aboutsummaryrefslogtreecommitdiff
path: root/server/store/store.go
blob: f14e79ff54d8e660986b90738babecf85a00448c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package store

import (
	"encoding/json"
	"time"

	"golang.org/x/crypto/ssh"

	"github.com/nsheridan/cashier/lib"
	"github.com/nsheridan/cashier/server/config"
	"github.com/nsheridan/cashier/server/store/types"
)

// New returns a new configured database.
func New(c config.Database) (CertStorer, error) {
	switch c["type"] {
	case "mysql", "sqlite":
		return NewSQLStore(c)
	case "mem":
		return NewMemoryStore(), nil
	}
	return NewMemoryStore(), nil
}

// CertStorer records issued certs in a persistent store for audit and
// revocation purposes.
type CertStorer interface {
	Get(id string) (*CertRecord, error)
	SetCert(cert *ssh.Certificate) error
	SetRecord(record *CertRecord) error
	List(includeExpired bool) ([]*CertRecord, error)
	Revoke(id string) error
	GetRevoked() ([]*CertRecord, error)
	Close() error
}

// A CertRecord is a representation of a ssh certificate used by a CertStorer.
type CertRecord struct {
	KeyID      string            `json:"key_id" db:"key_id"`
	Principals types.StringSlice `json:"principals" db:"principals"`
	CreatedAt  time.Time         `json:"created_at" db:"created_at"`
	Expires    time.Time         `json:"expires" db:"expires_at"`
	Revoked    bool              `json:"revoked" db:"revoked"`
	Raw        string            `json:"-" db:"raw_key"`
}

func (c *CertRecord) MarshalJSON() ([]byte, error) {
	type Alias CertRecord
	f := "2006-01-02 15:04:05 -0700"
	return json.Marshal(&struct {
		*Alias
		CreatedAt string `json:"created_at"`
		Expires   string `json:"expires"`
	}{
		Alias:     (*Alias)(c),
		CreatedAt: c.CreatedAt.Format(f),
		Expires:   c.Expires.Format(f),
	})
}

func parseTime(t uint64) time.Time {
	return time.Unix(int64(t), 0)
}

func parseCertificate(cert *ssh.Certificate) *CertRecord {
	return &CertRecord{
		KeyID:      cert.KeyId,
		Principals: types.StringSlice(cert.ValidPrincipals),
		CreatedAt:  parseTime(cert.ValidAfter),
		Expires:    parseTime(cert.ValidBefore),
		Raw:        string(lib.GetPublicKey(cert)),
	}
}