Verified Commit 29cee2ae authored by Vojtech Myslivec's avatar Vojtech Myslivec
Browse files

ca: Store CA identifier in cert record

To identify issuer of given cert straight from DB
parent 1188e881
---- scheme.sql
--
-- A scheme for certificate lists
-- A scheme for certificate list
CREATE TABLE IF NOT EXISTS certs (
id INTEGER PRIMARY KEY,
sn TEXT UNIQUE NOT NULL,
......@@ -8,5 +8,6 @@ CREATE TABLE IF NOT EXISTS certs (
common_name TEXT NOT NULL,
not_before INTEGER NOT NULL,
not_after INTEGER NOT NULL,
authority_key_identifier TEXT NOT NULL,
cert BLOB NOT NULL
);
......@@ -73,7 +73,7 @@ class CA:
not_after=not_after,
)
cert = sign_cert(cert, self.key)
store_cert(self.db, cert)
store_cert(self.db, cert, self.aki)
return cert
......
......@@ -17,10 +17,11 @@ def db_connection(conf):
# test table and columns existence
with contextlib.closing(conn.cursor()) as c:
c.execute("""
SELECT sn, state, common_name, not_before, not_after, cert
SELECT sn, state, common_name, not_before, not_after, authority_key_identifier, cert
FROM certs
LIMIT 1
""")
"""
)
yield conn
except sqlite3.OperationalError:
......@@ -49,18 +50,20 @@ def get_certs(conn, identity, date):
yield cert_from_bytes(row[0])
def store_cert(conn, cert):
def store_cert(conn, cert, aki):
serial_number = cert.serial_number
identity = get_cert_common_name(cert)
not_before = cert.not_valid_before
not_after = cert.not_valid_after
cert_bytes = get_cert_bytes(cert)
authority_key_identifier = aki.key_identifier.hex().upper()
with contextlib.closing(conn.cursor()) as c:
c.execute("""
INSERT INTO certs(sn, state, common_name, not_before, not_after, cert)
VALUES (?,?,?,?,?,?)
INSERT INTO certs(sn, state, common_name, not_before, not_after, authority_key_identifier, cert)
VALUES (?,?,?,?,?,?,?)
""",
(str(serial_number), "valid", identity, not_before, not_after, cert_bytes)
(str(serial_number), "valid", identity, not_before, not_after, authority_key_identifier, cert_bytes)
)
conn.commit()
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment