void Certificate_Store_In_SQL::affirm_cert(const X509_Certificate& cert) { auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "revoked WHERE fingerprint == ?1"); stmt->bind(1,cert.fingerprint("SHA-256")); stmt->spin(); }
bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Private_Key& key) { insert_cert(cert); if(find_key(cert)) return false; auto pkcs8 = PKCS8::BER_encode(key, m_rng, m_password); auto fpr = key.fingerprint("SHA-256"); auto stmt1 = m_database->new_statement( "INSERT OR REPLACE INTO " + m_prefix + "keys ( fingerprint, key ) VALUES ( ?1, ?2 )"); stmt1->bind(1,fpr); stmt1->bind(2,pkcs8.data(),pkcs8.size()); stmt1->spin(); auto stmt2 = m_database->new_statement( "UPDATE " + m_prefix + "certificates SET priv_fingerprint = ?1 WHERE fingerprint == ?2"); stmt2->bind(1,fpr); stmt2->bind(2,cert.fingerprint("SHA-256")); stmt2->spin(); return true; }
bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert) { if(find_cert(cert.subject_dn(),cert.subject_key_id())) return false; DER_Encoder enc; auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " + m_prefix + "certificates (\ fingerprint, \ subject_dn, \ key_id, \ priv_fingerprint, \ certificate \ ) VALUES ( ?1, ?2, ?3, ?4, ?5 )"); stmt->bind(1,cert.fingerprint("SHA-256")); cert.subject_dn().encode_into(enc); stmt->bind(2,enc.get_contents_unlocked()); stmt->bind(3,cert.subject_key_id()); stmt->bind(4,std::vector<uint8_t>()); enc = DER_Encoder(); cert.encode_into(enc); stmt->bind(5,enc.get_contents_unlocked()); stmt->spin(); return true; }
bool Certificate_Store_In_SQL::remove_cert(const X509_Certificate& cert) { if(!find_cert(cert.subject_dn(),cert.subject_key_id())) return false; auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "certificates WHERE fingerprint == ?1"); stmt->bind(1,cert.fingerprint("SHA-256")); stmt->spin(); return true; }
// Private key handling std::shared_ptr<const Private_Key> Certificate_Store_In_SQL::find_key(const X509_Certificate& cert) const { auto stmt = m_database->new_statement("SELECT key FROM " + m_prefix + "keys " "JOIN " + m_prefix + "certificates ON " + m_prefix + "keys.fingerprint == " + m_prefix + "certificates.priv_fingerprint " "WHERE " + m_prefix + "certificates.fingerprint == ?1"); stmt->bind(1,cert.fingerprint("SHA-256")); std::shared_ptr<const Private_Key> key; while(stmt->step()) { auto blob = stmt->get_blob(0); DataSource_Memory src(blob.first,blob.second); key.reset(PKCS8::load_key(src, m_rng, m_password)); } return key; }
// Revocation void Certificate_Store_In_SQL::revoke_cert(const X509_Certificate& cert, CRL_Code code, const X509_Time& time) { insert_cert(cert); auto stmt1 = m_database->new_statement( "INSERT OR REPLACE INTO " + m_prefix + "revoked ( fingerprint, reason, time ) VALUES ( ?1, ?2, ?3 )"); stmt1->bind(1,cert.fingerprint("SHA-256")); stmt1->bind(2,code); if(time.time_is_set()) { DER_Encoder der; time.encode_into(der); stmt1->bind(3,der.get_contents_unlocked()); } else { stmt1->bind(3,-1); } stmt1->spin(); }