Version: v0.0.0-...-b94e044 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2018 License: BSD-2-Clause Imports: 7 Imported by: 0




This section is empty.


This section is empty.


This section is empty.


type Accessor

type Accessor struct {
	// contains filtered or unexported fields

Accessor implements certdb.Accessor interface.

func NewAccessor

func NewAccessor(db *sqlx.DB) *Accessor

NewAccessor returns a new Accessor.

func (*Accessor) GetCertificate

func (d *Accessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a certdb.CertificateRecord indexed by serial.

func (*Accessor) GetOCSP

func (d *Accessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*Accessor) GetRevokedAndUnexpiredCertificates

func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetRevokedAndUnexpiredCertificates gets all revoked and unexpired certificate from db (for CRLs).

func (*Accessor) GetRevokedAndUnexpiredCertificatesByLabel

func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) (crs []certdb.CertificateRecord, err error)

GetRevokedAndUnexpiredCertificatesByLabel gets all revoked and unexpired certificate from db (for CRLs) with specified ca_label.

func (*Accessor) GetUnexpiredCertificates

func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*Accessor) GetUnexpiredOCSPs

func (d *Accessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*Accessor) InsertCertificate

func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a certdb.CertificateRecord into db.

func (*Accessor) InsertOCSP

func (d *Accessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*Accessor) RevokeCertificate

func (d *Accessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*Accessor) SetDB

func (d *Accessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateOCSP

func (d *Accessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*Accessor) UpsertOCSP

func (d *Accessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db Implementation note: We didn't implement 'upsert' with SQL statement and we lost race condition prevention provided by underlying DBMS. Reasoning: 1. it's diffcult to support multiple DBMS backends in the same time, the SQL syntax differs from one to another. 2. we don't need a strict simultaneous consistency between OCSP and certificate status. It's OK that a OCSP response still shows 'good' while the corresponding certificate is being revoked seconds ago, as long as the OCSP response catches up to be eventually consistent (within hours to days). Write race condition between OCSP writers on OCSP table is not a problem, since we don't have write race condition on Certificate table and OCSP writers should periodically use Certificate table to update OCSP table to catch up.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL