func (db *DB) UpdateTrust(trustID int64, cert certificate.Certificate) (int64, error) {
var trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android bool
var certID, parID int64
err := db.QueryRow(`SELECT cert_id, issuer_id, trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android FROM trust WHERE id=$1 AND is_current=TRUE`,
trustID).Scan(&certID, &parID, &trusted_ubuntu, &trusted_mozilla, &trusted_microsoft, &trusted_apple, &trusted_android)
if err != nil {
return -1, err
}
new_ubuntu, new_mozilla, new_microsoft, new_apple, new_android := cert.GetBooleanValidity()
isTrustCurrent := true
if trusted_ubuntu != new_ubuntu || trusted_mozilla != new_mozilla || trusted_microsoft != new_microsoft || trusted_apple != new_apple || trusted_android != new_android {
isTrustCurrent = false
}
if !isTrustCurrent { // create new trust and obsolete old one
newID, err := db.InsertTrustToDB(cert, certID, parID)
if err != nil {
return -1, err
}
_, err = db.Exec("UPDATE trust SET is_current=$1 WHERE id=$2", false, trustID)
if err != nil {
return -1, err
}
return newID, nil
} else { //update current timestamp
_, err = db.Exec("UPDATE trust SET timestamp=$1 WHERE id=$2", time.Now(), trustID)
return trustID, err
}
}
func (db *DB) GetCertPaths(cert *certificate.Certificate) (paths certificate.Paths, err error) {
paths.Cert = cert
xcert, err := cert.ToX509()
if err != nil {
return
}
parents, err := db.GetCACertsBySubject(cert.Issuer)
if err != nil {
return
}
for _, parent := range parents {
var (
curPath certificate.Paths
xparent *x509.Certificate
)
curPath.Cert = parent
xparent, err = parent.ToX509()
if err != nil {
return
}
// verify the parent signed the cert, or skip it
if xcert.CheckSignatureFrom(xparent) != nil {
continue
}
// if the parent is self-signed, we have a root, no need to go deeper
if parent.IsSelfSigned() {
paths.Parents = append(paths.Parents, curPath)
continue
}
// if the parent is not self signed, we grab its own parents
curPath, err := db.GetCertPaths(parent)
if err != nil {
continue
}
paths.Parents = append(paths.Parents, curPath)
}
return
}
func (db *DB) InsertTrustToDB(cert certificate.Certificate, certID, parID int64) (int64, error) {
var trustID int64
trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android := cert.GetBooleanValidity()
err := db.QueryRow(`INSERT INTO trust(cert_id,issuer_id,timestamp,trusted_ubuntu,trusted_mozilla,trusted_microsoft,trusted_apple,trusted_android,is_current)
VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9) RETURNING id`, certID, parID, time.Now(), trusted_ubuntu, trusted_mozilla, trusted_microsoft, trusted_apple, trusted_android, true).Scan(&trustID)
if err != nil {
return -1, err
}
return trustID, nil
}