cfssl: Index | Files | Directories

package certdb

import ""


Package Files


type Accessor Uses

type Accessor interface {
    InsertCertificate(cr CertificateRecord) error
    GetCertificate(serial, aki string) ([]CertificateRecord, error)
    GetUnexpiredCertificates() ([]CertificateRecord, error)
    GetRevokedAndUnexpiredCertificates() ([]CertificateRecord, error)
    GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]CertificateRecord, error)
    RevokeCertificate(serial, aki string, reasonCode int) error
    InsertOCSP(rr OCSPRecord) error
    GetOCSP(serial, aki string) ([]OCSPRecord, error)
    GetUnexpiredOCSPs() ([]OCSPRecord, error)
    UpdateOCSP(serial, aki, body string, expiry time.Time) error
    UpsertOCSP(serial, aki, body string, expiry time.Time) error

Accessor abstracts the CRUD of certdb objects from a DB.

type CertificateRecord Uses

type CertificateRecord struct {
    Serial    string    `db:"serial_number"`
    AKI       string    `db:"authority_key_identifier"`
    CALabel   string    `db:"ca_label"`
    Status    string    `db:"status"`
    Reason    int       `db:"reason"`
    Expiry    time.Time `db:"expiry"`
    RevokedAt time.Time `db:"revoked_at"`
    PEM       string    `db:"pem"`
    // the following fields will be empty for data inserted before migrate 002 has been run.
    IssuedAt     *time.Time     `db:"issued_at"`
    NotBefore    *time.Time     `db:"not_before"`
    MetadataJSON types.JSONText `db:"metadata"`
    SANsJSON     types.JSONText `db:"sans"`
    CommonName   sql.NullString `db:"common_name"`

CertificateRecord encodes a certificate and its metadata that will be recorded in a database.

func (*CertificateRecord) GetMetadata Uses

func (c *CertificateRecord) GetMetadata() (map[string]interface{}, error)

GetMetadata returns the json metadata

func (*CertificateRecord) GetSANs Uses

func (c *CertificateRecord) GetSANs() ([]string, error)

GetSANs returns the json SANs

func (*CertificateRecord) SetMetadata Uses

func (c *CertificateRecord) SetMetadata(meta map[string]interface{}) error

SetMetadata sets the metadata json

func (*CertificateRecord) SetSANs Uses

func (c *CertificateRecord) SetSANs(meta []string) error

SetSANs sets the list of sans

type OCSPRecord Uses

type OCSPRecord struct {
    Serial string    `db:"serial_number"`
    AKI    string    `db:"authority_key_identifier"`
    Body   string    `db:"body"`
    Expiry time.Time `db:"expiry"`

OCSPRecord encodes a OCSP response body and its metadata that will be recorded in a database.


ocspstaplingPackage ocspstapling implements OCSP stapling of Signed Certificate Timestamps (SCTs) into OCSP responses in a database.

Package certdb imports 4 packages (graph) and is imported by 422 packages. Updated 2020-11-30. Refresh now. Tools for package owners.