func ClearEmail(ctx context.Context, dbMap db.DatabaseMap, regID int64, email string) error
ClearEmail removes the provided email address from one specified registration. If there are multiple email addresses present, it does not modify other ones. If the email address is not present, it does not modify the registration and will return a nil error.
func DBMapForTest(dbConnect string) (*boulderDB.WrappedMap, error)
DBMapForTest creates a wrapped root borp mapping object. Create one of these for each database schema you wish to map. Each DbMap contains a list of mapped tables. It automatically maps the tables for the primary parts of Boulder around the Storage Authority.
func DBMapForTestWithLog(dbConnect string, log blog.Logger) (*boulderDB.WrappedMap, error)
DBMapForTestWithLog does the same as DBMapForTest but also routes the debug logs from the database driver to the given log (usually a `blog.NewMock`).
func InitWrappedDb(config cmd.DBConfig, scope prometheus.Registerer, logger blog.Logger) (*boulderDB.WrappedMap, error)
InitWrappedDb constructs a wrapped borp mapping object with the provided settings. If scope is non-nil, Prometheus metrics will be exported. If logger is non-nil, SQL debug-level logging will be enabled. The only required parameter is config.
func ReverseName(domain string) string
func SelectAuthzsMatchingIssuance(
ctx context.Context,
s db.Selector,
regID int64,
issued time.Time,
dnsNames []string,
) ([]*corepb.Authorization, error)
SelectAuthzsMatchingIssuance looks for a set of authzs that would have authorized a given issuance that is known to have occurred. The returned authzs will all belong to the given regID, will have potentially been valid at the time of issuance, and will have the appropriate identifier type and value. This may return multiple authzs for the same identifier type and value.
This returns "potentially" valid authzs because a client may have set an authzs status to deactivated after issuance, so we return both valid and deactivated authzs. It also uses a small amount of leeway (1s) to account for possible clock skew.
This function doesn't do anything special for authzs with an expiration in the past. If the stored authz has a valid status, it is returned with a valid status regardless of whether it is also expired.
func SelectCertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
SelectCertificate selects all fields of one certificate object identified by a serial. If more than one row contains the same serial only the first is returned.
func SelectCertificateStatus(ctx context.Context, s db.OneSelector, serial string) (core.CertificateStatus, error)
SelectCertificateStatus selects all fields of one certificate status model identified by serial
func SelectPrecertificate(ctx context.Context, s db.OneSelector, serial string) (core.Certificate, error)
SelectPrecertificate selects all fields of one precertificate object identified by serial.
func SelectRevocationStatus(ctx context.Context, s db.OneSelector, serial string) (*sapb.RevocationStatus, error)
SelectRevocationStatus returns the authoritative revocation information for the certificate with the given serial.
BoulderTypeConverter is used by borp for storing objects in DB.
type BoulderTypeConverter struct{}
func (tc BoulderTypeConverter) FromDb(target interface{}) (borp.CustomScanner, bool)
FromDb converts a DB representation back into a Boulder object.
func (tc BoulderTypeConverter) ToDb(val interface{}) (interface{}, error)
ToDb converts a Boulder object to one suitable for the DB representation.
type CertStatusMetadata struct {
ID int64 `db:"id"`
Serial string `db:"serial"`
Status core.OCSPStatus `db:"status"`
OCSPLastUpdated time.Time `db:"ocspLastUpdated"`
RevokedDate time.Time `db:"revokedDate"`
RevokedReason revocation.Reason `db:"revokedReason"`
LastExpirationNagSent time.Time `db:"lastExpirationNagSent"`
NotAfter time.Time `db:"notAfter"`
IsExpired bool `db:"isExpired"`
IssuerID int64 `db:"issuerID"`
}
type CertWithID struct {
ID int64
core.Certificate
}
func SelectCertificates(ctx context.Context, s db.Selector, q string, args map[string]interface{}) ([]CertWithID, error)
SelectCertificates selects all fields of multiple certificate objects
func SelectPrecertificates(ctx context.Context, s db.Selector, q string, args map[string]interface{}) ([]CertWithID, error)
SelectPrecertificates selects all fields of multiple precertificate objects.
DbSettings contains settings for the database/sql driver. The zero value of each field means use the default setting from database/sql. ConnMaxIdleTime and ConnMaxLifetime should be set lower than their mariab counterparts interactive_timeout and wait_timeout.
type DbSettings struct {
// MaxOpenConns sets the maximum number of open connections to the
// database. If MaxIdleConns is greater than 0 and MaxOpenConns is
// less than MaxIdleConns, then MaxIdleConns will be reduced to
// match the new MaxOpenConns limit. If n < 0, then there is no
// limit on the number of open connections.
MaxOpenConns int
// MaxIdleConns sets the maximum number of connections in the idle
// connection pool. If MaxOpenConns is greater than 0 but less than
// MaxIdleConns, then MaxIdleConns will be reduced to match the
// MaxOpenConns limit. If n < 0, no idle connections are retained.
MaxIdleConns int
// ConnMaxLifetime sets the maximum amount of time a connection may
// be reused. Expired connections may be closed lazily before reuse.
// If d < 0, connections are not closed due to a connection's age.
ConnMaxLifetime time.Duration
// ConnMaxIdleTime sets the maximum amount of time a connection may
// be idle. Expired connections may be closed lazily before reuse.
// If d < 0, connections are not closed due to a connection's idle
// time.
ConnMaxIdleTime time.Duration
}
RevocationStatusModel represents a small subset of the columns in the certificateStatus table, used to determine the authoritative revocation status of a certificate.
type RevocationStatusModel struct {
Status core.OCSPStatus `db:"status"`
RevokedDate time.Time `db:"revokedDate"`
RevokedReason revocation.Reason `db:"revokedReason"`
}
SQLLogger adapts the Boulder Logger to a format borp can use.
type SQLLogger struct {
blog.Logger
}
func (log *SQLLogger) Printf(format string, v ...interface{})
Printf adapts the Logger to borp's interface
SQLStorageAuthority defines a Storage Authority.
Note that although SQLStorageAuthority does have methods wrapping all of the read-only methods provided by the SQLStorageAuthorityRO, those wrapper implementations are in saro.go, next to the real implementations.
type SQLStorageAuthority struct {
sapb.UnimplementedStorageAuthorityServer
*SQLStorageAuthorityRO
// contains filtered or unexported fields
}
func NewSQLStorageAuthority(
dbMap *db.WrappedMap,
dbReadOnlyMap *db.WrappedMap,
dbIncidentsMap *db.WrappedMap,
parallelismPerRPC int,
lagFactor time.Duration,
clk clock.Clock,
logger blog.Logger,
stats prometheus.Registerer,
) (*SQLStorageAuthority, error)
NewSQLStorageAuthority provides persistence using a SQL backend for Boulder. It constructs its own read-only storage authority to wrap.
func NewSQLStorageAuthorityWrapping(
ssaro *SQLStorageAuthorityRO,
dbMap *db.WrappedMap,
stats prometheus.Registerer,
) (*SQLStorageAuthority, error)
NewSQLStorageAuthorityWrapping provides persistence using a SQL backend for Boulder. It takes a read-only storage authority to wrap, which is useful if you are constructing both types of implementations and want to share read-only database connections between them.
func (ssa *SQLStorageAuthority) AddBlockedKey(ctx context.Context, req *sapb.AddBlockedKeyRequest) (*emptypb.Empty, error)
AddBlockedKey adds a key hash to the blockedKeys table
func (ssa *SQLStorageAuthority) AddCertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
AddCertificate stores an issued certificate, returning an error if it is a duplicate or if any other failure occurs.
func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb.AddCertificateRequest) (*emptypb.Empty, error)
AddPrecertificate writes a record of a precertificate generation to the DB. Note: this is not idempotent: it does not protect against inserting the same certificate multiple times. Calling code needs to first insert the cert's serial into the Serials table to ensure uniqueness.
func (ssa *SQLStorageAuthority) AddSerial(ctx context.Context, req *sapb.AddSerialRequest) (*emptypb.Empty, error)
AddSerial writes a record of a serial number generation to the DB.
func (ssa *SQLStorageAuthority) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
func (ssa *SQLStorageAuthority) CountFQDNSets(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Count, error)
func (ssa *SQLStorageAuthority) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
func (ssa *SQLStorageAuthority) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
func (ssa *SQLStorageAuthority) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
func (ssa *SQLStorageAuthority) CountRegistrationsByIP(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
func (ssa *SQLStorageAuthority) CountRegistrationsByIPRange(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
func (ssa *SQLStorageAuthority) DeactivateAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*emptypb.Empty, error)
DeactivateAuthorization2 deactivates a currently valid or pending authorization.
func (ssa *SQLStorageAuthority) DeactivateRegistration(ctx context.Context, req *sapb.RegistrationID) (*emptypb.Empty, error)
DeactivateRegistration deactivates a currently valid registration
func (ssa *SQLStorageAuthority) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
func (ssa *SQLStorageAuthority) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
func (ssa *SQLStorageAuthority) FinalizeAuthorization2(ctx context.Context, req *sapb.FinalizeAuthorizationRequest) (*emptypb.Empty, error)
FinalizeAuthorization2 moves a pending authorization to either the valid or invalid status. If the authorization is being moved to invalid the validationError field must be set. If the authorization is being moved to valid the validationRecord and expires fields must be set.
func (ssa *SQLStorageAuthority) FinalizeOrder(ctx context.Context, req *sapb.FinalizeOrderRequest) (*emptypb.Empty, error)
FinalizeOrder finalizes a provided *corepb.Order by persisting the CertificateSerial and a valid status to the database. No fields other than CertificateSerial and the order ID on the provided order are processed (e.g. this is not a generic update RPC).
func (ssa *SQLStorageAuthority) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
func (ssa *SQLStorageAuthority) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
func (ssa *SQLStorageAuthority) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
func (ssa *SQLStorageAuthority) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
func (ssa *SQLStorageAuthority) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
func (ssa *SQLStorageAuthority) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
func (ssa *SQLStorageAuthority) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
func (ssa *SQLStorageAuthority) GetPendingAuthorization2(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error)
func (ssa *SQLStorageAuthority) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
func (ssa *SQLStorageAuthority) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
func (ssa *SQLStorageAuthority) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
func (ssa *SQLStorageAuthority) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, stream sapb.StorageAuthority_GetRevokedCertsServer) error
func (ssa *SQLStorageAuthority) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
func (ssa *SQLStorageAuthority) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
func (ssa *SQLStorageAuthority) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
func (ssa *SQLStorageAuthority) Health(ctx context.Context) error
Health implements the grpc.checker interface.
func (ssa *SQLStorageAuthority) IncidentsForSerial(ctx context.Context, req *sapb.Serial) (*sapb.Incidents, error)
func (ssa *SQLStorageAuthority) KeyBlocked(ctx context.Context, req *sapb.KeyBlockedRequest) (*sapb.Exists, error)
func (ssa *SQLStorageAuthority) LeaseCRLShard(ctx context.Context, req *sapb.LeaseCRLShardRequest) (*sapb.LeaseCRLShardResponse, error)
LeaseCRLShard marks a single crlShards row as leased until the given time. If the request names a specific shard, this function will return an error if that shard is already leased. Otherwise, this function will return the index of the oldest shard for the given issuer.
func (ssa *SQLStorageAuthority) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest) (*corepb.Order, error)
NewOrderAndAuthzs adds the given authorizations to the database, adds their autogenerated IDs to the given order, and then adds the order to the db. This is done inside a single transaction to prevent situations where new authorizations are created, but then their corresponding order is never created, leading to "invisible" pending authorizations.
func (ssa *SQLStorageAuthority) NewRegistration(ctx context.Context, req *corepb.Registration) (*corepb.Registration, error)
NewRegistration stores a new Registration
func (ssa *SQLStorageAuthority) PreviousCertificateExists(ctx context.Context, req *sapb.PreviousCertificateExistsRequest) (*sapb.Exists, error)
func (ssa *SQLStorageAuthority) RevokeCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
RevokeCertificate stores revocation information about a certificate. It will only store this information if the certificate is not already marked as revoked.
func (ssa *SQLStorageAuthority) SerialsForIncident(req *sapb.SerialsForIncidentRequest, stream sapb.StorageAuthority_SerialsForIncidentServer) error
func (ssa *SQLStorageAuthority) SetCertificateStatusReady(ctx context.Context, req *sapb.Serial) (*emptypb.Empty, error)
SetCertificateStatusReady changes a serial's OCSP status from core.OCSPStatusNotReady to core.OCSPStatusGood. Called when precertificate issuance succeeds. returns an error if the serial doesn't have status core.OCSPStatusNotReady.
func (ssa *SQLStorageAuthority) SetOrderError(ctx context.Context, req *sapb.SetOrderErrorRequest) (*emptypb.Empty, error)
SetOrderError updates a provided Order's error field.
func (ssa *SQLStorageAuthority) SetOrderProcessing(ctx context.Context, req *sapb.OrderRequest) (*emptypb.Empty, error)
SetOrderProcessing updates an order from pending status to processing status by updating the `beganProcessing` field of the corresponding Order table row in the DB.
func (ssa *SQLStorageAuthority) UpdateCRLShard(ctx context.Context, req *sapb.UpdateCRLShardRequest) (*emptypb.Empty, error)
UpdateCRLShard updates the thisUpdate and nextUpdate timestamps of a CRL shard. It rejects the update if it would cause the thisUpdate timestamp to move backwards. It does *not* reject the update if the shard is no longer leased: although this would be unexpected (because the lease timestamp should be the same as the crl-updater's context expiration), it's not inherently a sign of an update that should be skipped. It does reject the update if the identified CRL shard does not exist in the database (it should exist, as rows are created if necessary when leased). It also sets the leasedUntil time to be equal to thisUpdate, to indicate that the shard is no longer leased.
func (ssa *SQLStorageAuthority) UpdateRegistration(ctx context.Context, req *corepb.Registration) (*emptypb.Empty, error)
UpdateRegistration stores an updated Registration
func (ssa *SQLStorageAuthority) UpdateRevokedCertificate(ctx context.Context, req *sapb.RevokeCertificateRequest) (*emptypb.Empty, error)
UpdateRevokedCertificate stores new revocation information about an already-revoked certificate. It will only store this information if the cert is already revoked, if the new revocation reason is `KeyCompromise`, and if the revokedDate is identical to the current revokedDate.
SQLStorageAuthorityRO defines a read-only subset of a Storage Authority
type SQLStorageAuthorityRO struct {
sapb.UnimplementedStorageAuthorityReadOnlyServer
// contains filtered or unexported fields
}
func NewSQLStorageAuthorityRO(
dbReadOnlyMap *db.WrappedMap,
dbIncidentsMap *db.WrappedMap,
stats prometheus.Registerer,
parallelismPerRPC int,
lagFactor time.Duration,
clk clock.Clock,
logger blog.Logger,
) (*SQLStorageAuthorityRO, error)
NewSQLStorageAuthorityRO provides persistence using a SQL backend for Boulder. It will modify the given borp.DbMap by adding relevant tables.
func (ssa *SQLStorageAuthorityRO) CountCertificatesByNames(ctx context.Context, req *sapb.CountCertificatesByNamesRequest) (*sapb.CountByNames, error)
CountCertificatesByNames counts, for each input domain, the number of certificates issued in the given time range for that domain and its subdomains. It returns a map from domains to counts and a timestamp. The map of domains to counts is guaranteed to contain an entry for each input domain, so long as err is nil. The timestamp is the earliest time a certificate was issued for any of the domains during the provided range of time. Queries will be run in parallel. If any of them error, only one error will be returned.
func (ssa *SQLStorageAuthorityRO) CountFQDNSets(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Count, error)
CountFQDNSets counts the total number of issuances, for a set of domains, that occurred during a given window of time.
func (ssa *SQLStorageAuthorityRO) CountInvalidAuthorizations2(ctx context.Context, req *sapb.CountInvalidAuthorizationsRequest) (*sapb.Count, error)
CountInvalidAuthorizations2 counts invalid authorizations for a user expiring in a given time range. This method only supports DNS identifier types.
func (ssa *SQLStorageAuthorityRO) CountOrders(ctx context.Context, req *sapb.CountOrdersRequest) (*sapb.Count, error)
func (ssa *SQLStorageAuthorityRO) CountPendingAuthorizations2(ctx context.Context, req *sapb.RegistrationID) (*sapb.Count, error)
CountPendingAuthorizations2 returns the number of pending, unexpired authorizations for the given registration.
func (ssa *SQLStorageAuthorityRO) CountRegistrationsByIP(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
CountRegistrationsByIP returns the number of registrations created in the time range for a single IP address.
func (ssa *SQLStorageAuthorityRO) CountRegistrationsByIPRange(ctx context.Context, req *sapb.CountRegistrationsByIPRequest) (*sapb.Count, error)
CountRegistrationsByIPRange returns the number of registrations created in the time range in an IP range. For IPv4 addresses, that range is limited to the single IP. For IPv6 addresses, that range is a /48, since it's not uncommon for one person to have a /48 to themselves.
func (ssa *SQLStorageAuthorityRO) FQDNSetExists(ctx context.Context, req *sapb.FQDNSetExistsRequest) (*sapb.Exists, error)
FQDNSetExists returns a bool indicating if one or more FQDN sets |names| exists in the database
func (ssa *SQLStorageAuthorityRO) FQDNSetTimestampsForWindow(ctx context.Context, req *sapb.CountFQDNSetsRequest) (*sapb.Timestamps, error)
FQDNSetTimestampsForWindow returns the issuance timestamps for each certificate, issued for a set of domains, during a given window of time, starting from the most recent issuance.
func (ssa *SQLStorageAuthorityRO) GetAuthorization2(ctx context.Context, req *sapb.AuthorizationID2) (*corepb.Authorization, error)
GetAuthorization2 returns the authz2 style authorization identified by the provided ID or an error. If no authorization is found matching the ID a berrors.NotFound type error is returned.
func (ssa *SQLStorageAuthorityRO) GetAuthorizations2(ctx context.Context, req *sapb.GetAuthorizationsRequest) (*sapb.Authorizations, error)
GetAuthorizations2 returns any valid or pending authorizations that exist for the list of domains provided. If both a valid and pending authorization exist only the valid one will be returned.
func (ssa *SQLStorageAuthorityRO) GetCertificate(ctx context.Context, req *sapb.Serial) (*corepb.Certificate, error)
GetCertificate takes a serial number and returns the corresponding certificate, or error if it does not exist.
func (ssa *SQLStorageAuthorityRO) GetCertificateStatus(ctx context.Context, req *sapb.Serial) (*corepb.CertificateStatus, error)
GetCertificateStatus takes a hexadecimal string representing the full 128-bit serial number of a certificate and returns data about that certificate's current validity.
func (ssa *SQLStorageAuthorityRO) GetMaxExpiration(ctx context.Context, req *emptypb.Empty) (*timestamppb.Timestamp, error)
GetMaxExpiration returns the timestamp of the farthest-future notAfter date found in the certificateStatus table. This provides an upper bound on how far forward operations that need to cover all currently-unexpired certificates have to look.
func (ssa *SQLStorageAuthorityRO) GetOrder(ctx context.Context, req *sapb.OrderRequest) (*corepb.Order, error)
GetOrder is used to retrieve an already existing order object
func (ssa *SQLStorageAuthorityRO) GetOrderForNames(ctx context.Context, req *sapb.GetOrderForNamesRequest) (*corepb.Order, error)
GetOrderForNames tries to find a **pending** or **ready** order with the exact set of names requested, associated with the given accountID. Only unexpired orders are considered. If no order meeting these requirements is found a nil corepb.Order pointer is returned.
func (ssa *SQLStorageAuthorityRO) GetPendingAuthorization2(ctx context.Context, req *sapb.GetPendingAuthorizationRequest) (*corepb.Authorization, error)
GetPendingAuthorization2 returns the most recent Pending authorization with the given identifier, if available. This method only supports DNS identifier types. TODO(#5816): Consider removing this method, as it has no callers.
func (ssa *SQLStorageAuthorityRO) GetRegistration(ctx context.Context, req *sapb.RegistrationID) (*corepb.Registration, error)
GetRegistration obtains a Registration by ID
func (ssa *SQLStorageAuthorityRO) GetRegistrationByKey(ctx context.Context, req *sapb.JSONWebKey) (*corepb.Registration, error)
GetRegistrationByKey obtains a Registration by JWK
func (ssa *SQLStorageAuthorityRO) GetRevocationStatus(ctx context.Context, req *sapb.Serial) (*sapb.RevocationStatus, error)
GetRevocationStatus takes a hexadecimal string representing the full serial number of a certificate and returns a minimal set of data about that cert's current validity.
func (ssa *SQLStorageAuthorityRO) GetRevokedCerts(req *sapb.GetRevokedCertsRequest, stream sapb.StorageAuthorityReadOnly_GetRevokedCertsServer) error
GetRevokedCerts gets a request specifying an issuer and a period of time, and writes to the output stream the set of all certificates issued by that issuer which expire during that period of time and which have been revoked. The starting timestamp is treated as inclusive (certs with exactly that notAfter date are included), but the ending timestamp is exclusive (certs with exactly that notAfter date are *not* included).
func (ssa *SQLStorageAuthorityRO) GetSerialMetadata(ctx context.Context, req *sapb.Serial) (*sapb.SerialMetadata, error)
GetSerialMetadata returns metadata stored alongside the serial number, such as the RegID whose certificate request created that serial, and when the certificate with that serial will expire.
func (ssa *SQLStorageAuthorityRO) GetValidAuthorizations2(ctx context.Context, req *sapb.GetValidAuthorizationsRequest) (*sapb.Authorizations, error)
GetValidAuthorizations2 returns the latest authorization for all domain names that the account has authorizations for. This method only supports DNS identifier types.
func (ssa *SQLStorageAuthorityRO) GetValidOrderAuthorizations2(ctx context.Context, req *sapb.GetValidOrderAuthorizationsRequest) (*sapb.Authorizations, error)
GetValidOrderAuthorizations2 is used to find the valid, unexpired authorizations associated with a specific order and account ID.
func (ssa *SQLStorageAuthorityRO) Health(ctx context.Context) error
Health implements the grpc.checker interface.
func (ssa *SQLStorageAuthorityRO) IncidentsForSerial(ctx context.Context, req *sapb.Serial) (*sapb.Incidents, error)
IncidentsForSerial queries each active incident table and returns every incident that currently impacts `req.Serial`.
func (ssa *SQLStorageAuthorityRO) KeyBlocked(ctx context.Context, req *sapb.KeyBlockedRequest) (*sapb.Exists, error)
KeyBlocked checks if a key, indicated by a hash, is present in the blockedKeys table
func (ssa *SQLStorageAuthorityRO) PreviousCertificateExists(ctx context.Context, req *sapb.PreviousCertificateExistsRequest) (*sapb.Exists, error)
PreviousCertificateExists returns true iff there was at least one certificate issued with the provided domain name, and the most recent such certificate was issued by the provided registration ID. This method is currently only used to determine if a certificate has previously been issued for a given domain name in order to determine if validations should be allowed during the v1 API shutoff. TODO(#5816): Consider removing this method, as it has no callers.
func (ssa *SQLStorageAuthorityRO) SerialsForIncident(req *sapb.SerialsForIncidentRequest, stream sapb.StorageAuthorityReadOnly_SerialsForIncidentServer) error
SerialsForIncident queries the provided incident table and returns the resulting rows as a stream of `*sapb.IncidentSerial`s. An `io.EOF` error signals that there are no more serials to send. If the incident table in question contains zero rows, only an `io.EOF` error is returned. The IncidentSerial messages returned may have the zero-value for their OrderID, RegistrationID, and LastNoticeSent fields, if those are NULL in the database.