Documentation ¶
Index ¶
- func ClearEmail(ctx context.Context, dbMap db.DatabaseMap, regID int64, email string) error
- func DBMapForTest(dbConnect string) (*boulderDB.WrappedMap, error)
- func DBMapForTestWithLog(dbConnect string, log blog.Logger) (*boulderDB.WrappedMap, error)
- func InitWrappedDb(config cmd.DBConfig, scope prometheus.Registerer, logger blog.Logger) (*boulderDB.WrappedMap, error)
- func ReverseName(domain string) string
- func SelectAuthzsMatchingIssuance(ctx context.Context, s db.Selector, regID int64, issued time.Time, ...) ([]*corepb.Authorization, error)
- func SelectCertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
- func SelectCertificateStatus(ctx context.Context, s db.OneSelector, serial string) (core.CertificateStatus, error)
- func SelectPrecertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
- func SelectRevocationStatus(ctx context.Context, s db.OneSelector, serial string) (*sapb.RevocationStatus, error)
- type BoulderTypeConverter
- type CertStatusMetadata
- type CertWithID
- type DbSettings
- type RevocationStatusModel
- type SQLLogger
- type SQLStorageAuthority
- func (ssa *SQLStorageAuthority) AddBlockedKey(ctx context.Context, req *sapb.AddBlockedKeyRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
- func (ssa *SQLStorageAuthority) CountFQDNSets(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthority) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthority) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
- func (ssa *SQLStorageAuthority) CountRegistrationsByIP(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthority) CountRegistrationsByIPRange(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, req *sapb.RegistrationID) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthority) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
- func (ssa *SQLStorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *sapb.FinalizeOrderRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
- func (ssa *SQLStorageAuthority) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthority) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
- func (ssa *SQLStorageAuthority) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
- func (ssa *SQLStorageAuthority) GetLintPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
- func (ssa *SQLStorageAuthority) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
- func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthority) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthority) GetPendingAuthorization2(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error)
- func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthority) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
- func (ssa *SQLStorageAuthority) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, ...) error
- func (ssa *SQLStorageAuthority) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
- func (ssa *SQLStorageAuthority) GetSerialsByAccount(req *sapb.RegistrationID, ...) error
- func (ssa *SQLStorageAuthority) GetSerialsByKey(req *sapb.SPKIHash, stream sapb.StorageAuthority_GetSerialsByKeyServer) error
- func (ssa *SQLStorageAuthority) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthority) Health(ctx context.Context) error
- func (ssa *SQLStorageAuthority) IncidentsForSerial(ctx context.Context, req *sapb.Serial) (*sapb.Incidents, error)
- func (ssa *SQLStorageAuthority) KeyBlocked(ctx context.Context, req *sapb.SPKIHash) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthority) LeaseCRLShard(ctx context.Context, req *sapb.LeaseCRLShardRequest) (*sapb.LeaseCRLShardResponse, error)
- func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, req *corepb.Registration) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthority) ReplacementOrderExists(ctx context.Context, req *sapb.Serial) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) SerialsForIncident(req *sapb.SerialsForIncidentRequest, ...) error
- func (ssa *SQLStorageAuthority) SetCertificateStatusReady(ctx context.Context, req *sapb.Serial) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) SetOrderError(ctx context.Context, req *sapb.SetOrderErrorRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) UpdateCRLShard(ctx context.Context, req *sapb.UpdateCRLShardRequest) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, req *corepb.Registration) (*emptypb.Empty, error)
- func (ssa *SQLStorageAuthority) UpdateRevokedCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
- type SQLStorageAuthorityRO
- func (ssa *SQLStorageAuthorityRO) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
- func (ssa *SQLStorageAuthorityRO) CountFQDNSets(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) CountRegistrationsByIP(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) CountRegistrationsByIPRange(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
- func (ssa *SQLStorageAuthorityRO) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthorityRO) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
- func (ssa *SQLStorageAuthorityRO) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
- func (ssa *SQLStorageAuthorityRO) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthorityRO) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
- func (ssa *SQLStorageAuthorityRO) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
- func (ssa *SQLStorageAuthorityRO) GetLintPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
- func (ssa *SQLStorageAuthorityRO) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
- func (ssa *SQLStorageAuthorityRO) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthorityRO) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
- func (ssa *SQLStorageAuthorityRO) GetPendingAuthorization2(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error)
- func (ssa *SQLStorageAuthorityRO) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthorityRO) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
- func (ssa *SQLStorageAuthorityRO) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
- func (ssa *SQLStorageAuthorityRO) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, ...) error
- func (ssa *SQLStorageAuthorityRO) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
- func (ssa *SQLStorageAuthorityRO) GetSerialsByAccount(req *sapb.RegistrationID, ...) error
- func (ssa *SQLStorageAuthorityRO) GetSerialsByKey(req *sapb.SPKIHash, stream sapb.StorageAuthorityReadOnly_GetSerialsByKeyServer) error
- func (ssa *SQLStorageAuthorityRO) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthorityRO) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
- func (ssa *SQLStorageAuthorityRO) Health(ctx context.Context) error
- func (ssa *SQLStorageAuthorityRO) IncidentsForSerial(ctx context.Context, req *sapb.Serial) (*sapb.Incidents, error)
- func (ssa *SQLStorageAuthorityRO) KeyBlocked(ctx context.Context, req *sapb.SPKIHash) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthorityRO) ReplacementOrderExists(ctx context.Context, req *sapb.Serial) (*sapb.Exists, error)
- func (ssa *SQLStorageAuthorityRO) SerialsForIncident(req *sapb.SerialsForIncidentRequest, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClearEmail ¶
ClearEmail removes the provided email address from one specified registration. If there are multiple email addresses present, it does not modify other ones. If the email address is not present, it does not modify the registration and will return a nil error.
func DBMapForTest ¶
func DBMapForTest(dbConnect string) (*boulderDB.WrappedMap, error)
DBMapForTest creates a wrapped root borp mapping object. Create one of these for each database schema you wish to map. Each DbMap contains a list of mapped tables. It automatically maps the tables for the primary parts of Boulder around the Storage Authority.
func DBMapForTestWithLog ¶
DBMapForTestWithLog does the same as DBMapForTest but also routes the debug logs from the database driver to the given log (usually a `blog.NewMock`).
func InitWrappedDb ¶
func InitWrappedDb(config cmd.DBConfig, scope prometheus.Registerer, logger blog.Logger) (*boulderDB.WrappedMap, error)
InitWrappedDb constructs a wrapped borp mapping object with the provided settings. If scope is non-nil, Prometheus metrics will be exported. If logger is non-nil, SQL debug-level logging will be enabled. The only required parameter is config.
func ReverseName ¶
func SelectAuthzsMatchingIssuance ¶
func SelectAuthzsMatchingIssuance( ctx context.Context, s db.Selector, regID int64, issued time.Time, dnsNames []string, ) ([]*corepb.Authorization, error)
SelectAuthzsMatchingIssuance looks for a set of authzs that would have authorized a given issuance that is known to have occurred. The returned authzs will all belong to the given regID, will have potentially been valid at the time of issuance, and will have the appropriate identifier type and value. This may return multiple authzs for the same identifier type and value.
This returns "potentially" valid authzs because a client may have set an authzs status to deactivated after issuance, so we return both valid and deactivated authzs. It also uses a small amount of leeway (1s) to account for possible clock skew.
This function doesn't do anything special for authzs with an expiration in the past. If the stored authz has a valid status, it is returned with a valid status regardless of whether it is also expired.
func SelectCertificate ¶
func SelectCertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
SelectCertificate selects all fields of one certificate object identified by a serial. If more than one row contains the same serial only the first is returned.
func SelectCertificateStatus ¶
func SelectCertificateStatus(ctx context.Context, s db.OneSelector, serial string) (core.CertificateStatus, error)
SelectCertificateStatus selects all fields of one certificate status model identified by serial
func SelectPrecertificate ¶
func SelectPrecertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
SelectPrecertificate selects all fields of one precertificate object identified by serial.
func SelectRevocationStatus ¶
func SelectRevocationStatus(ctx context.Context, s db.OneSelector, serial string) (*sapb.RevocationStatus, error)
SelectRevocationStatus returns the authoritative revocation information for the certificate with the given serial.
Types ¶
type BoulderTypeConverter ¶
type BoulderTypeConverter struct{}
BoulderTypeConverter is used by borp for storing objects in DB.
func (BoulderTypeConverter) FromDb ¶
func (tc BoulderTypeConverter) FromDb(target interface{}) (borp.CustomScanner, bool)
FromDb converts a DB representation back into a Boulder object.
func (BoulderTypeConverter) ToDb ¶
func (tc BoulderTypeConverter) ToDb(val interface{}) (interface{}, error)
ToDb converts a Boulder object to one suitable for the DB representation.
type CertStatusMetadata ¶
type CertStatusMetadata struct { ID int64 `db:"id"` Serial string `db:"serial"` Status core.OCSPStatus `db:"status"` OCSPLastUpdated time.Time `db:"ocspLastUpdated"` RevokedDate time.Time `db:"revokedDate"` RevokedReason revocation.Reason `db:"revokedReason"` LastExpirationNagSent time.Time `db:"lastExpirationNagSent"` NotAfter time.Time `db:"notAfter"` IsExpired bool `db:"isExpired"` IssuerID int64 `db:"issuerID"` }
type CertWithID ¶
type CertWithID struct { ID int64 core.Certificate }
func SelectCertificates ¶
func SelectCertificates(ctx context.Context, s db.Selector, q string, args map[string]interface{}) ([]CertWithID, error)
SelectCertificates selects all fields of multiple certificate objects
func SelectPrecertificates ¶
func SelectPrecertificates(ctx context.Context, s db.Selector, q string, args map[string]interface{}) ([]CertWithID, error)
SelectPrecertificates selects all fields of multiple precertificate objects.
type DbSettings ¶
type DbSettings struct { // MaxOpenConns sets the maximum number of open connections to the // database. If MaxIdleConns is greater than 0 and MaxOpenConns is // less than MaxIdleConns, then MaxIdleConns will be reduced to // match the new MaxOpenConns limit. If n < 0, then there is no // limit on the number of open connections. MaxOpenConns int // MaxIdleConns sets the maximum number of connections in the idle // connection pool. If MaxOpenConns is greater than 0 but less than // MaxIdleConns, then MaxIdleConns will be reduced to match the // MaxOpenConns limit. If n < 0, no idle connections are retained. MaxIdleConns int // ConnMaxLifetime sets the maximum amount of time a connection may // be reused. Expired connections may be closed lazily before reuse. // If d < 0, connections are not closed due to a connection's age. ConnMaxLifetime time.Duration // ConnMaxIdleTime sets the maximum amount of time a connection may // be idle. Expired connections may be closed lazily before reuse. // If d < 0, connections are not closed due to a connection's idle // time. ConnMaxIdleTime time.Duration }
DbSettings contains settings for the database/sql driver. The zero value of each field means use the default setting from database/sql. ConnMaxIdleTime and ConnMaxLifetime should be set lower than their mariab counterparts interactive_timeout and wait_timeout.
type RevocationStatusModel ¶
type RevocationStatusModel struct { Status core.OCSPStatus `db:"status"` RevokedDate time.Time `db:"revokedDate"` RevokedReason revocation.Reason `db:"revokedReason"` }
RevocationStatusModel represents a small subset of the columns in the certificateStatus table, used to determine the authoritative revocation status of a certificate.
type SQLStorageAuthority ¶
type SQLStorageAuthority struct { sapb.UnimplementedStorageAuthorityServer *SQLStorageAuthorityRO // contains filtered or unexported fields }
SQLStorageAuthority defines a Storage Authority.
Note that although SQLStorageAuthority does have methods wrapping all of the read-only methods provided by the SQLStorageAuthorityRO, those wrapper implementations are in saro.go, next to the real implementations.
func NewSQLStorageAuthority ¶
func NewSQLStorageAuthority( dbMap *db.WrappedMap, dbReadOnlyMap *db.WrappedMap, dbIncidentsMap *db.WrappedMap, parallelismPerRPC int, lagFactor time.Duration, clk clock.Clock, logger blog.Logger, stats prometheus.Registerer, ) (*SQLStorageAuthority, error)
NewSQLStorageAuthority provides persistence using a SQL backend for Boulder. It constructs its own read-only storage authority to wrap.
func NewSQLStorageAuthorityWrapping ¶
func NewSQLStorageAuthorityWrapping( ssaro *SQLStorageAuthorityRO, dbMap *db.WrappedMap, stats prometheus.Registerer, ) (*SQLStorageAuthority, error)
NewSQLStorageAuthorityWrapping provides persistence using a SQL backend for Boulder. It takes a read-only storage authority to wrap, which is useful if you are constructing both types of implementations and want to share read-only database connections between them.
func (*SQLStorageAuthority) AddBlockedKey ¶
func (ssa *SQLStorageAuthority) AddBlockedKey(ctx context.Context, req *sapb.AddBlockedKeyRequest) (*emptypb.Empty, error)
AddBlockedKey adds a key hash to the blockedKeys table
func (*SQLStorageAuthority) AddCertificate ¶
func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
AddCertificate stores an issued certificate, returning an error if it is a duplicate or if any other failure occurs.
func (*SQLStorageAuthority) AddPrecertificate ¶
func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
AddPrecertificate writes a record of a precertificate generation to the DB. Note: this is not idempotent: it does not protect against inserting the same certificate multiple times. Calling code needs to first insert the cert's serial into the Serials table to ensure uniqueness.
func (*SQLStorageAuthority) AddSerial ¶
func (ssa *SQLStorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error)
AddSerial writes a record of a serial number generation to the DB.
func (*SQLStorageAuthority) CountCertificatesByNames ¶
func (ssa *SQLStorageAuthority) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
func (*SQLStorageAuthority) CountFQDNSets ¶
func (ssa *SQLStorageAuthority) CountFQDNSets(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Count, error)
func (*SQLStorageAuthority) CountInvalidAuthorizations2 ¶
func (ssa *SQLStorageAuthority) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
func (*SQLStorageAuthority) CountOrders ¶
func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
func (*SQLStorageAuthority) CountPendingAuthorizations2 ¶
func (ssa *SQLStorageAuthority) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
func (*SQLStorageAuthority) CountRegistrationsByIP ¶
func (ssa *SQLStorageAuthority) CountRegistrationsByIP(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
func (*SQLStorageAuthority) CountRegistrationsByIPRange ¶
func (ssa *SQLStorageAuthority) CountRegistrationsByIPRange(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
func (*SQLStorageAuthority) DeactivateAuthorization2 ¶
func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*emptypb.Empty, error)
DeactivateAuthorization2 deactivates a currently valid or pending authorization.
func (*SQLStorageAuthority) DeactivateRegistration ¶
func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, req *sapb.RegistrationID) (*emptypb.Empty, error)
DeactivateRegistration deactivates a currently valid registration
func (*SQLStorageAuthority) FQDNSetExists ¶
func (ssa *SQLStorageAuthority) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
func (*SQLStorageAuthority) FQDNSetTimestampsForWindow ¶
func (ssa *SQLStorageAuthority) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
func (*SQLStorageAuthority) FinalizeAuthorization2 ¶
func (ssa *SQLStorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest) (*emptypb.Empty, error)
FinalizeAuthorization2 moves a pending authorization to either the valid or invalid status. If the authorization is being moved to invalid the validationError field must be set. If the authorization is being moved to valid the validationRecord and expires fields must be set.
func (*SQLStorageAuthority) FinalizeOrder ¶
func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *sapb.FinalizeOrderRequest) (*emptypb.Empty, error)
FinalizeOrder finalizes a provided *corepb.Order by persisting the CertificateSerial and a valid status to the database. No fields other than CertificateSerial and the order ID on the provided order are processed (e.g. this is not a generic update RPC).
func (*SQLStorageAuthority) GetAuthorization2 ¶
func (ssa *SQLStorageAuthority) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
func (*SQLStorageAuthority) GetAuthorizations2 ¶
func (ssa *SQLStorageAuthority) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
func (*SQLStorageAuthority) GetCertificate ¶
func (ssa *SQLStorageAuthority) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
func (*SQLStorageAuthority) GetCertificateStatus ¶
func (ssa *SQLStorageAuthority) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
func (*SQLStorageAuthority) GetLintPrecertificate ¶
func (ssa *SQLStorageAuthority) GetLintPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
func (*SQLStorageAuthority) GetMaxExpiration ¶
func (ssa *SQLStorageAuthority) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
func (*SQLStorageAuthority) GetOrder ¶
func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
func (*SQLStorageAuthority) GetOrderForNames ¶
func (ssa *SQLStorageAuthority) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
func (*SQLStorageAuthority) GetPendingAuthorization2 ¶
func (ssa *SQLStorageAuthority) GetPendingAuthorization2(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error)
func (*SQLStorageAuthority) GetRegistration ¶
func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
func (*SQLStorageAuthority) GetRegistrationByKey ¶
func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
func (*SQLStorageAuthority) GetRevocationStatus ¶
func (ssa *SQLStorageAuthority) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
func (*SQLStorageAuthority) GetRevokedCerts ¶
func (ssa *SQLStorageAuthority) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, stream sapb.StorageAuthority_GetRevokedCertsServer) error
func (*SQLStorageAuthority) GetSerialMetadata ¶
func (ssa *SQLStorageAuthority) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
func (*SQLStorageAuthority) GetSerialsByAccount ¶
func (ssa *SQLStorageAuthority) GetSerialsByAccount(req *sapb.RegistrationID, stream sapb.StorageAuthority_GetSerialsByAccountServer) error
func (*SQLStorageAuthority) GetSerialsByKey ¶
func (ssa *SQLStorageAuthority) GetSerialsByKey(req *sapb.SPKIHash, stream sapb.StorageAuthority_GetSerialsByKeyServer) error
func (*SQLStorageAuthority) GetValidAuthorizations2 ¶
func (ssa *SQLStorageAuthority) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
func (*SQLStorageAuthority) GetValidOrderAuthorizations2 ¶
func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
func (*SQLStorageAuthority) Health ¶
func (ssa *SQLStorageAuthority) Health(ctx context.Context) error
Health implements the grpc.checker interface.
func (*SQLStorageAuthority) IncidentsForSerial ¶
func (*SQLStorageAuthority) KeyBlocked ¶
func (*SQLStorageAuthority) LeaseCRLShard ¶
func (ssa *SQLStorageAuthority) LeaseCRLShard(ctx context.Context, req *sapb.LeaseCRLShardRequest) (*sapb.LeaseCRLShardResponse, error)
LeaseCRLShard marks a single crlShards row as leased until the given time. If the request names a specific shard, this function will return an error if that shard is already leased. Otherwise, this function will return the index of the oldest shard for the given issuer.
func (*SQLStorageAuthority) NewOrderAndAuthzs ¶
func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error)
NewOrderAndAuthzs adds the given authorizations to the database, adds their autogenerated IDs to the given order, and then adds the order to the db. This is done inside a single transaction to prevent situations where new authorizations are created, but then their corresponding order is never created, leading to "invisible" pending authorizations.
func (*SQLStorageAuthority) NewRegistration ¶
func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, req *corepb.Registration) (*corepb.Registration, error)
NewRegistration stores a new Registration
func (*SQLStorageAuthority) ReplacementOrderExists ¶
func (*SQLStorageAuthority) RevokeCertificate ¶
func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
RevokeCertificate stores revocation information about a certificate. It will only store this information if the certificate is not already marked as revoked.
func (*SQLStorageAuthority) SerialsForIncident ¶
func (ssa *SQLStorageAuthority) SerialsForIncident(req *sapb.SerialsForIncidentRequest, stream sapb.StorageAuthority_SerialsForIncidentServer) error
func (*SQLStorageAuthority) SetCertificateStatusReady ¶
func (ssa *SQLStorageAuthority) SetCertificateStatusReady(ctx context.Context, req *sapb.Serial) (*emptypb.Empty, error)
SetCertificateStatusReady changes a serial's OCSP status from core.OCSPStatusNotReady to core.OCSPStatusGood. Called when precertificate issuance succeeds. returns an error if the serial doesn't have status core.OCSPStatusNotReady.
func (*SQLStorageAuthority) SetOrderError ¶
func (ssa *SQLStorageAuthority) SetOrderError(ctx context.Context, req *sapb.SetOrderErrorRequest) (*emptypb.Empty, error)
SetOrderError updates a provided Order's error field.
func (*SQLStorageAuthority) SetOrderProcessing ¶
func (ssa *SQLStorageAuthority) SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error)
SetOrderProcessing updates an order from pending status to processing status by updating the `beganProcessing` field of the corresponding Order table row in the DB.
func (*SQLStorageAuthority) UpdateCRLShard ¶
func (ssa *SQLStorageAuthority) UpdateCRLShard(ctx context.Context, req *sapb.UpdateCRLShardRequest) (*emptypb.Empty, error)
UpdateCRLShard updates the thisUpdate and nextUpdate timestamps of a CRL shard. It rejects the update if it would cause the thisUpdate timestamp to move backwards. It does *not* reject the update if the shard is no longer leased: although this would be unexpected (because the lease timestamp should be the same as the crl-updater's context expiration), it's not inherently a sign of an update that should be skipped. It does reject the update if the identified CRL shard does not exist in the database (it should exist, as rows are created if necessary when leased). It also sets the leasedUntil time to be equal to thisUpdate, to indicate that the shard is no longer leased.
func (*SQLStorageAuthority) UpdateRegistration ¶
func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, req *corepb.Registration) (*emptypb.Empty, error)
UpdateRegistration stores an updated Registration
func (*SQLStorageAuthority) UpdateRevokedCertificate ¶
func (ssa *SQLStorageAuthority) UpdateRevokedCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
UpdateRevokedCertificate stores new revocation information about an already-revoked certificate. It will only store this information if the cert is already revoked, if the new revocation reason is `KeyCompromise`, and if the revokedDate is identical to the current revokedDate.
type SQLStorageAuthorityRO ¶
type SQLStorageAuthorityRO struct { sapb.UnimplementedStorageAuthorityReadOnlyServer // contains filtered or unexported fields }
SQLStorageAuthorityRO defines a read-only subset of a Storage Authority
func NewSQLStorageAuthorityRO ¶
func NewSQLStorageAuthorityRO( dbReadOnlyMap *db.WrappedMap, dbIncidentsMap *db.WrappedMap, stats prometheus.Registerer, parallelismPerRPC int, lagFactor time.Duration, clk clock.Clock, logger blog.Logger, ) (*SQLStorageAuthorityRO, error)
NewSQLStorageAuthorityRO provides persistence using a SQL backend for Boulder. It will modify the given borp.DbMap by adding relevant tables.
func (*SQLStorageAuthorityRO) CountCertificatesByNames ¶
func (ssa *SQLStorageAuthorityRO) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
CountCertificatesByNames counts, for each input domain, the number of certificates issued in the given time range for that domain and its subdomains. It returns a map from domains to counts and a timestamp. The map of domains to counts is guaranteed to contain an entry for each input domain, so long as err is nil. The timestamp is the earliest time a certificate was issued for any of the domains during the provided range of time. Queries will be run in parallel. If any of them error, only one error will be returned.
func (*SQLStorageAuthorityRO) CountFQDNSets ¶
func (ssa *SQLStorageAuthorityRO) CountFQDNSets(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Count, error)
CountFQDNSets counts the total number of issuances, for a set of domains, that occurred during a given window of time.
func (*SQLStorageAuthorityRO) CountInvalidAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
CountInvalidAuthorizations2 counts invalid authorizations for a user expiring in a given time range. This method only supports DNS identifier types.
func (*SQLStorageAuthorityRO) CountOrders ¶
func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
func (*SQLStorageAuthorityRO) CountPendingAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
CountPendingAuthorizations2 returns the number of pending, unexpired authorizations for the given registration.
func (*SQLStorageAuthorityRO) CountRegistrationsByIP ¶
func (ssa *SQLStorageAuthorityRO) CountRegistrationsByIP(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
CountRegistrationsByIP returns the number of registrations created in the time range for a single IP address.
func (*SQLStorageAuthorityRO) CountRegistrationsByIPRange ¶
func (ssa *SQLStorageAuthorityRO) CountRegistrationsByIPRange(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
CountRegistrationsByIPRange returns the number of registrations created in the time range in an IP range. For IPv4 addresses, that range is limited to the single IP. For IPv6 addresses, that range is a /48, since it's not uncommon for one person to have a /48 to themselves.
func (*SQLStorageAuthorityRO) FQDNSetExists ¶
func (ssa *SQLStorageAuthorityRO) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
FQDNSetExists returns a bool indicating if one or more FQDN sets |names| exists in the database
func (*SQLStorageAuthorityRO) FQDNSetTimestampsForWindow ¶
func (ssa *SQLStorageAuthorityRO) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
FQDNSetTimestampsForWindow returns the issuance timestamps for each certificate, issued for a set of domains, during a given window of time, starting from the most recent issuance.
func (*SQLStorageAuthorityRO) GetAuthorization2 ¶
func (ssa *SQLStorageAuthorityRO) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
GetAuthorization2 returns the authz2 style authorization identified by the provided ID or an error. If no authorization is found matching the ID a berrors.NotFound type error is returned.
func (*SQLStorageAuthorityRO) GetAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
GetAuthorizations2 returns any valid or pending authorizations that exist for the list of domains provided. If both a valid and pending authorization exist only the valid one will be returned.
func (*SQLStorageAuthorityRO) GetCertificate ¶
func (ssa *SQLStorageAuthorityRO) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
GetCertificate takes a serial number and returns the corresponding certificate, or error if it does not exist.
func (*SQLStorageAuthorityRO) GetCertificateStatus ¶
func (ssa *SQLStorageAuthorityRO) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
GetCertificateStatus takes a hexadecimal string representing the full 128-bit serial number of a certificate and returns data about that certificate's current validity.
func (*SQLStorageAuthorityRO) GetLintPrecertificate ¶
func (ssa *SQLStorageAuthorityRO) GetLintPrecertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
GetLintPrecertificate takes a serial number and returns the corresponding linting precertificate, or error if it does not exist. The returned precert is identical to the actual submitted-to-CT-logs precertificate, except for its signature.
func (*SQLStorageAuthorityRO) GetMaxExpiration ¶
func (ssa *SQLStorageAuthorityRO) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
GetMaxExpiration returns the timestamp of the farthest-future notAfter date found in the certificateStatus table. This provides an upper bound on how far forward operations that need to cover all currently-unexpired certificates have to look.
func (*SQLStorageAuthorityRO) GetOrder ¶
func (ssa *SQLStorageAuthorityRO) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
GetOrder is used to retrieve an already existing order object
func (*SQLStorageAuthorityRO) GetOrderForNames ¶
func (ssa *SQLStorageAuthorityRO) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
GetOrderForNames tries to find a **pending** or **ready** order with the exact set of names requested, associated with the given accountID. Only unexpired orders are considered. If no order meeting these requirements is found a nil corepb.Order pointer is returned.
func (*SQLStorageAuthorityRO) GetPendingAuthorization2 ¶
func (ssa *SQLStorageAuthorityRO) GetPendingAuthorization2(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error)
GetPendingAuthorization2 returns the most recent Pending authorization with the given identifier, if available. This method only supports DNS identifier types. TODO(#5816): Consider removing this method, as it has no callers.
func (*SQLStorageAuthorityRO) GetRegistration ¶
func (ssa *SQLStorageAuthorityRO) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
GetRegistration obtains a Registration by ID
func (*SQLStorageAuthorityRO) GetRegistrationByKey ¶
func (ssa *SQLStorageAuthorityRO) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
GetRegistrationByKey obtains a Registration by JWK
func (*SQLStorageAuthorityRO) GetRevocationStatus ¶
func (ssa *SQLStorageAuthorityRO) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
GetRevocationStatus takes a hexadecimal string representing the full serial number of a certificate and returns a minimal set of data about that cert's current validity.
func (*SQLStorageAuthorityRO) GetRevokedCerts ¶
func (ssa *SQLStorageAuthorityRO) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, stream sapb.StorageAuthorityReadOnly_GetRevokedCertsServer) error
GetRevokedCerts gets a request specifying an issuer and a period of time, and writes to the output stream the set of all certificates issued by that issuer which expire during that period of time and which have been revoked. The starting timestamp is treated as inclusive (certs with exactly that notAfter date are included), but the ending timestamp is exclusive (certs with exactly that notAfter date are *not* included).
func (*SQLStorageAuthorityRO) GetSerialMetadata ¶
func (ssa *SQLStorageAuthorityRO) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
GetSerialMetadata returns metadata stored alongside the serial number, such as the RegID whose certificate request created that serial, and when the certificate with that serial will expire.
func (*SQLStorageAuthorityRO) GetSerialsByAccount ¶
func (ssa *SQLStorageAuthorityRO) GetSerialsByAccount(req *sapb.RegistrationID, stream sapb.StorageAuthorityReadOnly_GetSerialsByAccountServer) error
GetSerialsByAccount returns a stream of all serials for all unexpired certificates issued to the given RegID. This is useful for revoking all of an account's certs upon their request.
func (*SQLStorageAuthorityRO) GetSerialsByKey ¶
func (ssa *SQLStorageAuthorityRO) GetSerialsByKey(req *sapb.SPKIHash, stream sapb.StorageAuthorityReadOnly_GetSerialsByKeyServer) error
GetSerialsByKey returns a stream of serials for all unexpired certificates whose public key matches the given SPKIHash. This is useful for revoking all certificates affected by a key compromise.
func (*SQLStorageAuthorityRO) GetValidAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
GetValidAuthorizations2 returns the latest authorization for all domain names that the account has authorizations for. This method only supports DNS identifier types.
func (*SQLStorageAuthorityRO) GetValidOrderAuthorizations2 ¶
func (ssa *SQLStorageAuthorityRO) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
GetValidOrderAuthorizations2 is used to find the valid, unexpired authorizations associated with a specific order and account ID.
func (*SQLStorageAuthorityRO) Health ¶
func (ssa *SQLStorageAuthorityRO) Health(ctx context.Context) error
Health implements the grpc.checker interface.
func (*SQLStorageAuthorityRO) IncidentsForSerial ¶
func (ssa *SQLStorageAuthorityRO) IncidentsForSerial(ctx context.Context, req *sapb.Serial) (*sapb.Incidents, error)
IncidentsForSerial queries each active incident table and returns every incident that currently impacts `req.Serial`.
func (*SQLStorageAuthorityRO) KeyBlocked ¶
func (ssa *SQLStorageAuthorityRO) KeyBlocked(ctx context.Context, req *sapb.SPKIHash) (*sapb.Exists, error)
KeyBlocked checks if a key, indicated by a hash, is present in the blockedKeys table
func (*SQLStorageAuthorityRO) ReplacementOrderExists ¶
func (ssa *SQLStorageAuthorityRO) ReplacementOrderExists(ctx context.Context, req *sapb.Serial) (*sapb.Exists, error)
ReplacementOrderExists returns whether a valid replacement order exists for the given certificate serial number. An existing but expired or otherwise invalid replacement order is not considered to exist.
func (*SQLStorageAuthorityRO) SerialsForIncident ¶
func (ssa *SQLStorageAuthorityRO) SerialsForIncident(req *sapb.SerialsForIncidentRequest, stream sapb.StorageAuthorityReadOnly_SerialsForIncidentServer) error
SerialsForIncident queries the provided incident table and returns the resulting rows as a stream of `*sapb.IncidentSerial`s. An `io.EOF` error signals that there are no more serials to send. If the incident table in question contains zero rows, only an `io.EOF` error is returned. The IncidentSerial messages returned may have the zero-value for their OrderID, RegistrationID, and LastNoticeSent fields, if those are NULL in the database.