Affected by GO-2025-4180 and 1 other vulnerabilities

GO-2025-4180: Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates

GO-2025-4181: step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates

db

package

v0.10.0 Latest Latest Go to latest Published: Apr 30, 2019 License: Apache-2.0 Imports: 5 Imported by: 38

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/smallstep/certificates

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAlreadyExists = errors.New("already exists")

ErrAlreadyExists can be returned if the DB attempts to set a key that has been previously set.

View Source

var ErrNotImplemented = errors.Errorf("not implemented")

ErrNotImplemented is an error returned when an operation is Not Implemented.

Functions ¶

This section is empty.

Types ¶

type AuthDB ¶

type AuthDB interface {
	IsRevoked(sn string) (bool, error)
	Revoke(rci *RevokedCertificateInfo) error
	StoreCertificate(crt *x509.Certificate) error
	Shutdown() error
}

AuthDB is an interface over an Authority DB client that implements a nosql.DB interface.

func New ¶

func New(c *Config) (AuthDB, error)

New returns a new database client that implements the AuthDB interface.

type Config ¶

type Config struct {
	Type       string `json:"type"`
	DataSource string `json:"dataSource"`
	ValueDir   string `json:"valueDir,omitempty"`
	Database   string `json:"database,omitempty"`
}

Config represents the JSON attributes used for configuring a step-ca DB.

type DB ¶

type DB struct {
	nosql.DB
	// contains filtered or unexported fields
}

DB is a wrapper over the nosql.DB interface.

func (*DB) IsRevoked ¶

func (db *DB) IsRevoked(sn string) (bool, error)

IsRevoked returns whether or not a certificate with the given identifier has been revoked. In the case of an X509 Certificate the `id` should be the Serial Number of the Certificate.

func (*DB) Revoke ¶

func (db *DB) Revoke(rci *RevokedCertificateInfo) error

Revoke adds a certificate to the revocation table.

func (*DB) Shutdown ¶

func (db *DB) Shutdown() error

Shutdown sends a shutdown message to the database.

func (*DB) StoreCertificate ¶

func (db *DB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate stores a certificate PEM.

type NoopDB ¶

type NoopDB int

NoopDB implements the DB interface with Noops

func (*NoopDB) Init ¶

func (n *NoopDB) Init(c *Config) (AuthDB, error)

Init noop

func (*NoopDB) IsRevoked ¶

func (n *NoopDB) IsRevoked(sn string) (bool, error)

IsRevoked noop

func (*NoopDB) Revoke ¶

func (n *NoopDB) Revoke(rci *RevokedCertificateInfo) error

Revoke returns a "NotImplemented" error.

func (*NoopDB) Shutdown ¶

func (n *NoopDB) Shutdown() error

Shutdown returns nil

func (*NoopDB) StoreCertificate ¶

func (n *NoopDB) StoreCertificate(crt *x509.Certificate) error

StoreCertificate returns a "NotImplemented" error.

type RevokedCertificateInfo ¶

type RevokedCertificateInfo struct {
	Serial        string
	ProvisionerID string
	ReasonCode    int
	Reason        string
	RevokedAt     time.Time
	TokenID       string
	MTLS          bool
}

RevokedCertificateInfo contains information regarding the certificate revocation action.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL