	MalformExpDate
	MalformRevDate
	UndefinedCRLReason
)

type Logger 

type Logger interface {
	InvalidMsg(serial string, msg string)
	WarnMsg(serial *big.Int, msg string)
}

Logger is an interface that logs messages to inform users about both invalid `CertificateEntry` instances and entries that are valid but require a warning to be displayed.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.