package sql

cfssl – github.com/cloudflare/cfssl/certdb/sql Index | Files

import "github.com/cloudflare/cfssl/certdb/sql"

Index ¶

type Accessor

func NewAccessor(db *sqlx.DB) *Accessor
func (d *Accessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)
func (d *Accessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)
func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) (crs []certdb.CertificateRecord, err error)
func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabelSelectColumns(label string) (crs []certdb.CertificateRecord, err error)
func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
func (d *Accessor) GetUnexpiredCertificatesByLabel(labels []string) (crs []certdb.CertificateRecord, err error)
func (d *Accessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)
func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error
func (d *Accessor) InsertOCSP(rr certdb.OCSPRecord) error
func (d *Accessor) RevokeCertificate(serial, aki string, reasonCode int) error
func (d *Accessor) SetDB(db *sqlx.DB)
func (d *Accessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error
func (d *Accessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

Types ¶

type Accessor ¶

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements certdb.Accessor interface.

func (*Accessor) GetCertificate ¶

func (d *Accessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a certdb.CertificateRecord indexed by serial.

func (*Accessor) GetOCSP ¶

func (d *Accessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*Accessor) GetRevokedAndUnexpiredCertificates ¶

func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetRevokedAndUnexpiredCertificates gets all revoked and unexpired certificate from db (for CRLs).

func (*Accessor) GetRevokedAndUnexpiredCertificatesByLabel ¶

func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) (crs []certdb.CertificateRecord, err error)

GetRevokedAndUnexpiredCertificatesByLabel gets all revoked and unexpired certificate from db (for CRLs) with specified ca_label.

func (*Accessor) GetRevokedAndUnexpiredCertificatesByLabelSelectColumns ¶

func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabelSelectColumns(label string) (crs []certdb.CertificateRecord, err error)

GetRevokedAndUnexpiredCertificatesSelectColumnsByLabel gets serial_number and revoed_at from all revoked and unexpired certificate from db (for CRLs) with specified ca_label.

func (*Accessor) GetUnexpiredCertificates ¶

func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*Accessor) GetUnexpiredCertificatesByLabel ¶

func (d *Accessor) GetUnexpiredCertificatesByLabel(labels []string) (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificatesByLabel gets all unexpired certificate from db that have the provided label.

func (*Accessor) GetUnexpiredOCSPs ¶

func (d *Accessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*Accessor) InsertCertificate ¶

func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a certdb.CertificateRecord into db.

func (*Accessor) InsertOCSP ¶

func (d *Accessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*Accessor) RevokeCertificate ¶

func (d *Accessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*Accessor) SetDB ¶

func (d *Accessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateOCSP ¶

func (d *Accessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*Accessor) UpsertOCSP ¶

func (d *Accessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db Implementation note: We didn't implement 'upsert' with SQL statement and we lost race condition prevention provided by underlying DBMS. Reasoning: 1. it's difficult to support multiple DBMS backends in the same time, the SQL syntax differs from one to another. 2. we don't need a strict simultaneous consistency between OCSP and certificate status. It's OK that a OCSP response still shows 'good' while the corresponding certificate is being revoked seconds ago, as long as the OCSP response catches up to be eventually consistent (within hours to days). Write race condition between OCSP writers on OCSP table is not a problem, since we don't have write race condition on Certificate table and OCSP writers should periodically use Certificate table to update OCSP table to catch up.

Source Files ¶

database_accessor.go

Version: v1.6.5 (latest)
Published: Mar 5, 2024
Platform: linux/amd64
Imports: 7 packages
Last checked: 6 days ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples