ca: Store CA identifier in cert record

To identify issuer of given cert straight from DB

ca: Store CA identifier in cert record
To identify issuer of given cert straight from DB
29cee2ae · Vojtech Myslivec · 1188e881 · 29cee2ae · 29cee2ae · 29cee2ae
Verified Commit 29cee2ae authored Dec 20, 2019 by Vojtech Myslivec
--- a/scheme.sql
+++ b/scheme.sql
 ---- scheme.sql
 --
-- A scheme for certificate lists
+-- A scheme for certificate list
 CREATE TABLE IF NOT EXISTS certs (
    id INTEGER PRIMARY KEY,
    sn TEXT UNIQUE NOT NULL,
@@ -8,5 +8,6 @@ CREATE TABLE IF NOT EXISTS certs (
    common_name TEXT NOT NULL,
    not_before INTEGER NOT NULL,
    not_after INTEGER NOT NULL,
+    authority_key_identifier TEXT NOT NULL,
    cert BLOB NOT NULL
 );
--- a/sentinel_ca/ca.py
+++ b/sentinel_ca/ca.py
@@ -73,7 +73,7 @@ class CA:
                not_after=not_after,
        )
        cert = sign_cert(cert, self.key)
-        store_cert(self.db, cert)
+        store_cert(self.db, cert, self.aki)

        return cert


--- a/sentinel_ca/db.py
+++ b/sentinel_ca/db.py
@@ -17,10 +17,11 @@ def db_connection(conf):
        # test table and columns existence
        with contextlib.closing(conn.cursor()) as c:
            c.execute("""
-                    SELECT sn, state, common_name, not_before, not_after, cert
+                    SELECT sn, state, common_name, not_before, not_after, authority_key_identifier, cert
                    FROM certs
                    LIMIT 1
-            """)
+                    """
+            )
        yield conn

    except sqlite3.OperationalError:
@@ -49,18 +50,20 @@ def get_certs(conn, identity, date):
            yield cert_from_bytes(row[0])


-def store_cert(conn, cert):
+def store_cert(conn, cert, aki):
    serial_number = cert.serial_number
    identity = get_cert_common_name(cert)
    not_before = cert.not_valid_before
    not_after = cert.not_valid_after
    cert_bytes = get_cert_bytes(cert)

+    authority_key_identifier = aki.key_identifier.hex().upper()
+
    with contextlib.closing(conn.cursor()) as c:
        c.execute("""
-                INSERT INTO certs(sn, state, common_name, not_before, not_after, cert)
-                  VALUES (?,?,?,?,?,?)
+                INSERT INTO certs(sn, state, common_name, not_before, not_after, authority_key_identifier, cert)
+                VALUES (?,?,?,?,?,?,?)
                """,
-                (str(serial_number), "valid", identity, not_before, not_after, cert_bytes)
+                (str(serial_number), "valid", identity, not_before, not_after, authority_key_identifier, cert_bytes)
        )
    conn.commit()