+31
-15
lines changedFilter options
+31
-15
lines changed Original file line number Diff line number Diff line change
@@ -11,16 +11,17 @@ import (
11 11
// CertificateRecord encodes a certificate and its metadata
12 12
// that will be recorded in a database.
13 13
type CertificateRecord struct {
14 -
Serial string `db:"serial_number"`
15 -
AKI string `db:"authority_key_identifier"`
16 -
CALabel string `db:"ca_label"`
17 -
Status string `db:"status"`
18 -
Reason int `db:"reason"`
19 -
Expiry time.Time `db:"expiry"`
20 -
RevokedAt time.Time `db:"revoked_at"`
21 -
PEM string `db:"pem"`
22 -
IssuedAt time.Time `db:"issued_at"`
23 -
NotBefore time.Time `db:"not_before"`
14 +
Serial string `db:"serial_number"`
15 +
AKI string `db:"authority_key_identifier"`
16 +
CALabel string `db:"ca_label"`
17 +
Status string `db:"status"`
18 +
Reason int `db:"reason"`
19 +
Expiry time.Time `db:"expiry"`
20 +
RevokedAt time.Time `db:"revoked_at"`
21 +
PEM string `db:"pem"`
22 +
// the following fields will be empty for data inserted before migrate 002 has been run.
23 +
IssuedAt *time.Time `db:"issued_at"`
24 +
NotBefore *time.Time `db:"not_before"`
24 25
MetadataJSON types.JSONText `db:"metadata"`
25 26
SANsJSON types.JSONText `db:"sans"`
26 27
CommonName sql.NullString `db:"common_name"`
@@ -101,6 +101,15 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error {
101 101
return err
102 102
}
103 103 104 +
var issuedAt, notBefore *time.Time
105 +
if cr.IssuedAt != nil {
106 +
t := cr.IssuedAt.UTC()
107 +
issuedAt = &t
108 +
}
109 +
if cr.NotBefore != nil {
110 +
t := cr.NotBefore.UTC()
111 +
notBefore = &t
112 +
}
104 113
res, err := d.db.NamedExec(insertSQL, &certdb.CertificateRecord{
105 114
Serial: cr.Serial,
106 115
AKI: cr.AKI,
@@ -110,8 +119,8 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error {
110 119
Expiry: cr.Expiry.UTC(),
111 120
RevokedAt: cr.RevokedAt.UTC(),
112 121
PEM: cr.PEM,
113 -
IssuedAt: cr.IssuedAt.UTC(),
114 -
NotBefore: cr.NotBefore.UTC(),
122 +
IssuedAt: issuedAt,
123 +
NotBefore: notBefore,
115 124
MetadataJSON: cr.MetadataJSON,
116 125
SANsJSON: cr.SANsJSON,
117 126
CommonName: cr.CommonName,
@@ -172,7 +172,12 @@ func testInsertCertificateAndGetUnexpiredCertificateNullCommonName(ta TestAccess
172 172
}
173 173 174 174
// simulate situation where there are rows before migrate 002 has been run
175 -
ta.DB.MustExec("update certificates set common_name = NULL")
175 +
ta.DB.MustExec(`update certificates
176 +
set issued_at = NULL,
177 +
not_before = NULL,
178 +
metadata = NULL,
179 +
sans = NULL,
180 +
common_name = NULL;`)
176 181 177 182
rets, err := ta.Accessor.GetCertificate(want.Serial, want.AKI)
178 183
if err != nil {
@@ -507,6 +507,7 @@ func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error) {
507 507
parsedCert, _ := helpers.ParseCertificatePEM(signedCert)
508 508 509 509
if s.dbAccessor != nil {
510 +
now := time.Now()
510 511
var certRecord = certdb.CertificateRecord{
511 512
Serial: certTBS.SerialNumber.String(),
512 513
// this relies on the specific behavior of x509.CreateCertificate
@@ -516,8 +517,8 @@ func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error) {
516 517
Status: "good",
517 518
Expiry: certTBS.NotAfter,
518 519
PEM: string(signedCert),
519 -
IssuedAt: time.Now(),
520 -
NotBefore: certTBS.NotBefore,
520 +
IssuedAt: &now,
521 +
NotBefore: &certTBS.NotBefore,
521 522
CommonName: sql.NullString{String: certTBS.Subject.CommonName, Valid: true},
522 523
}
523 524 You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4