diff --git a/server/store/sqldb.go b/server/store/sqldb.go
index 2efca0e068e1a1ac031586db8a2a0839578e9243..bdb88935d7b05cfa1200ca587079822d53446f45 100644
--- a/server/store/sqldb.go
+++ b/server/store/sqldb.go
@@ -120,8 +120,14 @@ func (db *SQLStore) List(includeExpired bool) ([]*CertRecord, error) {
return nil, err
}
recs := []*CertRecord{}
- if err := db.listAll.Select(&recs); err != nil {
- return nil, err
+ if includeExpired {
+ if err := db.listAll.Select(&recs); err != nil {
+ return nil, err
+ }
+ } else {
+ if err := db.listCurrent.Select(&recs, time.Now()); err != nil {
+ return nil, err
+ }
}
return recs, nil
}
diff --git a/server/store/store_test.go b/server/store/store_test.go
index e8bebafa1546a4b6cca4040e3d75d0fb09a625be..cd58ccd706dc05ebf9757864b6255e8bfae18c6f 100644
--- a/server/store/store_test.go
+++ b/server/store/store_test.go
@@ -48,15 +48,29 @@ func testStore(t *testing.T, db CertStorer) {
KeyID: "a",
Principals: []string{"b"},
CreatedAt: time.Now().UTC(),
- Expires: time.Now().UTC().Add(1 * time.Minute),
+ Expires: time.Now().UTC().Add(-1 * time.Second),
Raw: "AAAAAA",
}
if err := db.SetRecord(r); err != nil {
t.Error(err)
}
- if _, err := db.List(true); err != nil {
+
+ // includeExpired = false should return 0 results
+ recs, err := db.List(false)
+ if err != nil {
t.Error(err)
}
+ if len(recs) > 0 {
+ t.Errorf("Expected 0 results, got %d", len(recs))
+ }
+ // includeExpired = false should return 1 result
+ recs, err = db.List(true)
+ if err != nil {
+ t.Error(err)
+ }
+ if recs[0].KeyID != r.KeyID {
+ t.Error("key mismatch")
+ }
c, _, _, _, _ := ssh.ParseAuthorizedKey(testdata.Cert)
cert := c.(*ssh.Certificate)
@@ -66,9 +80,13 @@ func testStore(t *testing.T, db CertStorer) {
t.Error(err)
}
- if _, err := db.Get("key"); err != nil {
+ ret, err := db.Get("key")
+ if err != nil {
t.Error(err)
}
+ if ret.KeyID != cert.KeyId {
+ t.Error("key mismatch")
+ }
if err := db.Revoke("key"); err != nil {
t.Error(err)
}