Skip to content

Commit

Permalink
add DB accessor to get unexpired certs by one or more labels
Browse files Browse the repository at this point in the history
  • Loading branch information
nickysemenza committed Oct 3, 2022
1 parent d4be5f5 commit d4488a8
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
1 change: 1 addition & 0 deletions certdb/certdb.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ type Accessor interface {
GetCertificate(serial, aki string) ([]CertificateRecord, error)
GetUnexpiredCertificates() ([]CertificateRecord, error)
GetRevokedAndUnexpiredCertificates() ([]CertificateRecord, error)
GetUnexpiredCertificatesByLabel(labels []string) (crs []CertificateRecord, err error)
GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]CertificateRecord, error)
GetRevokedAndUnexpiredCertificatesByLabelSelectColumns(label string) ([]CertificateRecord, error)
RevokeCertificate(serial, aki string, reasonCode int) error
Expand Down
25 changes: 25 additions & 0 deletions certdb/sql/database_accessor.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ type Accessor struct {
db *sqlx.DB
}

var _ certdb.Accessor = &Accessor{}

func wrapSQLError(err error) error {
if err != nil {
return cferr.Wrap(cferr.CertStoreError, cferr.Unknown, err)
Expand Down Expand Up @@ -176,6 +178,29 @@ func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, e
return crs, nil
}

// GetUnexpiredCertificatesByLabel gets all unexpired certificate from db that have the provided label.
func (d *Accessor) GetUnexpiredCertificatesByLabel(labels []string) (crs []certdb.CertificateRecord, err error) {
err = d.checkDB()
if err != nil {
return nil, err
}

query, args, err := sqlx.In(
fmt.Sprintf(`SELECT %s FROM certificates WHERE CURRENT_TIMESTAMP < expiry AND ca_label IN (?)`,
sqlstruct.Columns(certdb.CertificateRecord{}),
), labels)
if err != nil {
return nil, wrapSQLError(err)
}

err = d.db.Select(&crs, d.db.Rebind(query), args...)
if err != nil {
return nil, wrapSQLError(err)
}

return crs, nil
}

// GetRevokedAndUnexpiredCertificates gets all revoked and unexpired certificate from db (for CRLs).
func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error) {
err = d.checkDB()
Expand Down

0 comments on commit d4488a8

Please sign in to comment.