1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
package store
import (
"strings"
"time"
"github.com/nsheridan/cashier/server/config"
"golang.org/x/crypto/ssh"
mgo "gopkg.in/mgo.v2"
"gopkg.in/mgo.v2/bson"
)
var (
certsDB = "certs"
issuedTable = "issued_certs"
)
func collection(session *mgo.Session) *mgo.Collection {
return session.DB(certsDB).C(issuedTable)
}
// NewMongoStore returns a MongoDB CertStorer.
func NewMongoStore(c config.Database) (*MongoStore, error) {
m := &mgo.DialInfo{
Addrs: strings.Split(c["address"], ","),
Username: c["username"],
Password: c["password"],
Database: certsDB,
Timeout: time.Second * 5,
}
session, err := mgo.DialWithInfo(m)
if err != nil {
return nil, err
}
return &MongoStore{
session: session,
}, nil
}
var _ CertStorer = (*MongoStore)(nil)
// MongoStore is a MongoDB-based CertStorer
type MongoStore struct {
session *mgo.Session
}
// Get a single *CertRecord
func (m *MongoStore) Get(id string) (*CertRecord, error) {
s := m.session.Copy()
defer s.Close()
if err := s.Ping(); err != nil {
return nil, err
}
c := &CertRecord{}
err := collection(s).Find(bson.M{"keyid": id}).One(c)
return c, err
}
// SetCert parses a *ssh.Certificate and records it
func (m *MongoStore) SetCert(cert *ssh.Certificate) error {
r := parseCertificate(cert)
return m.SetRecord(r)
}
// SetRecord records a *CertRecord
func (m *MongoStore) SetRecord(record *CertRecord) error {
s := m.session.Copy()
defer s.Close()
if err := s.Ping(); err != nil {
return err
}
return collection(s).Insert(record)
}
// List returns all recorded certs.
// By default only active certs are returned.
func (m *MongoStore) List(includeExpired bool) ([]*CertRecord, error) {
s := m.session.Copy()
defer s.Close()
if err := s.Ping(); err != nil {
return nil, err
}
var result []*CertRecord
var err error
c := collection(s)
if includeExpired {
err = c.Find(nil).All(&result)
} else {
err = c.Find(bson.M{"expires": bson.M{"$gte": time.Now().UTC()}}).All(&result)
}
return result, err
}
// Revoke an issued cert by id.
func (m *MongoStore) Revoke(id string) error {
s := m.session.Copy()
defer s.Close()
if err := s.Ping(); err != nil {
return err
}
c := collection(s)
return c.Update(bson.M{"keyid": id}, bson.M{"$set": bson.M{"revoked": true}})
}
// GetRevoked returns all revoked certs
func (m *MongoStore) GetRevoked() ([]*CertRecord, error) {
s := m.session.Copy()
defer s.Close()
if err := s.Ping(); err != nil {
return nil, err
}
var result []*CertRecord
err := collection(s).Find(bson.M{"expires": bson.M{"$gte": time.Now().UTC()}, "revoked": true}).All(&result)
return result, err
}
// Close the connection to the database
func (m *MongoStore) Close() error {
m.session.Close()
return nil
}
|