void Certificate_Store_In_SQL::affirm_cert(const X509_Certificate& cert)
{
auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "revoked WHERE fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
stmt->spin();
}
bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Private_Key& key) {
insert_cert(cert);
if(find_key(cert))
return false;
auto pkcs8 = PKCS8::BER_encode(key, m_rng, m_password);
auto fpr = key.fingerprint("SHA-256");
auto stmt1 = m_database->new_statement(
"INSERT OR REPLACE INTO " + m_prefix + "keys ( fingerprint, key ) VALUES ( ?1, ?2 )");
stmt1->bind(1,fpr);
stmt1->bind(2,pkcs8.data(),pkcs8.size());
stmt1->spin();
auto stmt2 = m_database->new_statement(
"UPDATE " + m_prefix + "certificates SET priv_fingerprint = ?1 WHERE fingerprint == ?2");
stmt2->bind(1,fpr);
stmt2->bind(2,cert.fingerprint("SHA-256"));
stmt2->spin();
return true;
}
bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert)
{
if(find_cert(cert.subject_dn(),cert.subject_key_id()))
return false;
DER_Encoder enc;
auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " +
m_prefix + "certificates (\
fingerprint, \
subject_dn, \
key_id, \
priv_fingerprint, \
certificate \
) VALUES ( ?1, ?2, ?3, ?4, ?5 )");
stmt->bind(1,cert.fingerprint("SHA-256"));
cert.subject_dn().encode_into(enc);
stmt->bind(2,enc.get_contents_unlocked());
stmt->bind(3,cert.subject_key_id());
stmt->bind(4,std::vector<uint8_t>());
enc = DER_Encoder();
cert.encode_into(enc);
stmt->bind(5,enc.get_contents_unlocked());
stmt->spin();
return true;
}
bool Certificate_Store_In_SQL::remove_cert(const X509_Certificate& cert)
{
if(!find_cert(cert.subject_dn(),cert.subject_key_id()))
return false;
auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "certificates WHERE fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
stmt->spin();
return true;
}
// Private key handling
std::shared_ptr<const Private_Key> Certificate_Store_In_SQL::find_key(const X509_Certificate& cert) const
{
auto stmt = m_database->new_statement("SELECT key FROM " + m_prefix + "keys "
"JOIN " + m_prefix + "certificates ON " +
m_prefix + "keys.fingerprint == " + m_prefix + "certificates.priv_fingerprint "
"WHERE " + m_prefix + "certificates.fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
std::shared_ptr<const Private_Key> key;
while(stmt->step())
{
auto blob = stmt->get_blob(0);
DataSource_Memory src(blob.first,blob.second);
key.reset(PKCS8::load_key(src, m_rng, m_password));
}
return key;
}
// Revocation
void Certificate_Store_In_SQL::revoke_cert(const X509_Certificate& cert, CRL_Code code, const X509_Time& time)
{
insert_cert(cert);
auto stmt1 = m_database->new_statement(
"INSERT OR REPLACE INTO " + m_prefix + "revoked ( fingerprint, reason, time ) VALUES ( ?1, ?2, ?3 )");
stmt1->bind(1,cert.fingerprint("SHA-256"));
stmt1->bind(2,code);
if(time.time_is_set())
{
DER_Encoder der;
time.encode_into(der);
stmt1->bind(3,der.get_contents_unlocked());
}
else
{
stmt1->bind(3,-1);
}
stmt1->spin();
}
