Reorganize the storage and handling of certificates
-
Before being inserted in the database, no matter the format in which it was given, a certificate should be parsed into
tls.Certificate
so that it can be validated. SSH public/private keys should be parsed intossh.PublicKey
/ssh.Signer
. -
Since they are now parsed before insertion, certificates should now be stored in ASN.1 format (instead of whatever format the user gave). Not only would it be more consistent, but this would also remove the need to decode them after retrieving them from the database. If possible, the certification chain should be stored alongside the certificate.
-
A new 'signature' column should be added to the 'certificates' table. When inserting a certificate in the database, a signature of the certificate should be computed and then stored in that new column. This will allow the gateway to retrieve a certificate from the database by using its signature.