+11041
-705
lines changedFilter options
+11041
-705
lines changed Original file line number Diff line number Diff line change
@@ -1,20 +1,62 @@
1 1
package certdb
2 2 3 3
import (
4 +
"encoding/json"
4 5
"time"
6 + 7 +
"github.com/jmoiron/sqlx/types"
5 8
)
6 9 7 10
// CertificateRecord encodes a certificate and its metadata
8 11
// that will be recorded in a database.
9 12
type CertificateRecord struct {
10 -
Serial string `db:"serial_number"`
11 -
AKI string `db:"authority_key_identifier"`
12 -
CALabel string `db:"ca_label"`
13 -
Status string `db:"status"`
14 -
Reason int `db:"reason"`
15 -
Expiry time.Time `db:"expiry"`
16 -
RevokedAt time.Time `db:"revoked_at"`
17 -
PEM string `db:"pem"`
13 +
Serial string `db:"serial_number"`
14 +
AKI string `db:"authority_key_identifier"`
15 +
CALabel string `db:"ca_label"`
16 +
Status string `db:"status"`
17 +
Reason int `db:"reason"`
18 +
Expiry time.Time `db:"expiry"`
19 +
RevokedAt time.Time `db:"revoked_at"`
20 +
PEM string `db:"pem"`
21 +
IssuedAt time.Time `db:"issued_at"`
22 +
NotBefore time.Time `db:"not_before"`
23 +
MetadataJSON types.JSONText `db:"metadata"`
24 +
SANsJSON types.JSONText `db:"sans"`
25 +
CommonName string `db:"common_name"`
26 +
}
27 + 28 +
// SetMetadata sets the metadata json
29 +
func (c *CertificateRecord) SetMetadata(meta map[string]interface{}) error {
30 +
marshaled, err := json.Marshal(meta)
31 +
if err != nil {
32 +
return err
33 +
}
34 +
c.MetadataJSON = types.JSONText(marshaled)
35 +
return nil
36 +
}
37 + 38 +
// GetMetadata returns the json metadata
39 +
func (c *CertificateRecord) GetMetadata() (map[string]interface{}, error) {
40 +
var meta map[string]interface{}
41 +
err := c.MetadataJSON.Unmarshal(&meta)
42 +
return meta, err
43 +
}
44 + 45 +
// SetSANs sets the list of sans
46 +
func (c *CertificateRecord) SetSANs(meta []string) error {
47 +
marshaled, err := json.Marshal(meta)
48 +
if err != nil {
49 +
return err
50 +
}
51 +
c.SANsJSON = types.JSONText(marshaled)
52 +
return nil
53 +
}
54 + 55 +
// GetSANs returns the json SANs
56 +
func (c *CertificateRecord) GetSANs() ([]string, error) {
57 +
var sans []string
58 +
err := c.SANsJSON.Unmarshal(&sans)
59 +
return sans, err
18 60
}
19 61 20 62
// OCSPRecord encodes a OCSP response body and its metadata
@@ -0,0 +1,15 @@
1 +
-- +goose Up
2 +
-- SQL in section 'Up' is executed when this migration is applied
3 +
ALTER TABLE certificates
4 +
ADD COLUMN issued_at timestamp DEFAULT '0000-00-00 00:00:00',
5 +
ADD COLUMN not_before timestamp DEFAULT '0000-00-00 00:00:00',
6 +
ADD COLUMN metadata JSON,
7 +
ADD COLUMN sans JSON,
8 +
ADD COLUMN common_name TEXT;
9 +
-- +goose Down
10 +
-- SQL section 'Down' is executed when this migration is rolled back
11 +
ALTER TABLE certificates DROP COLUMN issued_at,
12 +
DROP COLUMN not_before,
13 +
DROP COLUMN metadata,
14 +
DROP COLUMN sans,
15 +
DROP COLUMN common_name;
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
1 +
-- +goose Up
2 +
-- SQL in section 'Up' is executed when this migration is applied
3 +
ALTER TABLE certificates
4 +
ADD COLUMN issued_at timestamptz,
5 +
ADD COLUMN not_before timestamptz,
6 +
ADD COLUMN metadata jsonb,
7 +
ADD COLUMN sans jsonb,
8 +
ADD COLUMN common_name TEXT;
9 +
-- +goose Down
10 +
-- SQL section 'Down' is executed when this migration is rolled back
11 +
ALTER TABLE certificates DROP COLUMN issued_at,
12 +
DROP COLUMN not_before,
13 +
DROP COLUMN metadata,
14 +
DROP COLUMN sans,
15 +
DROP COLUMN common_name;
Original file line number Diff line number Diff line change
@@ -19,8 +19,10 @@ func init() {
19 19 20 20
const (
21 21
insertSQL = `
22 -
INSERT INTO certificates (serial_number, authority_key_identifier, ca_label, status, reason, expiry, revoked_at, pem)
23 -
VALUES (:serial_number, :authority_key_identifier, :ca_label, :status, :reason, :expiry, :revoked_at, :pem);`
22 +
INSERT INTO certificates (serial_number, authority_key_identifier, ca_label, status, reason, expiry, revoked_at, pem,
23 +
issued_at, not_before, metadata, sans, common_name)
24 +
VALUES (:serial_number, :authority_key_identifier, :ca_label, :status, :reason, :expiry, :revoked_at, :pem,
25 +
:issued_at, :not_before, :metadata, :sans, :common_name);`
24 26 25 27
selectSQL = `
26 28
SELECT %s FROM certificates
@@ -100,14 +102,19 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error {
100 102
}
101 103 102 104
res, err := d.db.NamedExec(insertSQL, &certdb.CertificateRecord{
103 -
Serial: cr.Serial,
104 -
AKI: cr.AKI,
105 -
CALabel: cr.CALabel,
106 -
Status: cr.Status,
107 -
Reason: cr.Reason,
108 -
Expiry: cr.Expiry.UTC(),
109 -
RevokedAt: cr.RevokedAt.UTC(),
110 -
PEM: cr.PEM,
105 +
Serial: cr.Serial,
106 +
AKI: cr.AKI,
107 +
CALabel: cr.CALabel,
108 +
Status: cr.Status,
109 +
Reason: cr.Reason,
110 +
Expiry: cr.Expiry.UTC(),
111 +
RevokedAt: cr.RevokedAt.UTC(),
112 +
PEM: cr.PEM,
113 +
IssuedAt: cr.IssuedAt.UTC(),
114 +
NotBefore: cr.NotBefore.UTC(),
115 +
MetadataJSON: cr.MetadataJSON,
116 +
SANsJSON: cr.SANsJSON,
117 +
CommonName: cr.CommonName,
111 118
})
112 119
if err != nil {
113 120
return wrapSQLError(err)
@@ -9,6 +9,7 @@ import (
9 9
"github.com/cloudflare/cfssl/certdb/testdb"
10 10 11 11
"github.com/jmoiron/sqlx"
12 +
"github.com/stretchr/testify/require"
12 13
)
13 14 14 15
const (
@@ -70,7 +71,7 @@ func testInsertCertificateAndGetCertificate(ta TestAccessor, t *testing.T) {
70 71
Reason: 0,
71 72
Expiry: expiry,
72 73
}
73 - 74 +
want.SetMetadata(map[string]interface{}{"k": "v"})
74 75
if err := ta.Accessor.InsertCertificate(want); err != nil {
75 76
t.Fatal(err)
76 77
}
@@ -92,6 +93,9 @@ func testInsertCertificateAndGetCertificate(ta TestAccessor, t *testing.T) {
92 93
want.PEM != got.PEM || !roughlySameTime(got.Expiry, expiry) {
93 94
t.Errorf("want Certificate %+v, got %+v", want, got)
94 95
}
96 +
gotMeta, err := got.GetMetadata()
97 +
require.NoError(t, err)
98 +
require.Equal(t, map[string]interface{}{"k": "v"}, gotMeta)
95 99 96 100
unexpired, err := ta.Accessor.GetUnexpiredCertificates()
97 101
@@ -0,0 +1,13 @@
1 +
-- +goose Up
2 +
-- SQL in section 'Up' is executed when this migration is applied
3 + 4 +
ALTER TABLE certificates ADD COLUMN "issued_at" timestamp;
5 +
ALTER TABLE certificates ADD COLUMN "not_before" timestamp;
6 +
ALTER TABLE certificates ADD COLUMN "metadata" text;
7 +
ALTER TABLE certificates ADD COLUMN "sans" text;
8 +
ALTER TABLE certificates ADD COLUMN "common_name" text;
9 + 10 +
-- +goose Down
11 +
-- SQL section 'Down' is executed when this migration is rolled back
12 + 13 +
-- can't drop columns in sqlite
Original file line number Diff line number Diff line change
@@ -10,23 +10,23 @@ require (
10 10
github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41
11 11
github.com/cloudflare/redoctober v0.0.0-20171127175943-746a508df14c
12 12
github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7 // indirect
13 -
github.com/go-sql-driver/mysql v1.3.0
14 -
github.com/golang/protobuf v1.3.1 // indirect
13 +
github.com/go-sql-driver/mysql v1.4.0
15 14
github.com/google/certificate-transparency-go v1.0.21
16 15
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548
17 -
github.com/jmoiron/sqlx v0.0.0-20180124204410-05cef0741ade
16 +
github.com/jmoiron/sqlx v1.2.0
18 17
github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49
19 18
github.com/kisom/goutils v1.1.0
20 19
github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28 // indirect
21 20
github.com/lib/pq v1.3.0
22 21
github.com/mattn/go-sqlite3 v1.10.0
23 22
github.com/pkg/errors v0.8.0 // indirect
23 +
github.com/stretchr/testify v1.3.0
24 24
github.com/weppos/publicsuffix-go v0.5.0 // indirect
25 25
github.com/ziutek/mymysql v1.5.4 // indirect
26 26
github.com/zmap/zcrypto v0.0.0-20191112190257-7f2fe6faf8cf
27 27
github.com/zmap/zlint/v2 v2.0.0
28 28
golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
29 29
golang.org/x/lint v0.0.0-20190930215403-16217165b5de
30 30
golang.org/x/net v0.0.0-20190620200207-3b0461eec859
31 -
golang.org/x/text v0.3.2 // indirect
31 +
google.golang.org/appengine v1.6.6 // indirect
32 32
)
Original file line number Diff line number Diff line change
@@ -21,8 +21,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
21 21
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
22 22
github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7 h1:ELaJ1cjF2nEJeIlHXahGme22yG7TK+3jB6IGCq0Cdrc=
23 23
github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
24 -
github.com/go-sql-driver/mysql v1.3.0 h1:pgwjLi/dvffoP9aabwkT3AKpXQM93QARkjFhDDqC1UE=
25 -
github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
24 +
github.com/go-sql-driver/mysql v1.4.0 h1:7LxgVwFb2hIQtMm87NdgAVfXjnt4OePseqT1tKx+opk=
25 +
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
26 26
github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
27 27
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
28 28
github.com/google/certificate-transparency-go v1.0.21 h1:Yf1aXowfZ2nuboBsg7iYGLmwsOARdV86pfH3g95wXmE=
@@ -31,8 +31,8 @@ github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGAR
31 31
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
32 32
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4=
33 33
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo=
34 -
github.com/jmoiron/sqlx v0.0.0-20180124204410-05cef0741ade h1:ryslCsfLTV4Cm/9NXqCJirlbYodWqFiTH454IaSn/fY=
35 -
github.com/jmoiron/sqlx v0.0.0-20180124204410-05cef0741ade/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU=
34 +
github.com/jmoiron/sqlx v1.2.0 h1:41Ip0zITnmWNR/vHV+S4m+VoUivnWY5E4OJfLZjCJMA=
35 +
github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
36 36
github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49 h1:o/c0aWEP/m6n61xlYW2QP4t9424qlJOsxugn5Zds2Rg=
37 37
github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
38 38
github.com/kisom/goutils v1.1.0 h1:z4HEOgAnFq+e1+O4QdVsyDPatJDu5Ei/7w7DRbYjsIA=
@@ -45,8 +45,10 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
45 45
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
46 46
github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28 h1:mkl3tvPHIuPaWsLtmHTybJeoVEW7cbePK73Ir8VtruA=
47 47
github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28/go.mod h1:T/T7jsxVqf9k/zYOqbgNAsANsjxTd1Yq3htjDhQ1H0c=
48 +
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
48 49
github.com/lib/pq v1.3.0 h1:/qkRGz8zljWiDcFvgpwUpwIAPu3r07TDvs3Rws+o/pU=
49 50
github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
51 +
github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
50 52
github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
51 53
github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
52 54
github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
@@ -89,6 +91,7 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
89 91
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
90 92
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
91 93
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
94 +
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
92 95
golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
93 96
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
94 97
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -100,5 +103,7 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
100 103
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
101 104
golang.org/x/tools v0.0.0-20190311212946-11955173bddd h1:/e+gpKk9r3dJobndpTytxS2gOy6m5uvpg+ISQoEcusQ=
102 105
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
106 +
google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
107 +
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
103 108
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
104 109
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ import (
21 21
"net/mail"
22 22
"net/url"
23 23
"os"
24 +
"time"
24 25 25 26
"github.com/cloudflare/cfssl/certdb"
26 27
"github.com/cloudflare/cfssl/config"
@@ -29,7 +30,7 @@ import (
29 30
"github.com/cloudflare/cfssl/info"
30 31
"github.com/cloudflare/cfssl/log"
31 32
"github.com/cloudflare/cfssl/signer"
32 -
"github.com/google/certificate-transparency-go"
33 +
ct "github.com/google/certificate-transparency-go"
33 34
"github.com/google/certificate-transparency-go/client"
34 35
"github.com/google/certificate-transparency-go/jsonclient"
35 36
@@ -509,15 +510,24 @@ func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error) {
509 510
Serial: certTBS.SerialNumber.String(),
510 511
// this relies on the specific behavior of x509.CreateCertificate
511 512
// which sets the AuthorityKeyId from the signer's SubjectKeyId
512 -
AKI: hex.EncodeToString(parsedCert.AuthorityKeyId),
513 -
CALabel: req.Label,
514 -
Status: "good",
515 -
Expiry: certTBS.NotAfter,
516 -
PEM: string(signedCert),
513 +
AKI: hex.EncodeToString(parsedCert.AuthorityKeyId),
514 +
CALabel: req.Label,
515 +
Status: "good",
516 +
Expiry: certTBS.NotAfter,
517 +
PEM: string(signedCert),
518 +
IssuedAt: time.Now(),
519 +
NotBefore: certTBS.NotBefore,
520 +
CommonName: certTBS.Subject.CommonName,
517 521
}
518 522 519 -
err = s.dbAccessor.InsertCertificate(certRecord)
520 -
if err != nil {
523 +
if err := certRecord.SetMetadata(req.Metadata); err != nil {
524 +
return nil, err
525 +
}
526 +
if err := certRecord.SetSANs(certTBS.DNSNames); err != nil {
527 +
return nil, err
528 +
}
529 + 530 +
if err := s.dbAccessor.InsertCertificate(certRecord); err != nil {
521 531
return nil, err
522 532
}
523 533
log.Debug("saved certificate with serial number ", certTBS.SerialNumber)
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4