Write docs!

libfic/certificate.go

@@ -6,6 +6,16 @@ import (
 	"time"
 )
 
+// Certificate represents a client certificate, which can be associated to a team.
+//
+// This is one method usable to handle authentication.
+// To use it in nginx, you'll need to add following lines in your configuration:
+//
+//   ssl_client_certificate PKI/shared/ca.pem;
+//   ssl_trusted_certificate PKI/shared/ca.pem;
+//   ssl_verify_client optional;
+//
+// Non-recognized clients will have access to a registration form.
 type Certificate struct {
 	Id       uint64     `json:"id,string"`
 	Creation time.Time  `json:"creation"`
@@ -14,6 +24,7 @@ type Certificate struct {
 	Revoked  *time.Time `json:"revoked"`
 }
 
+// GetCertificates returns the list of all generated certificates.
 func GetCertificates() (certificates []Certificate, err error) {
 	var rows *sql.Rows
 	if rows, err = DBQuery("SELECT id_cert, creation, password, id_team, revoked FROM certificates ORDER BY creation"); err == nil {
@@ -32,6 +43,8 @@ func GetCertificates() (certificates []Certificate, err error) {
 	return
 }
 
+
+// GetTeamCertificates returns all certificates generated for a given Team.
 func GetTeamCertificates(team Team) (certificates []Certificate, err error) {
 	var rows *sql.Rows
 	if rows, err = DBQuery("SELECT id_cert, creation, password, id_team, revoked FROM certificates WHERE id_team = ? ORDER BY creation", team.Id); err == nil {
@@ -50,12 +63,14 @@ func GetTeamCertificates(team Team) (certificates []Certificate, err error) {
 	return
 }
 
+// GetCertificate retrieves a certificate from its serial number.
 func GetCertificate(serial uint64) (c Certificate, err error) {
 	err = DBQueryRow("SELECT id_cert, creation, password, id_team, revoked FROM certificates WHERE id_cert = ?", serial).Scan(&c.Id, &c.Creation, &c.Password, &c.IdTeam, &c.Revoked)
 	return
 }
 
-func ExistingCertSerial(serial [8]byte) (bool) {
+// ExistingCertSerial tells you if the given bytes correspond to a know certificate.
+func ExistingCertSerial(serial [8]byte) bool {
 	var m big.Int
 	m.SetBytes(serial[:])
 
@@ -63,6 +78,10 @@ func ExistingCertSerial(serial [8]byte) (bool) {
 	return c.Id > 0
 }
 
+// RegisterCertificate registers a certificate in the database.
+//
+// "serial" is the certificate serial number
+// "password" is the one used to crypt privatekey and .p12
 func RegisterCertificate(serial uint64, password string) (Certificate, error) {
 	now := time.Now()
 	if _, err := DBExec("INSERT INTO certificates (id_cert, creation, password) VALUES (?, ?, ?)", serial, now, password); err != nil {
@@ -72,6 +91,7 @@ func RegisterCertificate(serial uint64, password string) (Certificate, error) {
 	}
 }
 
+// Update applies modifications back to the database.
 func (c Certificate) Update() (int64, error) {
 	if res, err := DBExec("UPDATE certificates SET creation = ?, password = ?, id_team = ?, revoked = ? WHERE id_cert = ?", c.Creation, c.Password, c.IdTeam, c.Revoked, c.Id); err != nil {
 		return 0, err
@@ -82,12 +102,14 @@ func (c Certificate) Update() (int64, error) {
 	}
 }
 
+// Revoke the certificate in database.
 func (c *Certificate) Revoke() (int64, error) {
 	now := time.Now()
 	c.Revoked = &now
 	return c.Update()
 }
 
+// Delete the certificate entry in the database.
 func (c Certificate) Delete() (int64, error) {
 	if res, err := DBExec("DELETE FROM certificates WHERE id_cert = ?", c.Id); err != nil {
 		return 0, err
@@ -98,6 +120,8 @@ func (c Certificate) Delete() (int64, error) {
 	}
 }
 
+
+// ClearCertificates removes all certificates from database.
 func ClearCertificates() (int64, error) {
 	if res, err := DBExec("DELETE FROM certificates"); err != nil {
 		return 0, err