cfssl: Index | Files

package sql

import ""


Package Files


type Accessor Uses

type Accessor struct {
    // contains filtered or unexported fields

Accessor implements certdb.Accessor interface.

func NewAccessor Uses

func NewAccessor(db *sqlx.DB) *Accessor

NewAccessor returns a new Accessor.

func (*Accessor) GetCertificate Uses

func (d *Accessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a certdb.CertificateRecord indexed by serial.

func (*Accessor) GetOCSP Uses

func (d *Accessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*Accessor) GetRevokedAndUnexpiredCertificates Uses

func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetRevokedAndUnexpiredCertificates gets all revoked and unexpired certificate from db (for CRLs).

func (*Accessor) GetRevokedAndUnexpiredCertificatesByLabel Uses

func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) (crs []certdb.CertificateRecord, err error)

GetRevokedAndUnexpiredCertificatesByLabel gets all revoked and unexpired certificate from db (for CRLs) with specified ca_label.

func (*Accessor) GetUnexpiredCertificates Uses

func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*Accessor) GetUnexpiredOCSPs Uses

func (d *Accessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*Accessor) InsertCertificate Uses

func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a certdb.CertificateRecord into db.

func (*Accessor) InsertOCSP Uses

func (d *Accessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*Accessor) RevokeCertificate Uses

func (d *Accessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*Accessor) SetDB Uses

func (d *Accessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateOCSP Uses

func (d *Accessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*Accessor) UpsertOCSP Uses

func (d *Accessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db Implementation note: We didn't implement 'upsert' with SQL statement and we lost race condition prevention provided by underlying DBMS. Reasoning: 1. it's difficult to support multiple DBMS backends in the same time, the SQL syntax differs from one to another. 2. we don't need a strict simultaneous consistency between OCSP and certificate status. It's OK that a OCSP response still shows 'good' while the corresponding certificate is being revoked seconds ago, as long as the OCSP response catches up to be eventually consistent (within hours to days). Write race condition between OCSP writers on OCSP table is not a problem, since we don't have write race condition on Certificate table and OCSP writers should periodically use Certificate table to update OCSP table to catch up.

Package sql imports 7 packages (graph) and is imported by 277 packages. Updated 2020-11-30. Refresh now. Tools for package owners.