Verified Commit 9b725e9a authored by Vojtech Myslivec's avatar Vojtech Myslivec
Browse files

ca: Store foreign key in cert record

Store CA foreign key instead of CA key identifier
parent 74e4fb60
Pipeline #58187 passed with stages
in 1 minute and 52 seconds
......@@ -13,11 +13,13 @@ CREATE TABLE IF NOT EXISTS ca (
CREATE TABLE IF NOT EXISTS certs (
id INTEGER PRIMARY KEY,
sn TEXT UNIQUE NOT NULL,
sn TEXT NOT NULL,
state TEXT NOT NULL CHECK (state IN ('valid', 'revoked')),
common_name TEXT NOT NULL,
not_before INTEGER NOT NULL,
not_after INTEGER NOT NULL,
authority_key_identifier TEXT NOT NULL,
cert BLOB NOT NULL
ca_id INTEGER NOT NULL,
cert BLOB NOT NULL,
UNIQUE (sn, ca_id),
FOREIGN KEY(ca_id) REFERENCES ca(id)
);
......@@ -44,6 +44,7 @@ class CA:
self.db = db
if not ca_exists_in_db(self.db, self.cert):
store_ca(self.db, self.cert)
self.id = get_ca_id(self.db, self.cert)
def get_valid_cert_matching_csr(self, identity, csr, days=VALID_DAYS):
......@@ -75,7 +76,7 @@ class CA:
not_after=not_after,
)
cert = sign_cert(cert, self.key)
store_cert(self.db, cert, self.aki)
store_cert(self.db, cert, self.id)
return cert
......
......@@ -17,7 +17,7 @@ def db_connection(conf):
# test table and columns existence
with contextlib.closing(conn.cursor()) as c:
c.execute("""
SELECT sn, state, common_name, not_before, not_after, authority_key_identifier, cert
SELECT sn, state, common_name, not_before, not_after, ca_id, cert
FROM certs
LIMIT 1
"""
......@@ -102,20 +102,18 @@ def store_ca(conn, ca_cert):
conn.commit()
def store_cert(conn, cert, aki):
def store_cert(conn, cert, ca_id):
serial_number = cert.serial_number
identity = get_cert_common_name(cert)
not_before = cert.not_valid_before
not_after = cert.not_valid_after
cert_bytes = get_cert_bytes(cert)
authority_key_identifier = aki_to_str(aki)
with contextlib.closing(conn.cursor()) as c:
c.execute("""
INSERT INTO certs(sn, state, common_name, not_before, not_after, authority_key_identifier, cert)
INSERT INTO certs(sn, state, common_name, not_before, not_after, ca_id, cert)
VALUES (?,?,?,?,?,?,?)
""",
(str(serial_number), "valid", identity, not_before, not_after, authority_key_identifier, cert_bytes)
(str(serial_number), "valid", identity, not_before, not_after, ca_id, cert_bytes)
)
conn.commit()
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment