boulder: github.com/letsencrypt/boulder/sa Index | Files | Directories

package sa

import "github.com/letsencrypt/boulder/sa"

Index

Package Files

authz.go database.go metrics.go model.go precertificates.go rate_limits.go sa.go type-converter.go

func AuthzMapToPB Uses

func AuthzMapToPB(m map[string]*core.Authorization) (*sapb.Authorizations, error)

func InitDBMetrics Uses

func InitDBMetrics(dbMap *gorp.DbMap, scope metrics.Scope)

InitDBMetrics will register prometheus stats for the provided dbMap under the given metrics.Scope. Every 1 second in a separate go routine the prometheus stats will be updated based on the gorp dbMap's inner sql.DBMap's DBStats structure values.

func NewDbMap Uses

func NewDbMap(dbConnect string, maxOpenConns int) (*gorp.DbMap, error)

NewDbMap creates the root gorp mapping object. Create one of these for each database schema you wish to map. Each DbMap contains a list of mapped tables. It automatically maps the tables for the primary parts of Boulder around the Storage Authority.

func NewDbMapFromConfig Uses

func NewDbMapFromConfig(config *mysql.Config, maxOpenConns int) (*gorp.DbMap, error)

NewDbMapFromConfig functions similarly to NewDbMap, but it takes the decomposed form of the connection string, a *mysql.Config.

func ReverseName Uses

func ReverseName(domain string) string

func SelectCertificate Uses

func SelectCertificate(s db.OneSelector, q string, args ...interface{}) (core.Certificate, error)

SelectCertificate selects all fields of one certificate object

func SelectCertificateStatus Uses

func SelectCertificateStatus(s db.OneSelector, q string, args ...interface{}) (certStatusModel, error)

SelectCertificateStatus selects all fields of one certificate status model

func SelectPrecertificate Uses

func SelectPrecertificate(s db.OneSelector, serial string) (core.Certificate, error)

SelectPrecertificate selects all fields of one precertificate object identified by serial.

func SetSQLDebug Uses

func SetSQLDebug(dbMap *gorp.DbMap, log blog.Logger)

SetSQLDebug enables GORP SQL-level Debugging

type BoulderTypeConverter Uses

type BoulderTypeConverter struct{}

BoulderTypeConverter is used by Gorp for storing objects in DB.

func (BoulderTypeConverter) FromDb Uses

func (tc BoulderTypeConverter) FromDb(target interface{}) (gorp.CustomScanner, bool)

FromDb converts a DB representation back into a Boulder object.

func (BoulderTypeConverter) ToDb Uses

func (tc BoulderTypeConverter) ToDb(val interface{}) (interface{}, error)

ToDb converts a Boulder object to one suitable for the DB representation.

type CertWithID Uses

type CertWithID struct {
    ID  int64
    core.Certificate
}

func SelectCertificates Uses

func SelectCertificates(s db.Selector, q string, args map[string]interface{}) ([]CertWithID, error)

SelectCertificates selects all fields of multiple certificate objects

type SQLLogger Uses

type SQLLogger struct {
    blog.Logger
}

SQLLogger adapts the Boulder Logger to a format GORP can use.

func (*SQLLogger) Printf Uses

func (log *SQLLogger) Printf(format string, v ...interface{})

Printf adapts the AuditLogger to GORP's interface

type SQLStorageAuthority Uses

type SQLStorageAuthority struct {
    // contains filtered or unexported fields
}

SQLStorageAuthority defines a Storage Authority

func NewSQLStorageAuthority Uses

func NewSQLStorageAuthority(
    dbMap *gorp.DbMap,
    clk clock.Clock,
    logger blog.Logger,
    scope metrics.Scope,
    parallelismPerRPC int,
) (*SQLStorageAuthority, error)

NewSQLStorageAuthority provides persistence using a SQL backend for Boulder. It will modify the given gorp.DbMap by adding relevant tables.

func (*SQLStorageAuthority) AddCertificate Uses

func (ssa *SQLStorageAuthority) AddCertificate(
    ctx context.Context,
    certDER []byte,
    regID int64,
    ocspResponse []byte,
    issued *time.Time) (string, error)

AddCertificate stores an issued certificate and returns the digest as a string, or an error if any occurred.

func (*SQLStorageAuthority) AddPrecertificate Uses

func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*corepb.Empty, error)

AddPrecertificate writes a record of a precertificate generation to the DB.

func (*SQLStorageAuthority) AddSerial Uses

func (ssa *SQLStorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*corepb.Empty, error)

AddSerial writes a record of a serial number generation to the DB.

func (*SQLStorageAuthority) CountCertificatesByNames Uses

func (ssa *SQLStorageAuthority) CountCertificatesByNames(ctx context.Context, domains []string, earliest, latest time.Time) ([]*sapb.CountByNames_MapElement, error)

CountCertificatesByNames counts, for each input domain, the number of certificates issued in the given time range for that domain and its subdomains. It returns a map from domains to counts, which is guaranteed to contain an entry for each input domain, so long as err is nil. Queries will be run in parallel. If any of them error, only one error will be returned.

func (*SQLStorageAuthority) CountFQDNSets Uses

func (ssa *SQLStorageAuthority) CountFQDNSets(ctx context.Context, window time.Duration, names []string) (int64, error)

CountFQDNSets returns the number of sets with hash |setHash| within the window |window|

func (*SQLStorageAuthority) CountInvalidAuthorizations2 Uses

func (ssa *SQLStorageAuthority) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)

CountInvalidAuthorizations2 counts invalid authorizations for a user expiring in a given time range. This method is intended to deprecate CountInvalidAuthorizations. This method only supports DNS identifier types.

func (*SQLStorageAuthority) CountOrders Uses

func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, acctID int64, earliest, latest time.Time) (int, error)

func (*SQLStorageAuthority) CountPendingAuthorizations2 Uses

func (ssa *SQLStorageAuthority) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)

CountPendingAuthorizations2 returns the number of pending, unexpired authorizations for the given registration. This method is intended to deprecate CountPendingAuthorizations.

func (*SQLStorageAuthority) CountRegistrationsByIP Uses

func (ssa *SQLStorageAuthority) CountRegistrationsByIP(ctx context.Context, ip net.IP, earliest time.Time, latest time.Time) (int, error)

CountRegistrationsByIP returns the number of registrations created in the time range for a single IP address.

func (*SQLStorageAuthority) CountRegistrationsByIPRange Uses

func (ssa *SQLStorageAuthority) CountRegistrationsByIPRange(ctx context.Context, ip net.IP, earliest time.Time, latest time.Time) (int, error)

CountRegistrationsByIPRange returns the number of registrations created in the time range in an IP range. For IPv4 addresses, that range is limited to the single IP. For IPv6 addresses, that range is a /48, since it's not uncommon for one person to have a /48 to themselves.

func (*SQLStorageAuthority) DeactivateAuthorization2 Uses

func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Empty, error)

DeactivateAuthorization2 deactivates a currently valid or pending authorization. This method is intended to deprecate DeactivateAuthorization.

func (*SQLStorageAuthority) DeactivateRegistration Uses

func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, id int64) error

DeactivateRegistration deactivates a currently valid registration

func (*SQLStorageAuthority) FQDNSetExists Uses

func (ssa *SQLStorageAuthority) FQDNSetExists(ctx context.Context, names []string) (bool, error)

FQDNSetExists returns a bool indicating if one or more FQDN sets |names| exists in the database

func (*SQLStorageAuthority) FinalizeAuthorization2 Uses

func (ssa *SQLStorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest) error

FinalizeAuthorization2 moves a pending authorization to either the valid or invalid status. If the authorization is being moved to invalid the validationError field must be set. If the authorization is being moved to valid the validationRecord and expires fields must be set. This method is intended to deprecate the FinalizeAuthorization method.

func (*SQLStorageAuthority) FinalizeOrder Uses

func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *corepb.Order) error

FinalizeOrder finalizes a provided *corepb.Order by persisting the CertificateSerial and a valid status to the database. No fields other than CertificateSerial and the order ID on the provided order are processed (e.g. this is not a generic update RPC).

func (*SQLStorageAuthority) GetAuthorization2 Uses

func (ssa *SQLStorageAuthority) GetAuthorization2(ctx context.Context, id *sapb.AuthorizationID2) (*corepb.Authorization, error)

GetAuthorization2 returns the authz2 style authorization identified by the provided ID or an error. If no authorization is found matching the ID a berrors.NotFound type error is returned. This method is intended to deprecate GetAuthorization.

func (*SQLStorageAuthority) GetAuthorizations2 Uses

func (ssa *SQLStorageAuthority) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)

GetAuthorizations2 returns any valid or pending authorizations that exist for the list of domains provided. If both a valid and pending authorization exist only the valid one will be returned. This method will look in both the v2 and v1 authorizations tables for authorizations but will always prefer v2 authorizations. This method will only return authorizations created using the WFE v2 API (in GetAuthorizations this feature was, now somewhat confusingly, called RequireV2Authzs). This method is intended to deprecate GetAuthorizations. This method only supports DNS identifier types.

func (*SQLStorageAuthority) GetCertificate Uses

func (ssa *SQLStorageAuthority) GetCertificate(ctx context.Context, serial string) (core.Certificate, error)

GetCertificate takes a serial number and returns the corresponding certificate, or error if it does not exist.

func (*SQLStorageAuthority) GetCertificateStatus Uses

func (ssa *SQLStorageAuthority) GetCertificateStatus(ctx context.Context, serial string) (core.CertificateStatus, error)

GetCertificateStatus takes a hexadecimal string representing the full 128-bit serial number of a certificate and returns data about that certificate's current validity.

func (*SQLStorageAuthority) GetOrder Uses

func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)

GetOrder is used to retrieve an already existing order object

func (*SQLStorageAuthority) GetOrderForNames Uses

func (ssa *SQLStorageAuthority) GetOrderForNames(
    ctx context.Context,
    req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)

GetOrderForNames tries to find a **pending** or **ready** order with the exact set of names requested, associated with the given accountID. Only unexpired orders are considered. If no order meeting these requirements is found a nil corepb.Order pointer is returned.

func (*SQLStorageAuthority) GetPendingAuthorization2 Uses

func (ssa *SQLStorageAuthority) GetPendingAuthorization2(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error)

GetPendingAuthorization2 returns the most recent Pending authorization with the given identifier, if available. This method is intended to deprecate GetPendingAuthorization. This method only supports DNS identifier types.

func (*SQLStorageAuthority) GetPrecertificate Uses

func (ssa *SQLStorageAuthority) GetPrecertificate(ctx context.Context, reqSerial *sapb.Serial) (*corepb.Certificate, error)

GetPrecertificate takes a serial number and returns the corresponding precertificate, or error if it does not exist.

func (*SQLStorageAuthority) GetRegistration Uses

func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, id int64) (core.Registration, error)

GetRegistration obtains a Registration by ID

func (*SQLStorageAuthority) GetRegistrationByKey Uses

func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, key *jose.JSONWebKey) (core.Registration, error)

GetRegistrationByKey obtains a Registration by JWK

func (*SQLStorageAuthority) GetValidAuthorizations2 Uses

func (ssa *SQLStorageAuthority) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)

GetValidAuthorizations2 returns the latest authorization for all domain names that the account has authorizations for. This method is intended to deprecate GetValidAuthorizations. This method only supports DNS identifier types.

func (*SQLStorageAuthority) GetValidOrderAuthorizations2 Uses

func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)

GetValidOrderAuthorizations2 is used to find the valid, unexpired authorizations associated with a specific order and account ID. This method is intended to deprecate GetValidOrderAuthorizations.

func (*SQLStorageAuthority) NewAuthorizations2 Uses

func (ssa *SQLStorageAuthority) NewAuthorizations2(ctx context.Context, req *sapb.AddPendingAuthorizationsRequest) (*sapb.Authorization2IDs, error)

NewAuthorizations2 adds a set of new style authorizations to the database and returns either the IDs of the authorizations or an error. It will only process corepb.Authorization objects if the V2 field is set. This method is intended to deprecate AddPendingAuthorizations

func (*SQLStorageAuthority) NewOrder Uses

func (ssa *SQLStorageAuthority) NewOrder(ctx context.Context, req *corepb.Order) (*corepb.Order, error)

NewOrder adds a new v2 style order to the database

func (*SQLStorageAuthority) NewRegistration Uses

func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, reg core.Registration) (core.Registration, error)

NewRegistration stores a new Registration

func (*SQLStorageAuthority) PreviousCertificateExists Uses

func (ssa *SQLStorageAuthority) PreviousCertificateExists(
    ctx context.Context,
    req *sapb.PreviousCertificateExistsRequest,
) (*sapb.Exists, error)

PreviousCertificateExists returns true iff there was at least one certificate issued with the provided domain name, and the most recent such certificate was issued by the provided registration ID. This method is currently only used to determine if a certificate has previously been issued for a given domain name in order to determine if validations should be allowed during the v1 API shutoff.

func (*SQLStorageAuthority) RevokeCertificate Uses

func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) error

RevokeCertificate stores revocation information about a certificate. It will only store this information if the certificate is not already marked as revoked.

func (*SQLStorageAuthority) SerialExists Uses

func (ssa *SQLStorageAuthority) SerialExists(ctx context.Context, req *sapb.Serial) (*sapb.Exists, error)

SerialExists returns a bool indicating whether the provided serial exists in the serial table. This is currently only used to determine if a serial passed to ca.GenerateOCSP is one which we have previously generated a certificate for.

func (*SQLStorageAuthority) SetOrderError Uses

func (ssa *SQLStorageAuthority) SetOrderError(ctx context.Context, order *corepb.Order) error

SetOrderError updates a provided Order's error field.

func (*SQLStorageAuthority) SetOrderProcessing Uses

func (ssa *SQLStorageAuthority) SetOrderProcessing(ctx context.Context, req *corepb.Order) error

SetOrderProcessing updates a provided *corepb.Order in pending status to be in processing status by updating the `beganProcessing` field of the corresponding Order table row in the DB.

func (*SQLStorageAuthority) UpdateRegistration Uses

func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, reg core.Registration) error

UpdateRegistration stores an updated Registration

Directories

PathSynopsis
proto
satest

Package sa imports 33 packages (graph) and is imported by 305 packages. Updated 2019-11-20. Refresh now. Tools for package owners.