func FindBestCertificateSatisfying(s storage.Store, t *storage.Target) (*storage.Certificate, error) {
var bestCert *storage.Certificate
err := s.VisitCertificates(func(c *storage.Certificate) error {
if DoesCertificateSatisfy(c, t) {
isBetterThan, err := CertificateBetterThan(c, bestCert)
if err != nil {
return err
}
if isBetterThan {
log.Tracef("findBestCertificateSatisfying: %v > %v", c, bestCert)
bestCert = c
} else {
log.Tracef("findBestCertificateSatisfying: %v <= %v", c, bestCert)
}
}
return nil
})
if err != nil {
return nil, err
}
if bestCert == nil {
return nil, fmt.Errorf("%v: no certificate satisfies this target", t)
}
return bestCert, nil
}
func revokeByKeyID(s storage.Store, keyID string) error {
k := s.KeyByID(keyID)
if k == nil {
return fmt.Errorf("cannot find certificate or key with given ID: %q", keyID)
}
var merr storage.MultiError
s.VisitCertificates(func(c *storage.Certificate) error {
if c.Key != k {
return nil // continue
}
err := RevokeByCertificateOrKeyID(s, c.ID())
if err != nil {
merr = append(merr, fmt.Errorf("failed to mark %v for revocation: %v", c, err))
}
return nil
})
if len(merr) > 0 {
return merr
}
return nil
}
func HaveUncachedCertificates(s storage.Store) bool {
haveUncached := false
s.VisitCertificates(func(c *storage.Certificate) error {
if !c.Cached {
haveUncached = true
}
return nil
})
return haveUncached
}
func Cull(s storage.Store, simulate bool) error {
certificatesToCull := map[string]*storage.Certificate{}
// Relink before culling.
err := Relink(s)
if err != nil {
return err
}
// Select all certificates.
s.VisitCertificates(func(c *storage.Certificate) error {
certificatesToCull[c.ID()] = c
return nil
})
// Unselect any certificate which is currently referenced.
s.VisitPreferredCertificates(func(hostname string, c *storage.Certificate) error {
delete(certificatesToCull, c.ID())
return nil
})
// Now delete any certificate which is not generally valid.
for certID, c := range certificatesToCull {
if CertificateGenerallyValid(c) {
continue
}
if simulate {
log.Noticef("would delete certificate %s", certID)
} else {
log.Noticef("deleting certificate %s", certID)
err := s.RemoveCertificate(certID)
log.Errore(err, "failed to delete certificate ", certID)
}
}
return nil
}
