From a5602dd8cdec8cb8ce85cbc5fab29a91f533d2af Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Sun, 28 Aug 2016 17:33:14 +0100 Subject: List only certs which haven't expired --- server/store/mem.go | 4 +++- server/store/mongo.go | 4 ++-- server/store/sqldb.go | 4 ++-- server/store/store_test.go | 23 +++++++---------------- 4 files changed, 14 insertions(+), 21 deletions(-) (limited to 'server') diff --git a/server/store/mem.go b/server/store/mem.go index cd37071..92167a9 100644 --- a/server/store/mem.go +++ b/server/store/mem.go @@ -39,7 +39,9 @@ func (ms *memoryStore) List() ([]*CertRecord, error) { ms.Lock() defer ms.Unlock() for _, value := range ms.certs { - records = append(records, value) + if value.Expires.After(time.Now().UTC()) { + records = append(records, value) + } } return records, nil } diff --git a/server/store/mongo.go b/server/store/mongo.go index c056171..79df69d 100644 --- a/server/store/mongo.go +++ b/server/store/mongo.go @@ -72,8 +72,8 @@ func (m *mongoDB) List() ([]*CertRecord, error) { return nil, err } var result []*CertRecord - m.collection.Find(nil).All(&result) - return result, nil + err := m.collection.Find(bson.M{"expires": bson.M{"$gte": time.Now().UTC()}}).All(&result) + return result, err } func (m *mongoDB) Revoke(id string) error { diff --git a/server/store/sqldb.go b/server/store/sqldb.go index 2ea5ea5..54a52c6 100644 --- a/server/store/sqldb.go +++ b/server/store/sqldb.go @@ -66,7 +66,7 @@ func NewSQLStore(config string) (CertStorer, error) { if db.get, err = conn.Prepare("SELECT * FROM issued_certs WHERE key_id = ?"); err != nil { return nil, fmt.Errorf("sqldb: prepare get: %v", err) } - if db.list, err = conn.Prepare("SELECT * FROM issued_certs"); err != nil { + if db.list, err = conn.Prepare("SELECT * FROM issued_certs WHERE ? <= expires_at"); err != nil { return nil, fmt.Errorf("sqldb: prepare list: %v", err) } if db.revoke, err = conn.Prepare("UPDATE issued_certs SET revoked = 1 WHERE key_id = ?"); err != nil { @@ -137,7 +137,7 @@ func (db *sqldb) List() ([]*CertRecord, error) { return nil, err } var recs []*CertRecord - rows, _ := db.list.Query() + rows, _ := db.revoked.Query(time.Now().UTC()) defer rows.Close() for rows.Next() { cert, err := scanCert(rows) diff --git a/server/store/store_test.go b/server/store/store_test.go index 18fa0d1..3552d1c 100644 --- a/server/store/store_test.go +++ b/server/store/store_test.go @@ -42,27 +42,21 @@ func TestParseCertificate(t *testing.T) { func testStore(t *testing.T, db CertStorer) { defer db.Close() - ids := []string{"a", "b"} - for _, id := range ids { - r := &CertRecord{ - KeyID: id, - Expires: time.Now().UTC().Add(time.Second * -10), - } - if err := db.SetRecord(r); err != nil { - t.Error(err) - } + r := &CertRecord{ + KeyID: "a", + Expires: time.Now().UTC().Add(1 * time.Minute), } - recs, err := db.List() - if err != nil { + if err := db.SetRecord(r); err != nil { t.Error(err) } - if len(recs) != len(ids) { - t.Errorf("Want %d records, got %d", len(ids), len(recs)) + if _, err := db.List(); err != nil { + t.Error(err) } c, _, _, _, _ := ssh.ParseAuthorizedKey(testdata.Cert) cert := c.(*ssh.Certificate) cert.ValidBefore = uint64(time.Now().Add(1 * time.Hour).UTC().Unix()) + cert.ValidAfter = uint64(time.Now().Add(-5 * time.Minute).UTC().Unix()) if err := db.SetCert(cert); err != nil { t.Error(err) } @@ -74,9 +68,6 @@ func testStore(t *testing.T, db CertStorer) { t.Error(err) } - // A revoked key shouldn't get returned if it's already expired - db.Revoke("a") - revoked, err := db.GetRevoked() if err != nil { t.Error(err) -- cgit v1.2.3