insert pk
parent
0cc7180688
commit
519ed1790b
81
main.go
81
main.go
|
@ -2,20 +2,28 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"crypto/dsa"
|
||||||
|
"crypto/ecdsa"
|
||||||
|
"crypto/rsa"
|
||||||
|
"crypto/sha256"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"database/sql/driver"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
_ "github.com/lib/pq"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
|
"math/big"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gomodule/redigo/redis"
|
"github.com/gomodule/redigo/redis"
|
||||||
_ "github.com/lib/pq"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type BigNumber big.Int
|
||||||
|
|
||||||
type certMapElm struct {
|
type certMapElm struct {
|
||||||
CertHash string
|
CertHash string
|
||||||
chain chain
|
chain chain
|
||||||
|
@ -42,6 +50,7 @@ type chain struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
var db *sql.DB
|
var db *sql.DB
|
||||||
|
//var db *sqlx.DB
|
||||||
var cr redis.Conn
|
var cr redis.Conn
|
||||||
|
|
||||||
var connectRedis = false
|
var connectRedis = false
|
||||||
|
@ -92,17 +101,53 @@ func main() {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(fmt.Sprintf("Insert Certificate into DB failed: %q", err))
|
log.Fatal(fmt.Sprintf("Insert Certificate into DB failed: %q", err))
|
||||||
}
|
}
|
||||||
// Launch go routine to create the relationship between certificates and sessions
|
// Create the relationship between certificates and sessions
|
||||||
err = linkSessionCert(ids, idc)
|
err = linkSessionCerts(ids, idc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(fmt.Sprintf("Could not link Certs and Session into DB failed: %q", err))
|
log.Fatal(fmt.Sprintf("Could not link Certs and Session into DB: %q", err))
|
||||||
}
|
}
|
||||||
// Launch go routine to create public keys
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// linkSessionCert creates the link between a session and its certificates
|
// insertPublicKeys insert each public key of each certificate of a session
|
||||||
func linkSessionCert(ids int64, idc []string) error {
|
func insertPublicKey(c x509.Certificate) (string, error) {
|
||||||
|
pub, err := x509.ParsePKIXPublicKey(c.RawSubjectPublicKeyInfo)
|
||||||
|
hash := fmt.Sprintf("%x", sha256.Sum256(c.RawSubjectPublicKeyInfo))
|
||||||
|
if err != nil {
|
||||||
|
return hash, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
switch pub := pub.(type) {
|
||||||
|
case *rsa.PublicKey:
|
||||||
|
q := `INSERT INTO "public_key" (hash, type, modulus, exponent, modulus_size) VALUES ($1, $2, $3, $4, $5)`
|
||||||
|
_, err := db.Query(q, hash, "RSA", (*BigNumber)(pub.N), pub.E, pub.Size())
|
||||||
|
if err != nil {
|
||||||
|
return hash, nil
|
||||||
|
}
|
||||||
|
case *dsa.PublicKey:
|
||||||
|
q := `INSERT INTO "public_key" (hash, type, "G", "P", "Q", "Y") VALUES ($1, $2, $3, $4, $5, $6)`
|
||||||
|
_, err := db.Query(q, hash, "DSA", (*BigNumber)(pub.Parameters.G), (*BigNumber)(pub.Parameters.P), (*BigNumber)(pub.Parameters.Q), (*BigNumber)(pub.Y))
|
||||||
|
if err != nil {
|
||||||
|
return hash, nil
|
||||||
|
}
|
||||||
|
case *ecdsa.PublicKey:
|
||||||
|
q := `INSERT INTO "public_key" (hash, type, "Y", "X", "P", "N", "B", "bitsize", "Gx", "Gy") VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)`
|
||||||
|
_, err := db.Query(q, hash, "ECDSA", pub.Y, pub.X, pub.Curve.Params().P, pub.Curve.Params().N, pub.Curve.Params().B, pub.Curve.Params().BitSize, pub.Curve.Params().Gx, pub.Curve.Params().Gy)
|
||||||
|
if err != nil {
|
||||||
|
return hash, nil
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
return hash, fmt.Errorf("PKIx: could not determine the type of key %g", pub)
|
||||||
|
}
|
||||||
|
return hash, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (bn *BigNumber) Value() (driver.Value, error) {
|
||||||
|
return driver.Value((*big.Int)(bn).Text(10)), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// linkSessionCerts creates the link between a session and its certificates
|
||||||
|
func linkSessionCerts(ids int64, idc []string) error {
|
||||||
for _, i := range idc {
|
for _, i := range idc {
|
||||||
q := `INSERT INTO "many_sessionRecord_has_many_certificate" ("id_sessionRecord", "hash_certificate") VALUES ($1, $2)`
|
q := `INSERT INTO "many_sessionRecord_has_many_certificate" ("id_sessionRecord", "hash_certificate") VALUES ($1, $2)`
|
||||||
_, err := db.Query(q, ids, i)
|
_, err := db.Query(q, ids, i)
|
||||||
|
@ -117,7 +162,7 @@ func linkSessionCert(ids int64, idc []string) error {
|
||||||
// contains a slice of certificate). If the chain of trust is build successfully
|
// contains a slice of certificate). If the chain of trust is build successfully
|
||||||
// it marked as valid, If not root is found or if the chain is broken, it
|
// it marked as valid, If not root is found or if the chain is broken, it
|
||||||
// does not touch the original slice and mark the chain as invalid.
|
// does not touch the original slice and mark the chain as invalid.
|
||||||
func buildChain(s *sessionRecord) (*sessionRecord) {
|
func buildChain(s *sessionRecord) *sessionRecord {
|
||||||
certChain := make([]certMapElm, 0)
|
certChain := make([]certMapElm, 0)
|
||||||
|
|
||||||
// First we find the leaf
|
// First we find the leaf
|
||||||
|
@ -157,25 +202,35 @@ func insertCertificate(c certMapElm) (string, error) {
|
||||||
var hash string
|
var hash string
|
||||||
err := db.QueryRow(q, c.CertHash, c.Certificate.IsCA, c.Certificate.Issuer.String(), c.Certificate.Subject.String(), c.chain.s, c.chain.isValid, getFullPath(c.CertHash)).Scan(&hash)
|
err := db.QueryRow(q, c.CertHash, c.Certificate.IsCA, c.Certificate.Issuer.String(), c.Certificate.Subject.String(), c.chain.s, c.chain.isValid, getFullPath(c.CertHash)).Scan(&hash)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return hash, err
|
||||||
|
}
|
||||||
|
key, err := insertPublicKey(*c.Certificate)
|
||||||
|
if err != nil {
|
||||||
|
return hash, err
|
||||||
|
}
|
||||||
|
|
||||||
|
q = `INSERT INTO "many_certificate_has_many_public_key" ("hash_certificate", "hash_public_key") VALUES ($1, $2)`
|
||||||
|
_, err = db.Query(q, hash, key)
|
||||||
|
if err != nil {
|
||||||
|
return hash, err
|
||||||
}
|
}
|
||||||
return hash, nil
|
return hash, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// getFullPath takes a certificate's hash and return the full path to
|
// getFullPath takes a certificate's hash and return the full path to
|
||||||
// its location on disk
|
// its location on disk
|
||||||
func getFullPath(h string) (string) {
|
func getFullPath(h string) string {
|
||||||
return "TODO PATH"
|
return "TODO PATH"
|
||||||
}
|
}
|
||||||
|
|
||||||
func insertCertificates(s *sessionRecord) ([]string, error) {
|
func insertCertificates(s *sessionRecord) ([]string, error) {
|
||||||
var inserted []string
|
var inserted []string
|
||||||
for _, certificate := range s.Certificates {
|
for _, certificate := range s.Certificates {
|
||||||
idc, err := insertCertificate(certificate)
|
tmp, err := insertCertificate(certificate)
|
||||||
|
inserted = append(inserted, tmp)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return inserted, err
|
return inserted, err
|
||||||
}
|
}
|
||||||
inserted = append(inserted, idc)
|
|
||||||
}
|
}
|
||||||
return inserted, nil
|
return inserted, nil
|
||||||
}
|
}
|
||||||
|
@ -203,7 +258,7 @@ func initDB() {
|
||||||
err := errors.New("")
|
err := errors.New("")
|
||||||
db, err = sql.Open("postgres", connStr)
|
db, err = sql.Open("postgres", connStr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
log.Fatalln(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -32,8 +32,19 @@ CREATE TABLE public.public_key(
|
||||||
hash bytea NOT NULL,
|
hash bytea NOT NULL,
|
||||||
type text NOT NULL,
|
type text NOT NULL,
|
||||||
modulus text,
|
modulus text,
|
||||||
exponent smallint,
|
exponent int4,
|
||||||
modules_size smallint,
|
modulus_size int4,
|
||||||
|
"P" numeric,
|
||||||
|
"Q" numeric,
|
||||||
|
"G" numeric,
|
||||||
|
"Y" numeric,
|
||||||
|
"X" numeric,
|
||||||
|
"N" numeric,
|
||||||
|
"B" numeric,
|
||||||
|
bitsize int4,
|
||||||
|
curve_name varchar(256),
|
||||||
|
"Gx" numeric,
|
||||||
|
"Gy" numeric,
|
||||||
CONSTRAINT public_key_pk PRIMARY KEY (hash)
|
CONSTRAINT public_key_pk PRIMARY KEY (hash)
|
||||||
|
|
||||||
);
|
);
|
||||||
|
@ -51,6 +62,8 @@ CREATE TABLE public.certificate(
|
||||||
hash bytea NOT NULL,
|
hash bytea NOT NULL,
|
||||||
"is_CA" bool NOT NULL DEFAULT false,
|
"is_CA" bool NOT NULL DEFAULT false,
|
||||||
is_valid_chain bool NOT NULL DEFAULT false,
|
is_valid_chain bool NOT NULL DEFAULT false,
|
||||||
|
"notBefore" time,
|
||||||
|
"notAfter" time,
|
||||||
CONSTRAINT certificate_pk PRIMARY KEY (hash)
|
CONSTRAINT certificate_pk PRIMARY KEY (hash)
|
||||||
|
|
||||||
);
|
);
|
||||||
|
|
Loading…
Reference in New Issue