From b5b7bac3121e1887307247238a4fdb915b0602a2 Mon Sep 17 00:00:00 2001 From: struxoje Date: Fri, 13 Sep 2024 00:46:00 +0000 Subject: [PATCH 1/3] Adding support for mysql null values --- api/certadd/insert.go | 6 +++--- api/crl/crl_test.go | 3 ++- certdb/certdb.go | 16 ++++++++-------- certdb/sql/database_accessor.go | 9 +++++++-- cli/crl/crl_test.go | 4 +++- cli/ocsprefresh/ocsprefresh.go | 2 +- crl/crl.go | 2 +- 7 files changed, 25 insertions(+), 17 deletions(-) diff --git a/api/certadd/insert.go b/api/certadd/insert.go index fb29b9913..7c3325c84 100644 --- a/api/certadd/insert.go +++ b/api/certadd/insert.go @@ -55,7 +55,7 @@ type AddRequest struct { Status string `json:"status"` Reason int `json:"reason"` Expiry time.Time `json:"expiry"` - RevokedAt time.Time `json:"revoked_at"` + RevokedAt *time.Time `json:"revoked_at"` PEM string `json:"pem"` IssuedAt *time.Time `json:"issued_at"` NotBefore *time.Time `json:"not_before"` @@ -106,7 +106,7 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error { } if ocsp.StatusCode[req.Status] == stdocsp.Revoked { - if req.RevokedAt == (time.Time{}) { + if *req.RevokedAt == (time.Time{}) { return errors.NewBadRequestString("Revoked certificate should specify when it was revoked") } @@ -180,7 +180,7 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error { Certificate: cert, Status: req.Status, Reason: req.Reason, - RevokedAt: req.RevokedAt, + RevokedAt: *req.RevokedAt, } ocspResponse, err := h.signer.Sign(sr) if err != nil { diff --git a/api/crl/crl_test.go b/api/crl/crl_test.go index f01609e71..cd7f61531 100644 --- a/api/crl/crl_test.go +++ b/api/crl/crl_test.go @@ -26,13 +26,14 @@ const ( func prepDB() (certdb.Accessor, error) { db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db") expirationTime := time.Now().AddDate(1, 0, 0) + timeNow := time.Now() var cert = certdb.CertificateRecord{ Serial: "1", AKI: fakeAKI, Expiry: expirationTime, PEM: "revoked cert", Status: "revoked", - RevokedAt: time.Now(), + RevokedAt: &timeNow, Reason: 4, } diff --git a/certdb/certdb.go b/certdb/certdb.go index fc6c5767e..2e19f0e7d 100644 --- a/certdb/certdb.go +++ b/certdb/certdb.go @@ -11,14 +11,14 @@ import ( // CertificateRecord encodes a certificate and its metadata // that will be recorded in a database. type CertificateRecord struct { - Serial string `db:"serial_number"` - AKI string `db:"authority_key_identifier"` - CALabel string `db:"ca_label"` - Status string `db:"status"` - Reason int `db:"reason"` - Expiry time.Time `db:"expiry"` - RevokedAt time.Time `db:"revoked_at"` - PEM string `db:"pem"` + Serial string `db:"serial_number"` + AKI string `db:"authority_key_identifier"` + CALabel string `db:"ca_label"` + Status string `db:"status"` + Reason int `db:"reason"` + Expiry time.Time `db:"expiry"` + RevokedAt *time.Time `db:"revoked_at"` + PEM string `db:"pem"` // the following fields will be empty for data inserted before migrate 002 has been run. IssuedAt *time.Time `db:"issued_at"` NotBefore *time.Time `db:"not_before"` diff --git a/certdb/sql/database_accessor.go b/certdb/sql/database_accessor.go index 63b0db8bf..83a3affef 100644 --- a/certdb/sql/database_accessor.go +++ b/certdb/sql/database_accessor.go @@ -107,7 +107,7 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error { return err } - var issuedAt, notBefore *time.Time + var issuedAt, notBefore, revokedAt *time.Time if cr.IssuedAt != nil { t := cr.IssuedAt.UTC() issuedAt = &t @@ -116,6 +116,11 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error { t := cr.NotBefore.UTC() notBefore = &t } + if cr.RevokedAt != nil { + t := cr.RevokedAt.UTC() + revokedAt = &t + } + res, err := d.db.NamedExec(insertSQL, &certdb.CertificateRecord{ Serial: cr.Serial, AKI: cr.AKI, @@ -123,7 +128,7 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error { Status: cr.Status, Reason: cr.Reason, Expiry: cr.Expiry.UTC(), - RevokedAt: cr.RevokedAt.UTC(), + RevokedAt: revokedAt, PEM: cr.PEM, IssuedAt: issuedAt, NotBefore: notBefore, diff --git a/cli/crl/crl_test.go b/cli/crl/crl_test.go index bcbec98b5..0b8827811 100644 --- a/cli/crl/crl_test.go +++ b/cli/crl/crl_test.go @@ -23,13 +23,15 @@ const ( func prepDB() (err error) { db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db") expirationTime := time.Now().AddDate(1, 0, 0) + + timeNow := time.Now() var cert = certdb.CertificateRecord{ Serial: "1", AKI: fakeAKI, Expiry: expirationTime, PEM: "revoked cert", Status: "revoked", - RevokedAt: time.Now(), + RevokedAt: &timeNow, Reason: 4, } diff --git a/cli/ocsprefresh/ocsprefresh.go b/cli/ocsprefresh/ocsprefresh.go index 2f2fdc549..e4d2886d4 100644 --- a/cli/ocsprefresh/ocsprefresh.go +++ b/cli/ocsprefresh/ocsprefresh.go @@ -78,7 +78,7 @@ func ocsprefreshMain(args []string, c cli.Config) error { if certRecord.Status == "revoked" { req.Reason = int(certRecord.Reason) - req.RevokedAt = certRecord.RevokedAt + req.RevokedAt = *certRecord.RevokedAt } resp, err := s.Sign(req) diff --git a/crl/crl.go b/crl/crl.go index bbe29a503..de324bfcd 100644 --- a/crl/crl.go +++ b/crl/crl.go @@ -87,7 +87,7 @@ func NewCRLFromDB(certs []certdb.CertificateRecord, issuerCert *x509.Certificate serialInt.SetString(certRecord.Serial, 10) tempCert := pkix.RevokedCertificate{ SerialNumber: serialInt, - RevocationTime: certRecord.RevokedAt, + RevocationTime: *certRecord.RevokedAt, } revokedCerts = append(revokedCerts, tempCert) } From 029e1a7307cb6c6cf74e757d107aa1cb49dfeb51 Mon Sep 17 00:00:00 2001 From: Strux Date: Fri, 13 Sep 2024 13:22:27 +0200 Subject: [PATCH 2/3] Update 001_CreateCertificates.sql Adding Null as default value --- certdb/mysql/migrations/001_CreateCertificates.sql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/certdb/mysql/migrations/001_CreateCertificates.sql b/certdb/mysql/migrations/001_CreateCertificates.sql index f242bc62d..4470f388e 100644 --- a/certdb/mysql/migrations/001_CreateCertificates.sql +++ b/certdb/mysql/migrations/001_CreateCertificates.sql @@ -7,8 +7,8 @@ CREATE TABLE certificates ( ca_label varbinary(128), status varbinary(128) NOT NULL, reason int, - expiry timestamp DEFAULT '0000-00-00 00:00:00', - revoked_at timestamp DEFAULT '0000-00-00 00:00:00', + expiry timestamp DEFAULT NULL, + revoked_at timestamp DEFAULT NULL, pem varbinary(4096) NOT NULL, PRIMARY KEY(serial_number, authority_key_identifier) ); @@ -17,7 +17,7 @@ CREATE TABLE ocsp_responses ( serial_number varbinary(128) NOT NULL, authority_key_identifier varbinary(128) NOT NULL, body varbinary(4096) NOT NULL, - expiry timestamp DEFAULT '0000-00-00 00:00:00', + expiry timestamp DEFAULT NULL, PRIMARY KEY(serial_number, authority_key_identifier) ); From 18b8ba6640688cc3c37911c146906c3f2d374b61 Mon Sep 17 00:00:00 2001 From: Strux Date: Fri, 13 Sep 2024 13:23:00 +0200 Subject: [PATCH 3/3] Update 002_AddMetadataToCertificates.sql Adding default NULL values for timestamp --- certdb/mysql/migrations/002_AddMetadataToCertificates.sql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/certdb/mysql/migrations/002_AddMetadataToCertificates.sql b/certdb/mysql/migrations/002_AddMetadataToCertificates.sql index 9c37659d2..5d200aca3 100644 --- a/certdb/mysql/migrations/002_AddMetadataToCertificates.sql +++ b/certdb/mysql/migrations/002_AddMetadataToCertificates.sql @@ -1,8 +1,8 @@ -- +goose Up -- SQL in section 'Up' is executed when this migration is applied ALTER TABLE certificates -ADD COLUMN issued_at timestamp DEFAULT '0000-00-00 00:00:00', - ADD COLUMN not_before timestamp DEFAULT '0000-00-00 00:00:00', +ADD COLUMN issued_at timestamp DEFAULT NULL, + ADD COLUMN not_before timestamp DEFAULT NULL, ADD COLUMN metadata JSON, ADD COLUMN sans JSON, ADD COLUMN common_name TEXT; @@ -12,4 +12,4 @@ ALTER TABLE certificates DROP COLUMN issued_at, DROP COLUMN not_before, DROP COLUMN metadata, DROP COLUMN sans, - DROP COLUMN common_name; \ No newline at end of file + DROP COLUMN common_name;