Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing MySQL issue while trying to save unsupported 0000-00-00 timestamp to RevokedAt field #1391

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fixing MySQL issue while trying to save unsupported 0000-00-00 timestamp to RevokedAt field #1391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b5b7bac
Adding support for mysql null values
struxoje Sep 13, 2024
029e1a7
Update 001_CreateCertificates.sql
struxoje Sep 13, 2024
18b8ba6
Update 002_AddMetadataToCertificates.sql
struxoje Sep 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions api/certadd/insert.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ type AddRequest struct {
Status string `json:"status"`
Reason int `json:"reason"`
Expiry time.Time `json:"expiry"`
RevokedAt time.Time `json:"revoked_at"`
RevokedAt *time.Time `json:"revoked_at"`
PEM string `json:"pem"`
IssuedAt *time.Time `json:"issued_at"`
NotBefore *time.Time `json:"not_before"`
Expand Down Expand Up @@ -106,7 +106,7 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
}

if ocsp.StatusCode[req.Status] == stdocsp.Revoked {
if req.RevokedAt == (time.Time{}) {
if *req.RevokedAt == (time.Time{}) {
return errors.NewBadRequestString("Revoked certificate should specify when it was revoked")
}

Expand Down Expand Up @@ -180,7 +180,7 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
Certificate: cert,
Status: req.Status,
Reason: req.Reason,
RevokedAt: req.RevokedAt,
RevokedAt: *req.RevokedAt,
}
ocspResponse, err := h.signer.Sign(sr)
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion api/crl/crl_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,14 @@ const (
func prepDB() (certdb.Accessor, error) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
expirationTime := time.Now().AddDate(1, 0, 0)
timeNow := time.Now()
var cert = certdb.CertificateRecord{
Serial: "1",
AKI: fakeAKI,
Expiry: expirationTime,
PEM: "revoked cert",
Status: "revoked",
RevokedAt: time.Now(),
RevokedAt: &timeNow,
Reason: 4,
}

Expand Down
16 changes: 8 additions & 8 deletions certdb/certdb.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,14 @@ import (
// CertificateRecord encodes a certificate and its metadata
// that will be recorded in a database.
type CertificateRecord struct {
Serial string `db:"serial_number"`
AKI string `db:"authority_key_identifier"`
CALabel string `db:"ca_label"`
Status string `db:"status"`
Reason int `db:"reason"`
Expiry time.Time `db:"expiry"`
RevokedAt time.Time `db:"revoked_at"`
PEM string `db:"pem"`
Serial string `db:"serial_number"`
AKI string `db:"authority_key_identifier"`
CALabel string `db:"ca_label"`
Status string `db:"status"`
Reason int `db:"reason"`
Expiry time.Time `db:"expiry"`
RevokedAt *time.Time `db:"revoked_at"`
PEM string `db:"pem"`
// the following fields will be empty for data inserted before migrate 002 has been run.
IssuedAt *time.Time `db:"issued_at"`
NotBefore *time.Time `db:"not_before"`
Expand Down
6 changes: 3 additions & 3 deletions certdb/mysql/migrations/001_CreateCertificates.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ CREATE TABLE certificates (
ca_label varbinary(128),
status varbinary(128) NOT NULL,
reason int,
expiry timestamp DEFAULT '0000-00-00 00:00:00',
revoked_at timestamp DEFAULT '0000-00-00 00:00:00',
expiry timestamp DEFAULT NULL,
revoked_at timestamp DEFAULT NULL,
pem varbinary(4096) NOT NULL,
PRIMARY KEY(serial_number, authority_key_identifier)
);
Expand All @@ -17,7 +17,7 @@ CREATE TABLE ocsp_responses (
serial_number varbinary(128) NOT NULL,
authority_key_identifier varbinary(128) NOT NULL,
body varbinary(4096) NOT NULL,
expiry timestamp DEFAULT '0000-00-00 00:00:00',
expiry timestamp DEFAULT NULL,
PRIMARY KEY(serial_number, authority_key_identifier)
);

Expand Down
6 changes: 3 additions & 3 deletions certdb/mysql/migrations/002_AddMetadataToCertificates.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
-- +goose Up
-- SQL in section 'Up' is executed when this migration is applied
ALTER TABLE certificates
ADD COLUMN issued_at timestamp DEFAULT '0000-00-00 00:00:00',
ADD COLUMN not_before timestamp DEFAULT '0000-00-00 00:00:00',
ADD COLUMN issued_at timestamp DEFAULT NULL,
ADD COLUMN not_before timestamp DEFAULT NULL,
ADD COLUMN metadata JSON,
ADD COLUMN sans JSON,
ADD COLUMN common_name TEXT;
Expand All @@ -12,4 +12,4 @@ ALTER TABLE certificates DROP COLUMN issued_at,
DROP COLUMN not_before,
DROP COLUMN metadata,
DROP COLUMN sans,
DROP COLUMN common_name;
DROP COLUMN common_name;
9 changes: 7 additions & 2 deletions certdb/sql/database_accessor.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error {
return err
}

var issuedAt, notBefore *time.Time
var issuedAt, notBefore, revokedAt *time.Time
if cr.IssuedAt != nil {
t := cr.IssuedAt.UTC()
issuedAt = &t
Expand All @@ -116,14 +116,19 @@ func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error {
t := cr.NotBefore.UTC()
notBefore = &t
}
if cr.RevokedAt != nil {
t := cr.RevokedAt.UTC()
revokedAt = &t
}

res, err := d.db.NamedExec(insertSQL, &certdb.CertificateRecord{
Serial: cr.Serial,
AKI: cr.AKI,
CALabel: cr.CALabel,
Status: cr.Status,
Reason: cr.Reason,
Expiry: cr.Expiry.UTC(),
RevokedAt: cr.RevokedAt.UTC(),
RevokedAt: revokedAt,
PEM: cr.PEM,
IssuedAt: issuedAt,
NotBefore: notBefore,
Expand Down
4 changes: 3 additions & 1 deletion cli/crl/crl_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,15 @@ const (
func prepDB() (err error) {
db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db")
expirationTime := time.Now().AddDate(1, 0, 0)

timeNow := time.Now()
var cert = certdb.CertificateRecord{
Serial: "1",
AKI: fakeAKI,
Expiry: expirationTime,
PEM: "revoked cert",
Status: "revoked",
RevokedAt: time.Now(),
RevokedAt: &timeNow,
Reason: 4,
}

Expand Down
2 changes: 1 addition & 1 deletion cli/ocsprefresh/ocsprefresh.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ func ocsprefreshMain(args []string, c cli.Config) error {

if certRecord.Status == "revoked" {
req.Reason = int(certRecord.Reason)
req.RevokedAt = certRecord.RevokedAt
req.RevokedAt = *certRecord.RevokedAt
}

resp, err := s.Sign(req)
Expand Down
2 changes: 1 addition & 1 deletion crl/crl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ func NewCRLFromDB(certs []certdb.CertificateRecord, issuerCert *x509.Certificate
serialInt.SetString(certRecord.Serial, 10)
tempCert := pkix.RevokedCertificate{
SerialNumber: serialInt,
RevocationTime: certRecord.RevokedAt,
RevocationTime: *certRecord.RevokedAt,
}
revokedCerts = append(revokedCerts, tempCert)
}
Expand Down