Example #1
0
func (db *DB) UpdateTrust(trustID int64, cert certificate.Certificate) (int64, error) {

	var trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool

	var certID, parID int64

	err := db.QueryRow(`SELECT cert_id, issuer_id, trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android FROM trust WHERE id=$1 AND is_current=TRUE`,
		trustID).Scan(&certID, &parID, &trusted_ubuntu, &trusted_mozilla, &trusted_microsoft, &trusted_apple, &trusted_android)

	if err != nil {
		return -1, err
	}

	new_ubuntu, new_mozilla, new_microsoft, new_apple, new_android := cert.GetBooleanValidity()

	isTrustCurrent := true

	if trusted_ubuntu != new_ubuntu || trusted_mozilla != new_mozilla || trusted_microsoft != new_microsoft || trusted_apple != new_apple || trusted_android != new_android {
		isTrustCurrent = false
	}

	if !isTrustCurrent { // create new trust and obsolete old one

		newID, err := db.InsertTrustToDB(cert, certID, parID)

		if err != nil {
			return -1, err
		}

		_, err = db.Exec("UPDATE trust SET is_current=$1 WHERE id=$2", false, trustID)

		if err != nil {
			return -1, err
		}

		return newID, nil

	} else { //update current timestamp

		_, err = db.Exec("UPDATE trust SET timestamp=$1 WHERE id=$2", time.Now(), trustID)

		return trustID, err

	}
}
Example #2
0
func (db *DB) GetCertPaths(cert *certificate.Certificate) (paths certificate.Paths, err error) {
	paths.Cert = cert
	xcert, err := cert.ToX509()
	if err != nil {
		return
	}
	parents, err := db.GetCACertsBySubject(cert.Issuer)
	if err != nil {
		return
	}
	for _, parent := range parents {
		var (
			curPath certificate.Paths
			xparent *x509.Certificate
		)
		curPath.Cert = parent
		xparent, err = parent.ToX509()
		if err != nil {
			return
		}
		// verify the parent signed the cert, or skip it
		if xcert.CheckSignatureFrom(xparent) != nil {
			continue
		}
		// if the parent is self-signed, we have a root, no need to go deeper
		if parent.IsSelfSigned() {
			paths.Parents = append(paths.Parents, curPath)
			continue
		}
		// if the parent is not self signed, we grab its own parents
		curPath, err := db.GetCertPaths(parent)
		if err != nil {
			continue
		}
		paths.Parents = append(paths.Parents, curPath)
	}

	return
}
Example #3
0
func (db *DB) InsertTrustToDB(cert certificate.Certificate, certID, parID int64) (int64, error) {

	var trustID int64

	trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android := cert.GetBooleanValidity()

	err := db.QueryRow(`INSERT INTO trust(cert_id,issuer_id,timestamp,trusted_ubuntu,trusted_mozilla,trusted_microsoft,trusted_apple,trusted_android,is_current)
 VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9) RETURNING id`, certID, parID, time.Now(), trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android, true).Scan(&trustID)

	if err != nil {
		return -1, err
	}

	return trustID, nil

}