func revokeBySerial(ctx context.Context, serial string, reasonCode core.RevocationCode, rac rpc.RegistrationAuthorityClient, logger blog.Logger, tx *gorp.Transaction) (err error) {
if reasonCode < 0 || reasonCode == 7 || reasonCode > 10 {
panic(fmt.Sprintf("Invalid reason code: %d", reasonCode))
}
certObj, err := tx.Get(core.Certificate{}, serial)
if err != nil {
return
}
certificate, ok := certObj.(*core.Certificate)
if !ok {
err = fmt.Errorf("Cast failure")
return
}
cert, err := x509.ParseCertificate(certificate.DER)
if err != nil {
return
}
u, err := user.Current()
err = rac.AdministrativelyRevokeCertificate(ctx, *cert, reasonCode, u.Username)
if err != nil {
return
}
logger.Info(fmt.Sprintf("Revoked certificate %s with reason '%s'", serial, core.RevocationReasons[reasonCode]))
return
}
func updateChallenges(authID string, challenges []core.Challenge, tx *gorp.Transaction) error {
var challs []challModel
_, err := tx.Select(
&challs,
getChallengesQuery,
map[string]interface{}{"authID": authID},
)
if err != nil {
return err
}
if len(challs) != len(challenges) {
return fmt.Errorf("Invalid number of challenges provided")
}
for i, authChall := range challenges {
chall, err := challengeToModel(&authChall, challs[i].AuthorizationID)
if err != nil {
return err
}
chall.ID = challs[i].ID
_, err = tx.Update(chall)
if err != nil {
return err
}
}
return nil
}
func addDeniedNames(tx *gorp.Transaction, names []string) (err error) {
sort.Strings(names)
deniedCSR := &core.DeniedCSR{Names: strings.ToLower(strings.Join(names, ","))}
err = tx.Insert(deniedCSR)
return
}
func addFQDNSet(tx *gorp.Transaction, names []string, serial string, issued time.Time, expires time.Time) error {
return tx.Insert(&core.FQDNSet{
SetHash: hashNames(names),
Serial: serial,
Issued: issued,
Expires: expires,
})
}
func revokeByReg(ctx context.Context, regID int64, reasonCode core.RevocationCode, rac rpc.RegistrationAuthorityClient, logger blog.Logger, tx *gorp.Transaction) (err error) {
var certs []core.Certificate
_, err = tx.Select(&certs, "SELECT serial FROM certificates WHERE registrationID = :regID", map[string]interface{}{"regID": regID})
if err != nil {
return
}
for _, cert := range certs {
err = revokeBySerial(ctx, cert.Serial, reasonCode, rac, logger, tx)
if err != nil {
return
}
}
return
}
func existingRegistration(tx *gorp.Transaction, id int64) bool {
var count int64
_ = tx.SelectOne(&count, "SELECT count(*) FROM registrations WHERE id = :id", map[string]interface{}{"id": id})
return count > 0
}
func existingFinal(tx *gorp.Transaction, id string) bool {
var count int64
_ = tx.SelectOne(&count, "SELECT count(*) FROM authz WHERE id = :id", map[string]interface{}{"id": id})
return count > 0
}
func existingPending(tx *gorp.Transaction, id string) bool {
var count int64
_ = tx.SelectOne(&count, "SELECT count(*) FROM pendingAuthorizations WHERE id = :id", map[string]interface{}{"id": id})
return count > 0
}
// Rollback rolls back the provided transaction (if err is non-nil) and wraps
// the error, if any, of the rollback into a RollbackError.
//
// The err parameter must be non-nil.
//
// err = sa.Rollback(tx, err)
func Rollback(tx *gorp.Transaction, err error) error {
return &RollbackError{
Err: err,
RollbackErr: tx.Rollback(),
}
}
