Updated

Author: djthorpe

pkg/cert/certmanager.go

@@ -49,11 +49,21 @@ func NewCertManager(ctx context.Context, conn pg.PoolConn, opt ...Opt) (*CertMan
 
 	// Register the root certificate
 	if err := self.conn.Tx(ctx, func(conn pg.Conn) error {
+		// Register the name
 		if name, err := self.RegisterName(ctx, self.root.SubjectMeta()); err != nil {
 			return err
 		} else {
 			self.root.Subject = types.Uint64Ptr(name.Id)
 		}
+
+		// TODO: Get a cert for the root, if no cert exists then register a new one
+		if cert, err := self.RegisterCert(ctx, self.root); err != nil {
+			return err
+		} else {
+			self.root = cert
+		}
+
+		// Return success
 		return nil
 	}); err != nil {
 		return nil, err
@@ -83,6 +93,11 @@ func (certmanager *CertManager) RegisterName(ctx context.Context, meta schema.Na
 	}
 }
 
+func (certmanager *CertManager) RegisterCert(ctx context.Context, meta *Cert) (*Cert, error) {
+	// Return error
+	return nil, httpresponse.ErrNotImplemented
+}
+
 func (certmanager *CertManager) GetName(ctx context.Context, id uint64) (*schema.Name, error) {
 	var name schema.Name
 	if err := certmanager.conn.Get(ctx, &name, schema.NameId(id)); err != nil {
@@ -93,6 +108,14 @@ func (certmanager *CertManager) GetName(ctx context.Context, id uint64) (*schema
 }
 
 func (certmanager *CertManager) UpdateName(ctx context.Context, id uint64, meta schema.NameMeta) (*schema.Name, error) {
+	// Don't allow to update the commonName of the root certificate
+	if id == types.PtrUint64(certmanager.root.Subject) {
+		if meta.CommonName != "" {
+			return nil, httpresponse.ErrConflict.With("cannot update commonName of root certificate")
+		}
+	}
+
+	// Allow the update
 	var name schema.Name
 	if err := certmanager.conn.Update(ctx, &name, schema.NameId(id), meta); err != nil {
 		return nil, err

pkg/cert/certmanager_test.go

@@ -66,13 +66,11 @@ func Test_CertManager_001(t *testing.T) {
 	// Update name
 	t.Run("UpdateName", func(t *testing.T) {
 		name, err := certmanager.UpdateName(context.TODO(), types.PtrUint64(certmanager.Root().Subject), schema.NameMeta{
-			CommonName: "root_2",
-			Org:        types.StringPtr("mutablelogic"),
+			Org: types.StringPtr("mutablelogic"),
 		})
 		if !assert.NoError(err) {
 			t.FailNow()
 		}
-		assert.Equal("root_2", name.CommonName)
 		assert.Equal("mutablelogic", types.PtrString(name.Org))
 	})
 

pkg/cert/schema/cert.go

@@ -1,9 +1,12 @@
 package schema
 
 import (
+	"context"
 	"encoding/json"
 	"net"
 	"time"
+
+	pg "github.com/djthorpe/go-pg"
 )
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -34,3 +37,51 @@ func (c CertMeta) String() string {
 	}
 	return string(data)
 }
+
+////////////////////////////////////////////////////////////////////////////////
+// SQL
+
+// Create objects in the schema
+func bootstrapCert(ctx context.Context, conn pg.Conn) error {
+	q := []string{
+		certCreateTable,
+	}
+	for _, query := range q {
+		if err := conn.Exec(ctx, query); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+const (
+	certCreateTable = `
+		CREATE TABLE IF NOT EXISTS ${"schema"}.cert (
+			-- cert name
+			"name" TEXT PRIMARY KEY,
+			-- subject
+			"subject" SERIAL REFERENCES ${"schema"}."name"("id") ON DELETE CASCADE,
+			-- signer
+			"signer" TEXT REFERENCES ${"schema"}.cert("name") ON DELETE RESTRICT,
+			-- certificate
+			"cert" BYTEA NOT NULL,
+			-- private key
+			"key" BYTEA NOT NULL,
+			-- expiry
+			"not_before" TIMESTAMP NOT NULL,
+			"not_after" TIMESTAMP NOT NULL,
+			-- ca
+			"is_ca" BOOLEAN NOT NULL,
+			-- timestamp
+			"ts" TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
+		)
+	`
+	certInsert = `
+		INSERT INTO ${"schema"}.cert (
+			name, subject, signer, cert, key, not_before, not_after, is_ca
+		) VALUES (
+		 	@name, @subject, @signer, @cert, @key, @not_before, @not_after, @is_ca
+		) RETURNING
+			name, subject, signer, cert, key, ts
+	`
+)

pkg/cert/schema/schema.go

@@ -34,6 +34,9 @@ func Bootstrap(ctx context.Context, conn pg.Conn) error {
 	if err := bootstrapName(ctx, conn); err != nil {
 		return err
 	}
+	if err := bootstrapCert(ctx, conn); err != nil {
+		return err
+	}
 
 	// Commit the transaction
 	return nil