aboutsummaryrefslogtreecommitdiff
path: root/server/store
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2016-07-17 23:54:42 +0100
committerNiall Sheridan <nsheridan@gmail.com>2016-07-24 23:23:33 +0100
commit44fef1c2a163bdfd781ef08a06e3cf5cf9b7d5da (patch)
treebcde234bf45255a8935aeacf7ee544f256b455cc /server/store
parentc9849d667ab55c23d343332a11afb3eb8ede3f2d (diff)
Add a page for revoking certs
Add a template for revocation Use DATETIME type to store created/expires times Require auth for the /admin and /revoke endpoints
Diffstat (limited to 'server/store')
-rw-r--r--server/store/mem.go2
-rw-r--r--server/store/mysql.go21
-rw-r--r--server/store/store.go14
-rw-r--r--server/store/store_test.go6
4 files changed, 25 insertions, 18 deletions
diff --git a/server/store/mem.go b/server/store/mem.go
index 8b78e27..cd37071 100644
--- a/server/store/mem.go
+++ b/server/store/mem.go
@@ -58,7 +58,7 @@ func (ms *memoryStore) GetRevoked() ([]*CertRecord, error) {
var revoked []*CertRecord
all, _ := ms.List()
for _, r := range all {
- if r.Revoked && uint64(time.Now().UTC().Unix()) <= r.Expires {
+ if r.Revoked && time.Now().UTC().Unix() <= r.Expires.UTC().Unix() {
revoked = append(revoked, r)
}
}
diff --git a/server/store/mysql.go b/server/store/mysql.go
index b108fdc..a62af6b 100644
--- a/server/store/mysql.go
+++ b/server/store/mysql.go
@@ -29,11 +29,12 @@ func parseConfig(config string) string {
}
_, user, passwd, host, port := s[0], s[1], s[2], s[3], s[4]
c := &mysql.Config{
- User: user,
- Passwd: passwd,
- Net: "tcp",
- Addr: fmt.Sprintf("%s:%s", host, port),
- DBName: "certs",
+ User: user,
+ Passwd: passwd,
+ Net: "tcp",
+ Addr: fmt.Sprintf("%s:%s", host, port),
+ DBName: "certs",
+ ParseTime: true,
}
return c.FormatDSN()
}
@@ -80,8 +81,8 @@ func scanCert(s rowScanner) (*CertRecord, error) {
var (
keyID sql.NullString
principals sql.NullString
- createdAt sql.NullInt64
- expires sql.NullInt64
+ createdAt mysql.NullTime
+ expires mysql.NullTime
revoked sql.NullBool
raw sql.NullString
)
@@ -95,8 +96,8 @@ func scanCert(s rowScanner) (*CertRecord, error) {
return &CertRecord{
KeyID: keyID.String,
Principals: p,
- CreatedAt: uint64(createdAt.Int64),
- Expires: uint64(expires.Int64),
+ CreatedAt: createdAt.Time,
+ Expires: expires.Time,
Revoked: revoked.Bool,
Raw: raw.String,
}, nil
@@ -143,7 +144,7 @@ func (db *mysqlDB) Revoke(id string) error {
func (db *mysqlDB) GetRevoked() ([]*CertRecord, error) {
var recs []*CertRecord
- rows, _ := db.revoked.Query(time.Now().UTC().Unix())
+ rows, _ := db.revoked.Query(time.Now().UTC())
defer rows.Close()
for rows.Next() {
cert, err := scanCert(rows)
diff --git a/server/store/store.go b/server/store/store.go
index ad4922a..f6ac66e 100644
--- a/server/store/store.go
+++ b/server/store/store.go
@@ -1,6 +1,8 @@
package store
import (
+ "time"
+
"golang.org/x/crypto/ssh"
"github.com/nsheridan/cashier/server/certutil"
@@ -22,18 +24,22 @@ type CertStorer interface {
type CertRecord struct {
KeyID string
Principals []string
- CreatedAt uint64
- Expires uint64
+ CreatedAt time.Time
+ Expires time.Time
Revoked bool
Raw string
}
+func parseTime(t uint64) time.Time {
+ return time.Unix(int64(t), 0)
+}
+
func parseCertificate(cert *ssh.Certificate) *CertRecord {
return &CertRecord{
KeyID: cert.KeyId,
Principals: cert.ValidPrincipals,
- CreatedAt: cert.ValidAfter,
- Expires: cert.ValidBefore,
+ CreatedAt: parseTime(cert.ValidAfter),
+ Expires: parseTime(cert.ValidBefore),
Raw: certutil.GetPublicKey(cert),
}
}
diff --git a/server/store/store_test.go b/server/store/store_test.go
index d3aa3c1..ee80241 100644
--- a/server/store/store_test.go
+++ b/server/store/store_test.go
@@ -31,8 +31,8 @@ func TestParseCertificate(t *testing.T) {
a.Equal(c.KeyId, rec.KeyID)
a.Equal(c.ValidPrincipals, rec.Principals)
- a.Equal(c.ValidBefore, rec.Expires)
- a.Equal(c.ValidAfter, rec.CreatedAt)
+ a.Equal(c.ValidBefore, uint64(rec.Expires.Unix()))
+ a.Equal(c.ValidAfter, uint64(rec.CreatedAt.Unix()))
}
func testStore(t *testing.T, db CertStorer) {
@@ -42,7 +42,7 @@ func testStore(t *testing.T, db CertStorer) {
for _, id := range ids {
r := &CertRecord{
KeyID: id,
- Expires: uint64(time.Now().UTC().Unix()) - 10,
+ Expires: time.Now().UTC().Add(time.Second * -10),
}
if err := db.SetRecord(r); err != nil {
t.Error(err)