vendor

vendor/github.com/cloudflare/cfssl/certdb/README.md

@@ -0,0 +1,75 @@
+# certdb usage
+
+Using a database enables additional functionality for existing commands when a
+db config is provided:
+
+ - `sign` and `gencert` add a certificate to the certdb after signing it
+ - `serve` enables database functionality for the sign and revoke endpoints
+
+A database is required for the following:
+
+ - `revoke` marks certificates revoked in the database with an optional reason
+ - `ocsprefresh` refreshes the table of cached OCSP responses
+ - `ocspdump` outputs cached OCSP responses in a concatenated base64-encoded format
+
+## Setup/Migration
+
+This directory stores [goose](https://bitbucket.org/liamstask/goose/) db migration scripts for various DB backends.
+Currently supported:
+ - MySQL in mysql
+ - PostgreSQL in pg
+ - SQLite in sqlite
+
+### Get goose
+
+    go get bitbucket.org/liamstask/goose/cmd/goose
+
+### Use goose to start and terminate a MySQL DB
+To start a MySQL using goose:
+
+    goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/mysql up
+
+To tear down a MySQL DB using goose
+
+    goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/mysql down
+
+Note: the administration of MySQL DB is not included. We assume
+the databases being connected to are already created and access control
+is properly handled.
+
+### Use goose to start and terminate a PostgreSQL DB
+To start a PostgreSQL using goose:
+
+    goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/pg up
+
+To tear down a PostgreSQL DB using goose
+
+    goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/pg down
+
+Note: the administration of PostgreSQL DB is not included. We assume
+the databases being connected to are already created and access control
+is properly handled.
+
+### Use goose to start and terminate a SQLite DB
+To start a SQLite DB using goose:
+
+    goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/sqlite up
+
+To tear down a SQLite DB using goose
+
+    goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/sqlite down
+
+## CFSSL Configuration
+
+Several cfssl commands take a -db-config flag. Create a file with a
+JSON dictionary:
+
+    {"driver":"sqlite3","data_source":"certs.db"}
+
+or
+
+    {"driver":"postgres","data_source":"postgres://user:password@host/db"}
+ 
+or
+
+    {"driver":"mysql","data_source":"user:password@tcp(hostname:3306)/db?parseTime=true"}

vendor/github.com/cloudflare/cfssl/certdb/certdb.go

@@ -0,0 +1,42 @@
+package certdb
+
+import (
+	"time"
+)
+
+// CertificateRecord encodes a certificate and its metadata
+// that will be recorded in a database.
+type CertificateRecord struct {
+	Serial    string    `db:"serial_number"`
+	AKI       string    `db:"authority_key_identifier"`
+	CALabel   string    `db:"ca_label"`
+	Status    string    `db:"status"`
+	Reason    int       `db:"reason"`
+	Expiry    time.Time `db:"expiry"`
+	RevokedAt time.Time `db:"revoked_at"`
+	PEM       string    `db:"pem"`
+}
+
+// OCSPRecord encodes a OCSP response body and its metadata
+// that will be recorded in a database.
+type OCSPRecord struct {
+	Serial string    `db:"serial_number"`
+	AKI    string    `db:"authority_key_identifier"`
+	Body   string    `db:"body"`
+	Expiry time.Time `db:"expiry"`
+}
+
+// Accessor abstracts the CRUD of certdb objects from a DB.
+type Accessor interface {
+	InsertCertificate(cr CertificateRecord) error
+	GetCertificate(serial, aki string) ([]CertificateRecord, error)
+	GetUnexpiredCertificates() ([]CertificateRecord, error)
+	GetRevokedAndUnexpiredCertificates() ([]CertificateRecord, error)
+	GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]CertificateRecord, error)
+	RevokeCertificate(serial, aki string, reasonCode int) error
+	InsertOCSP(rr OCSPRecord) error
+	GetOCSP(serial, aki string) ([]OCSPRecord, error)
+	GetUnexpiredOCSPs() ([]OCSPRecord, error)
+	UpdateOCSP(serial, aki, body string, expiry time.Time) error
+	UpsertOCSP(serial, aki, body string, expiry time.Time) error
+}