fix(certificates): add a new encrypted: bool field to private key s…

…chema
secutils-dev · Oct 18, 2023 · c379980 · c379980
1 parent 32c5847
commit c379980
Show file tree

Hide file tree

Showing 19 changed files with 182 additions and 104 deletions.
diff --git a/...ccee65cbf999161b4e1e0b1d7b9ee074d8f5.json → ...1d415e5eb9e1c9ecd3c6d2e9c740c4436896.json b/...ccee65cbf999161b4e1e0b1d7b9ee074d8f5.json → ...1d415e5eb9e1c9ecd3c6d2e9c740c4436896.json
diff --git a/.sqlx/query-0f7aac057d1a6ea625a3a4b2618b6435c7928c64795f824f0e09372fd1dcf656.json b/.sqlx/query-0f7aac057d1a6ea625a3a4b2618b6435c7928c64795f824f0e09372fd1dcf656.json
diff --git a/...d25c7110d2a424905082a105c4f48f4da998.json → ...4ec2ca01252c862839e1270da51511a3fdb6.json b/...d25c7110d2a424905082a105c4f48f4da998.json → ...4ec2ca01252c862839e1270da51511a3fdb6.json
diff --git a/...a9f7fb41c1da6d7665d3daaa83648d68f1c8.json → ...0a3bdd9209b4a7212739f3fff99af0fc57ae.json b/...a9f7fb41c1da6d7665d3daaa83648d68f1c8.json → ...0a3bdd9209b4a7212739f3fff99af0fc57ae.json
diff --git a/.sqlx/query-e71ad284df67d3402fad13846bccc96d1e25e23b44b5c32b8e324db34de43ba9.json b/.sqlx/query-e71ad284df67d3402fad13846bccc96d1e25e23b44b5c32b8e324db34de43ba9.json
diff --git a/...31015195044_certificates_private_keys.sql → ...31019195044_certificates_private_keys.sql b/...31015195044_certificates_private_keys.sql → ...31019195044_certificates_private_keys.sql
@@ -4,12 +4,21 @@ UPDATE utils SET id = 11 WHERE id = 5;
 INSERT INTO utils (id, handle, name, keywords, parent_id) VALUES
     (5, 'certificates__private_keys', 'Private keys', 'private keys openssl encryption pki rsa dsa ec ecdsa curve ed25519 pkcs8 pkcs12 pem', 4);
 
+-- Change "Self-signed certificates" to "Certificate templates".
+UPDATE utils
+SET name = 'Certificate templates',
+    handle = 'certificates__certificate_templates',
+    keywords = 'digital certificates x509 X.509 ssl tls openssl public private key encryption self-signed pki templates'
+WHERE
+    id = 11;
+
 -- Create table to store private keys.
 CREATE TABLE IF NOT EXISTS user_data_certificates_private_keys
 (
     name            TEXT NOT NULL COLLATE NOCASE,
     alg             BLOB NOT NULL,
     pkcs8           BLOB NOT NULL,
+    encrypted       INTEGER NOT NULL,
     created_at      INTEGER NOT NULL,
     user_id         INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
     PRIMARY KEY     (name, user_id)

diff --git a/src/users/api_ext.rs b/src/users/api_ext.rs
@@ -6,7 +6,7 @@ use crate::{
         UserData, UserDataKey, UserDataNamespace, UserId, UserSettingsSetter, UserShare,
         UserShareId,
     },
-    utils::SelfSignedCertificate,
+    utils::CertificateTemplate,
 };
 use anyhow::{bail, Context};
 use serde::de::DeserializeOwned;
@@ -101,8 +101,8 @@ impl<'a, DR: DnsResolver, ET: EmailTransport> UsersApi<'a, DR, ET> {
         let user_data_key = user_data_key.into();
         match user_data_key.namespace {
             UserDataNamespace::Public(namespace) => match namespace {
-                PublicUserDataNamespace::SelfSignedCertificates => {
-                    self.set_self_signed_certificates_data(user_data).await
+                PublicUserDataNamespace::CertificateTemplates => {
+                    self.set_certificate_templates_data(user_data).await
                 }
                 PublicUserDataNamespace::UserSettings => {
                     self.set_user_settings_data(user_data).await
@@ -175,16 +175,16 @@ impl<'a, DR: DnsResolver, ET: EmailTransport> UsersApi<'a, DR, ET> {
         .await
     }
 
-    async fn set_self_signed_certificates_data(
+    async fn set_certificate_templates_data(
         &self,
         serialized_user_data: UserData<Vec<u8>>,
     ) -> anyhow::Result<()> {
         DictionaryDataUserDataSetter::upsert(
             &self.api.db,
-            PublicUserDataNamespace::SelfSignedCertificates,
+            PublicUserDataNamespace::CertificateTemplates,
             UserData::new(
                 serialized_user_data.user_id,
-                serde_json::from_slice::<BTreeMap<String, Option<SelfSignedCertificate>>>(
+                serde_json::from_slice::<BTreeMap<String, Option<CertificateTemplate>>>(
                     &serialized_user_data.value,
                 )
                 .with_context(|| {

diff --git a/src/users/public_user_data_namespace.rs b/src/users/public_user_data_namespace.rs
@@ -6,7 +6,8 @@ use serde::{Deserialize, Serialize};
 pub enum PublicUserDataNamespace {
     AutoResponders,
     ContentSecurityPolicies,
-    SelfSignedCertificates,
+    #[serde(rename = "selfSignedCertificates")]
+    CertificateTemplates,
     UserSettings,
     WebPageResourcesTrackers,
 }
@@ -16,7 +17,7 @@ impl AsRef<str> for PublicUserDataNamespace {
         match self {
             PublicUserDataNamespace::AutoResponders => "autoResponders",
             PublicUserDataNamespace::ContentSecurityPolicies => "contentSecurityPolicies",
-            PublicUserDataNamespace::SelfSignedCertificates => "selfSignedCertificates",
+            PublicUserDataNamespace::CertificateTemplates => "selfSignedCertificates",
             PublicUserDataNamespace::UserSettings => "userSettings",
             PublicUserDataNamespace::WebPageResourcesTrackers => "webPageResourcesTrackers",
         }
@@ -47,7 +48,7 @@ mod tests {
         );
 
         assert_eq!(
-            PublicUserDataNamespace::SelfSignedCertificates.as_ref(),
+            PublicUserDataNamespace::CertificateTemplates.as_ref(),
             "selfSignedCertificates"
         );
 
@@ -69,7 +70,7 @@ mod tests {
         insta::with_settings!({ sort_maps => true }, {
             assert_json_snapshot!(PublicUserDataNamespace::AutoResponders, @r###""autoResponders""###);
             assert_json_snapshot!(PublicUserDataNamespace::ContentSecurityPolicies, @r###""contentSecurityPolicies""###);
-            assert_json_snapshot!(PublicUserDataNamespace::SelfSignedCertificates, @r###""selfSignedCertificates""###);
+            assert_json_snapshot!(PublicUserDataNamespace::CertificateTemplates, @r###""selfSignedCertificates""###);
             assert_json_snapshot!(PublicUserDataNamespace::UserSettings, @r###""userSettings""###);
             assert_json_snapshot!(PublicUserDataNamespace::WebPageResourcesTrackers, @r###""webPageResourcesTrackers""###);
         });
@@ -91,7 +92,7 @@ mod tests {
 
         assert_eq!(
             serde_json::from_str::<PublicUserDataNamespace>(r#""selfSignedCertificates""#)?,
-            PublicUserDataNamespace::SelfSignedCertificates
+            PublicUserDataNamespace::CertificateTemplates
         );
 
         assert_eq!(

diff --git a/src/utils.rs b/src/utils.rs
@@ -12,8 +12,8 @@ mod webhooks;
 
 pub use self::{
     certificates::{
-        CertificatesApi, ExportFormat, ExtendedKeyUsage, KeyUsage, PrivateKey, PrivateKeyAlgorithm,
-        PrivateKeyEllipticCurve, PrivateKeySize, SelfSignedCertificate, SignatureAlgorithm,
+        CertificateTemplate, CertificatesApi, ExportFormat, ExtendedKeyUsage, KeyUsage, PrivateKey,
+        PrivateKeyAlgorithm, PrivateKeyEllipticCurve, PrivateKeySize, SignatureAlgorithm,
         UtilsCertificatesAction, UtilsCertificatesActionResult, Version,
     },
     util::Util,
@@ -42,15 +42,15 @@ pub use self::{
 #[cfg(test)]
 pub mod tests {
     use crate::utils::{
-        ExtendedKeyUsage, KeyUsage, PrivateKeyAlgorithm, SelfSignedCertificate, SignatureAlgorithm,
+        CertificateTemplate, ExtendedKeyUsage, KeyUsage, PrivateKeyAlgorithm, SignatureAlgorithm,
         Version,
     };
     use time::OffsetDateTime;
 
     pub use super::web_scraping::tests::MockWebPageResourcesTrackerBuilder;
 
-    pub struct MockSelfSignedCertificate(SelfSignedCertificate);
-    impl MockSelfSignedCertificate {
+    pub struct MockCertificateTemplate(CertificateTemplate);
+    impl MockCertificateTemplate {
         pub fn new<N: Into<String>>(
             name: N,
             public_key_algorithm: PrivateKeyAlgorithm,
@@ -59,7 +59,7 @@ pub mod tests {
             not_valid_after: OffsetDateTime,
             version: Version,
         ) -> Self {
-            Self(SelfSignedCertificate {
+            Self(CertificateTemplate {
                 name: name.into(),
                 common_name: None,
                 country: None,
@@ -131,7 +131,7 @@ pub mod tests {
             self
         }
 
-        pub fn build(self) -> SelfSignedCertificate {
+        pub fn build(self) -> CertificateTemplate {
             self.0
         }
     }

diff --git a/src/utils/api_ext.rs b/src/utils/api_ext.rs
@@ -90,10 +90,10 @@ mod tests {
                         },
                         Util {
                             id: 11,
-                            handle: "certificates__self_signed_certificates",
-                            name: "Self-signed certificates",
+                            handle: "certificates__templates",
+                            name: "Templates",
                             keywords: Some(
-                                "digital certificates x509 X.509 ssl tls openssl public private key encryption self-signed pki",
+                                "digital certificates x509 X.509 ssl tls openssl public private key encryption self-signed pki templates",
                             ),
                             utils: None,
                         },

diff --git a/src/utils/certificates.rs b/src/utils/certificates.rs
@@ -1,7 +1,7 @@
+mod certificate_templates;
 mod database_ext;
 mod export_format;
 mod private_keys;
-mod self_signed_certificates;
 mod utils_certificates_action;
 mod utils_certificates_action_result;
 mod x509;
@@ -10,9 +10,9 @@ mod api_ext;
 
 pub use self::{
     api_ext::CertificatesApi,
+    certificate_templates::CertificateTemplate,
     export_format::ExportFormat,
     private_keys::{PrivateKey, PrivateKeyAlgorithm, PrivateKeyEllipticCurve, PrivateKeySize},
-    self_signed_certificates::SelfSignedCertificate,
     utils_certificates_action::UtilsCertificatesAction,
     utils_certificates_action_result::UtilsCertificatesActionResult,
     x509::{ExtendedKeyUsage, KeyUsage, SignatureAlgorithm, Version},