rocsp

Documentation

Index

• Variables
• type MockWriteClient
  • func NewMockWriteFailClient() MockWriteClient
  • func NewMockWriteSucceedClient() MockWriteClient
  • func (r MockWriteClient) StoreResponse(ctx context.Context, resp *ocsp.Response) error
• type ROClient
  • func NewReadingClient(rdb *redis.Ring, timeout time.Duration, clk clock.Clock, ...) *ROClient
  • func (c *ROClient) GetResponse(ctx context.Context, serial string) ([]byte, error)
  • func (c *ROClient) Ping(ctx context.Context) error
  • func (c *ROClient) ScanResponses(ctx context.Context, serialPattern string) <-chan ScanResponsesResult
• type RWClient
  • func NewWritingClient(rdb *redis.Ring, timeout time.Duration, clk clock.Clock, ...) *RWClient
  • func (c *RWClient) StoreResponse(ctx context.Context, resp *ocsp.Response) error
• type ScanResponsesResult

Variables

var ErrRedisNotFound = errors.New("redis key not found")

Types

type MockWriteClient

type MockWriteClient struct {
	StoreResponseReturnError error
}

MockWriteClient is a mock

func NewMockWriteFailClient

func NewMockWriteFailClient() MockWriteClient

NewMockWriteFailClient returns a mock MockWriteClient with a StoreResponse method that will always fail.

func NewMockWriteSucceedClient

func NewMockWriteSucceedClient() MockWriteClient

NewMockWriteSucceedClient returns a mock MockWriteClient with a StoreResponse method that will always succeed.

func (MockWriteClient) StoreResponse

func (r MockWriteClient) StoreResponse(ctx context.Context, resp *ocsp.Response) error

StoreResponse mocks a rocsp.StoreResponse method and returns nil or an error depending on the desired state.

type ROClient

type ROClient struct {
	// contains filtered or unexported fields
}

ROClient represents a read-only Redis client.

func NewReadingClient

func NewReadingClient(rdb *redis.Ring, timeout time.Duration, clk clock.Clock, stats prometheus.Registerer) *ROClient

NewReadingClient creates a read-only client. The timeout applies to all requests, though a shorter timeout can be applied on a per-request basis using context.Context. rdb must be non-nil.

func (*ROClient) GetResponse

func (c *ROClient) GetResponse(ctx context.Context, serial string) ([]byte, error)

GetResponse fetches a response for the given serial number. Returns error if the OCSP response fails to parse.

func (*ROClient) Ping

func (c *ROClient) Ping(ctx context.Context) error

Ping checks that each shard of the *redis.Ring is reachable using the PING command. It returns an error if any shard is unreachable and nil otherwise.

func (*ROClient) ScanResponses

func (c *ROClient) ScanResponses(ctx context.Context, serialPattern string) <-chan ScanResponsesResult

ScanResponses scans Redis for all OCSP responses where the serial number matches the provided pattern. It returns immediately and emits results and errors on `<-chan ScanResponsesResult`. It closes the channel when it is done or hits an error.

type RWClient

type RWClient struct {
	*ROClient
	// contains filtered or unexported fields
}

RWClient represents a Redis client that can both read and write.

func NewWritingClient

func NewWritingClient(rdb *redis.Ring, timeout time.Duration, clk clock.Clock, stats prometheus.Registerer) *RWClient

NewWritingClient creates a RWClient.

func (*RWClient) StoreResponse

func (c *RWClient) StoreResponse(ctx context.Context, resp *ocsp.Response) error

StoreResponse parses the given bytes as an OCSP response, and stores it into Redis. The expiration time (ttl) of the Redis key is set to OCSP response `NextUpdate`.

type ScanResponsesResult

type ScanResponsesResult struct {
	Serial string
	Body   []byte
	Err    error
}

ScanResponsesResult represents a single OCSP response entry in redis. `Serial` is the stringified serial number of the response. `Body` is the DER bytes of the response. If this object represents an error, `Err` will be non-nil and the other entries will have their zero values.