jan/browser_csr_generation
Archived
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: jan:main
Branches Tags
jan:main
..
compare: Ted-CAcert:master
Branches Tags
Ted-CAcert:master
jan:main

No commits in common. "main" and "master" have entirely different histories.
main ... master

20 changed files with 35 additions and 1711 deletions
Show stats Expand all files Collapse all files

54
README.md
View file

@ -1,49 +1,36 @@
# Browser PKCS#10 CSR generation PoC
**Work that started in this repository will continue at
[code.cacert.org](https://code.cacert.org/jandd/poc-browser-csr-generation).**
This repository contains a small proof of concept implementation of browser based PKCS#10 certificate signing request
and PKCS#12 key store generation using [node-forge](https://github.com/digitalbazaar/forge).
This repository contains a small proof of concept implementation of browser
based PKCS#10 certificate signing request and PKCS#12 key store generation
using [node-forge](https://github.com/digitalbazaar/forge).
The backend is implemented in [Go](https://golang.org/) and utilizes openssl
for the signing operations. The instructions below have been tested on Debian
11 (Bullseye). Debian 10 works when you use a manual installation of Go.
The backend is implemented in [Go](https://golang.org/) and utilizes openssl for the signing operations.
## Running
1. Install dependencies
```
sudo apt install git npm openssl golang-go
```
2. Clone the repository
1. Clone the repository
```
git clone https://git.dittberner.info/jan/browser_csr_generation.git
```
3. Get dependencies and build assets
2. Get dependencies and build assets
```
cd browser_csr_generation
npm install --user gulp-cli
npm install --global gulp-cli
npm install
./node_modules/.bin/gulp
gulp
```
3. Setup the example CA and a server certificate and key
2. Setup the example CA and a server certificate and key
```
./setup_example_ca.sh
openssl req -new -x509 -days 365 -subj "/CN=localhost" \
-addext subjectAltName=DNS:localhost -newkey rsa:3072 \
openssl req -new -x509 -days 365 -subj "/CN=localhost" -addext subjectAltName=DNS:localhost -newkey rsa:3072 \
-nodes -out server.crt.pem -keyout server.key.pem
```
4. Run the Go based backend
3. Run the Go based backend
```
go run main.go
@ -51,12 +38,10 @@ for the signing operations. The instructions below have been tested on Debian
Open https://localhost:8000/ in your browser.
5. Run gulp watch
4. Run gulp watch
You can run a
[gulp watch](https://gulpjs.com/docs/en/getting-started/watching-files/)
in a second terminal window to automatically publish changes to the files in
the `src` directory:
You can run a [gulp watch](https://gulpjs.com/docs/en/getting-started/watching-files/)
in a second terminal window to automatically publish changes to the files in the `src` directory:
```
gulp watch
@ -64,8 +49,7 @@ for the signing operations. The instructions below have been tested on Debian
## Translations
This PoC uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
internationalization (i18n) support.
This PoC uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for internationalization (i18n) support.
The translation workflow needs the `go18n` binary which can be installed via
@ -85,16 +69,14 @@ Then use
goi18n merge active.*.toml
```
to create TOML files for translation as `translate.<locale>.toml`. After
translating the messages run
to create TOML files for translation as `translate.<locale>.toml`. After translating the messages run
```
goi18n merge active.*.toml translate.*.toml
```
to merge the messages back into the active translation files. To add a new
language you need to add the language code to `main.go`'s i18n bundle loading
code
to merge the messages back into the active translation files. To add a new language you need to add the language code
to `main.go`'s i18n bundle loading code
```
for _, lang := range []string{"en-US", "de-DE"} {
@ -102,4 +84,4 @@ for _, lang := range []string{"en-US", "de-DE"} {
log.Panic(err)
}
}
```
```

59
ca.cnf
View file

@ -1,7 +1,7 @@
extensions = v3_ext
[ca]
default_ca = sub_ca
default_ca = EXAMPLECA
[rootca]
dir = ./example_ca/root
@ -25,7 +25,7 @@ default_md = sha256
default_days = 1825
default_crl_days = 30
[sub_ca]
[EXAMPLECA]
dir = ./example_ca/sub
certs = $dir/certs
crl_dir = $dir/crl
@ -44,25 +44,6 @@ default_md = sha256
default_days = 365
default_crl_days = 30
[email_ca]
dir = ./example_ca/email
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
serial = $dir/serial
new_certs_dir = $dir/newcerts
crl = $dir/crl.pem
certificate = $dir/ca.crt.pem
private_key = $dir/private/ca.key.pem
RANDFILE = $dir/private/.rand
unique_subject = no
email_in_dn = no
default_md = sha256
default_days = 365
default_crl_days = 30
[policy_any]
countryName = match
stateOrProvinceName = optional
@ -74,14 +55,12 @@ emailAddress = optional
[policy_match]
commonName = supplied
[email_ext]
[client_ext]
basicConstraints = critical,CA:false
keyUsage = keyEncipherment,digitalSignature,nonRepudiation
extendedKeyUsage = clientAuth,emailProtection
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
authorityInfoAccess = 1.3.6.1.5.5.7.48.2;URI:http://example.org/ca/root/ca.crt,OCSP;URI:http://ocsp.example.org/
crlDistributionPoints = URI:http://crl.example.org/email.crl
authorityKeyIdentifier = keyid:always,issuer:always
[req]
default_bits = 3072
@ -107,34 +86,10 @@ commonName_max = 64
[req_attributes]
[root_ca]
basicConstraints = critical,CA:true
keyUsage = critical,keyCertSign,cRLSign
basicConstraints = critical,CA:true,pathlen:1
subjectKeyIdentifier = hash
[ext_sub_ca]
[sub_ca]
basicConstraints = critical,CA:true,pathlen:0
keyUsage = critical,keyCertSign,cRLSign
extendedKeyUsage = serverAuth,clientAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
authorityInfoAccess = 1.3.6.1.5.5.7.48.2;URI:http://example.org/ca/root/ca.crt,OCSP;URI:http://ocsp.example.org/
crlDistributionPoints = URI:http://crl.example.org/sub.crl
certificatePolicies = @policy_sub_ca
[ext_email_ca]
basicConstraints = critical,CA:true,pathlen:0
keyUsage = critical,keyCertSign,cRLSign
extendedKeyUsage = clientAuth,emailProtection
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
authorityInfoAccess = 1.3.6.1.5.5.7.48.2;URI:http://example.org/ca/root/ca.crt,OCSP;URI:http://ocsp.example.org/
crlDistributionPoints = URI:http://crl.example.org/email.crl
certificatePolicies = @policy_email_ca
[policy_sub_ca]
policyIdentifier = 1.3.6.1.5.5.7.2.1
CPS = http://example.org/ca/sub/cps.html
[policy_email_ca]
policyIdentifier = 1.3.6.1.5.5.7.2.1
CPS = http://example.org/ca/email/cps.html
authorityKeyIdentifier = keyid:always,issuer:always

8
cmd/goose/main.go
View file

@ -1,8 +0,0 @@
package main
import (
_ "git.dittberner.info/jan/browser_csr_generation/migrations"
)
func main() {
}

2
go.mod
View file

@ -4,13 +4,11 @@ go 1.13
require (
github.com/BurntSushi/toml v0.3.1
github.com/go-sql-driver/mysql v1.5.0
github.com/gobwas/httphead v0.1.0 // indirect
github.com/gobwas/pool v0.2.1 // indirect
github.com/gobwas/ws v1.0.4
github.com/gorilla/csrf v1.7.0
github.com/nicksnyder/go-i18n/v2 v2.1.1
github.com/pressly/goose v2.6.0+incompatible
github.com/sirupsen/logrus v1.7.0
golang.org/x/text v0.3.4
gopkg.in/yaml.v2 v2.4.0 // indirect

4
go.sum
View file

@ -2,8 +2,6 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
@ -20,8 +18,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pressly/goose v2.6.0+incompatible h1:3f8zIQ8rfgP9tyI0Hmcs2YNAqUCL1c+diLe3iU8Qd/k=
github.com/pressly/goose v2.6.0+incompatible/go.mod h1:m+QHWCqxR3k8D9l7qfzuC/djtlfzxr34mozWDYEu1z8=
github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=

4
handlers/registry.go
View file

@ -122,8 +122,8 @@ func (registry *SigningRequestRegistry) sign(request *SigningRequestAttributes)
time.Sleep(5 * time.Second)
opensslCommand := exec.Command(
"openssl", "ca", "-config", "ca.cnf", "-name", "email_ca",
"-policy", "policy_match", "-extensions", "email_ext",
"openssl", "ca", "-config", "ca.cnf",
"-policy", "policy_match", "-extensions", "client_ext",
"-batch", "-subj", subjectDN, "-utf8", "-rand_serial", "-in", csrFile.Name())
var out, cmdErr bytes.Buffer
opensslCommand.Stdout = &out

10
main.go
View file

@ -11,7 +11,6 @@ import (
"net/http"
"os"
"os/signal"
"path/filepath"
"strings"
"syscall"
"time"
@ -48,6 +47,7 @@ func main() {
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
},
NextProtos: []string{"h2"},
PreferServerCipherSuites: true,
@ -124,12 +124,8 @@ func generateRandomBytes(count int) []byte {
func loadCACertificates() (caCertificates []*x509.Certificate) {
var err error
caFiles, err := filepath.Glob("example_ca/*/ca.crt.pem")
if err != nil {
log.Panic(err)
}
caCertificates = make([]*x509.Certificate, len(caFiles))
for index, certFile := range caFiles {
caCertificates = make([]*x509.Certificate, 2)
for index, certFile := range []string{"example_ca/sub/ca.crt.pem", "example_ca/root/ca.crt.pem"} {
var certBytes []byte
if certBytes, err = ioutil.ReadFile(certFile); err != nil {
log.Panic(err)

615
migrations/00001_initial_schema.sql
View file

@ -1,615 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2020 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- Initial database schema
CREATE TABLE `abusereports` (
`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`when` datetime NOT NULL,
`IP` int(11) DEFAULT NULL,
`url` varchar(255) NOT NULL,
`name` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`comment` varchar(255) NOT NULL,
`reason` varchar(255) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `addlang` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`userid` int(11) NOT NULL,
`lang` varchar(5) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `userid` (`userid`, `lang`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `adminlog` (
`when` datetime NOT NULL,
`uid` int(11) NOT NULL,
`adminid` int(11) NOT NULL,
`actiontypeid` int(11) DEFAULT NULL,
`old-lname` varchar(255),
`old-dob` varchar(255),
`new-lname` varchar(255),
`new-dob` varchar(255)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `advertising` (
`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`replaceid` int(10) UNSIGNED NOT NULL,
`replaced` tinyint(3) UNSIGNED NOT NULL,
`orderid` tinyint(3) UNSIGNED NOT NULL,
`link` varchar(255) NOT NULL,
`title` varchar(255) NOT NULL,
`months` tinyint(3) UNSIGNED NOT NULL,
`who` int(10) UNSIGNED NOT NULL,
`when` datetime NOT NULL,
`active` tinyint(3) UNSIGNED NOT NULL,
`approvedby` int(10) UNSIGNED NOT NULL,
`expires` datetime NOT NULL,
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `alerts` (
`memid` int(11) NOT NULL DEFAULT 0,
`general` tinyint(1) NOT NULL DEFAULT 0,
`country` tinyint(1) NOT NULL DEFAULT 0,
`regional` tinyint(1) NOT NULL DEFAULT 0,
`radius` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`memid`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `baddomains` (
`domain` varchar(255) NOT NULL DEFAULT ''
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `cats_passed` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`variant_id` int(11) NOT NULL,
`pass_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP() ON UPDATE CURRENT_TIMESTAMP(),
PRIMARY KEY (`id`),
UNIQUE KEY `test_passed` (`user_id`, `variant_id`, `pass_date`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `cats_type` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`type_text` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `type_text` (`type_text`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `cats_variant` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`type_id` int(11) NOT NULL,
`test_text` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `test_text` (`test_text`, `type_id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `countries` (
`id` int(3) NOT NULL AUTO_INCREMENT,
`name` varchar(50) NOT NULL DEFAULT '',
`acount` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `disputedomain` (
`id` int(11) NOT NULL DEFAULT 0,
`memid` int(11) NOT NULL DEFAULT 0,
`oldmemid` int(11) NOT NULL DEFAULT 0,
`domain` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`hash` varchar(50) NOT NULL DEFAULT '',
`attempts` int(1) NOT NULL DEFAULT 0,
`action` enum ('accept','reject','failed') NOT NULL DEFAULT 'accept'
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `disputeemail` (
`id` int(11) NOT NULL DEFAULT 0,
`memid` int(11) NOT NULL DEFAULT 0,
`oldmemid` int(11) NOT NULL DEFAULT 0,
`email` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`hash` varchar(50) NOT NULL DEFAULT '',
`attempts` int(1) NOT NULL DEFAULT 0,
`action` enum ('accept','reject','failed') NOT NULL DEFAULT 'accept',
`IP` varchar(20) NOT NULL DEFAULT ''
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `domaincerts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`domid` int(11) NOT NULL DEFAULT 0,
`serial` varchar(50) NOT NULL DEFAULT '',
`CN` varchar(255) NOT NULL DEFAULT '',
`subject` text NOT NULL,
`csr_name` varchar(255) NOT NULL DEFAULT '',
`crt_name` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`revoked` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`expire` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`warning` tinyint(1) NOT NULL DEFAULT 0,
`renewed` tinyint(1) NOT NULL DEFAULT 0,
`rootcert` int(2) NOT NULL DEFAULT 1,
`md` enum ('md5','sha1','sha256','sha512') NOT NULL DEFAULT 'sha512',
`type` tinyint(4) DEFAULT NULL,
`pkhash` char(40) DEFAULT NULL,
`certhash` char(40) DEFAULT NULL,
`coll_found` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
KEY `domaincerts_pkhash` (`pkhash`),
KEY `revoked` (`revoked`),
KEY `created` (`created`),
KEY `domid` (`domid`),
KEY `serial` (`serial`),
KEY `stats_domaincerts_expire` (`expire`),
KEY `domaincrt` (`crt_name`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `domains` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`memid` int(11) NOT NULL DEFAULT 0,
`domain` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`hash` varchar(50) NOT NULL DEFAULT '',
`attempts` int(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `memid` (`memid`),
KEY `domain` (`domain`),
KEY `memid_2` (`memid`),
KEY `stats_domains_hash` (`hash`),
KEY `stats_domains_deleted` (`deleted`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `domlink` (
`certid` int(11) NOT NULL DEFAULT 0,
`domid` int(11) NOT NULL DEFAULT 0,
UNIQUE KEY `index` (`certid`, `domid`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `email` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`memid` int(11) NOT NULL DEFAULT 0,
`email` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`hash` varchar(50) NOT NULL DEFAULT '',
`attempts` int(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `memid` (`memid`),
KEY `stats_email_hash` (`hash`),
KEY `stats_email_deleted` (`deleted`),
KEY `email` (`email`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `emailcerts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`memid` int(11) NOT NULL DEFAULT 0,
`serial` varchar(50) NOT NULL DEFAULT '',
`CN` varchar(255) NOT NULL DEFAULT '',
`subject` text NOT NULL,
`keytype` char(2) NOT NULL DEFAULT 'NS',
`codesign` tinyint(1) NOT NULL DEFAULT 0,
`csr_name` varchar(255) NOT NULL DEFAULT '',
`crt_name` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`revoked` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`expire` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`warning` tinyint(1) NOT NULL DEFAULT 0,
`renewed` tinyint(1) NOT NULL DEFAULT 0,
`rootcert` int(2) NOT NULL DEFAULT 1,
`md` enum ('md5','sha1','sha256','sha512') NOT NULL DEFAULT 'sha512',
`type` tinyint(4) DEFAULT NULL,
`disablelogin` int(1) NOT NULL DEFAULT 0,
`pkhash` char(40) DEFAULT NULL,
`certhash` char(40) DEFAULT NULL,
`coll_found` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
KEY `emailcerts_pkhash` (`pkhash`),
KEY `revoked` (`revoked`),
KEY `created` (`created`),
KEY `memid` (`memid`),
KEY `serial` (`serial`),
KEY `stats_emailcerts_expire` (`expire`),
KEY `emailcrt` (`crt_name`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `emaillink` (
`emailcertsid` int(11) NOT NULL DEFAULT 0,
`emailid` int(11) NOT NULL DEFAULT 0,
KEY `index` (`emailcertsid`, `emailid`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `gpg` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`memid` int(11) NOT NULL DEFAULT 0,
`email` varchar(255) NOT NULL DEFAULT '',
`level` int(1) NOT NULL DEFAULT 0,
`multiple` tinyint(1) NOT NULL DEFAULT 0,
`expires` tinyint(1) NOT NULL DEFAULT 0,
`csr` varchar(255) NOT NULL DEFAULT '',
`crt` varchar(255) NOT NULL DEFAULT '',
`issued` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`expire` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`keyid` char(18) DEFAULT NULL,
`warning` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `stats_gpg_expire` (`expire`),
KEY `stats_gpg_issued` (`issued`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `languages` (
`locale` varchar(5) NOT NULL,
`en_co` varchar(255) NOT NULL,
`en_lang` varchar(255) NOT NULL,
`country` varchar(255) NOT NULL,
`lang` varchar(255) NOT NULL
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `localias` (
`locid` int(11) NOT NULL DEFAULT 0,
`name` varchar(255) NOT NULL DEFAULT '',
KEY `locid` (`locid`),
KEY `name` (`name`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `locations` (
`id` int(7) NOT NULL AUTO_INCREMENT,
`regid` int(4) NOT NULL DEFAULT 0,
`ccid` int(3) NOT NULL DEFAULT 0,
`name` varchar(50) NOT NULL DEFAULT '',
`lat` double(6, 3) NOT NULL DEFAULT 0.000,
`long` double(6, 3) NOT NULL DEFAULT 0.000,
`acount` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `ccid` (`ccid`),
KEY `regid` (`regid`),
KEY `name` (`name`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `news` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`when` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`who` varchar(255) NOT NULL DEFAULT '',
`short` varchar(255) NOT NULL DEFAULT '',
`story` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `notary` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`from` int(11) NOT NULL DEFAULT 0,
`to` int(11) NOT NULL DEFAULT 0,
`awarded` int(3) NOT NULL DEFAULT 0,
`points` int(3) NOT NULL DEFAULT 0,
`method` enum ('Face to Face Meeting','Trusted Third Parties','Thawte Points Transfer','Administrative Increase','CT Magazine - Germany','Temporary Increase','Unknown') NOT NULL DEFAULT 'Face to Face Meeting',
`location` varchar(255) NOT NULL DEFAULT '',
`date` varchar(255) NOT NULL DEFAULT '',
`when` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`expire` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`sponsor` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `from` (`from`),
KEY `to` (`to`),
KEY `from_2` (`from`),
KEY `to_2` (`to`),
KEY `stats_notary_when` (`when`),
KEY `stats_notary_method` (`method`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `org` (
`orgid` int(11) NOT NULL DEFAULT 0,
`memid` int(11) NOT NULL DEFAULT 0,
`OU` varchar(255) NOT NULL DEFAULT '',
`masteracc` int(1) NOT NULL DEFAULT 0,
`comments` text NOT NULL,
UNIQUE KEY `orgid` (`orgid`, `memid`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `orgdomaincerts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`orgid` int(11) NOT NULL DEFAULT 0,
`subject` text NOT NULL,
`serial` varchar(50) NOT NULL DEFAULT '',
`CN` varchar(255) NOT NULL DEFAULT '',
`csr_name` varchar(255) NOT NULL DEFAULT '',
`crt_name` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`revoked` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`expire` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`renewed` tinyint(1) NOT NULL DEFAULT 0,
`rootcert` int(2) NOT NULL DEFAULT 1,
`md` enum ('md5','sha1','sha256','sha512') NOT NULL DEFAULT 'sha512',
`type` tinyint(4) DEFAULT NULL,
`warning` tinyint(1) NOT NULL DEFAULT 0,
`pkhash` char(40) DEFAULT NULL,
`certhash` char(40) DEFAULT NULL,
`coll_found` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
KEY `orgdomaincerts_pkhash` (`pkhash`),
KEY `stats_orgdomaincerts_created` (`created`),
KEY `stats_orgdomaincerts_revoked` (`revoked`),
KEY `stats_orgdomaincerts_expire` (`expire`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `orgdomains` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`orgid` int(11) NOT NULL DEFAULT 0,
`domain` varchar(255) NOT NULL DEFAULT '',
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `orgdomlink` (
`orgcertid` int(11) NOT NULL DEFAULT 0,
`orgdomid` int(11) NOT NULL DEFAULT 0,
UNIQUE KEY `index` (`orgcertid`, `orgdomid`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `orgemailcerts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`orgid` int(11) NOT NULL DEFAULT 0,
`serial` varchar(50) NOT NULL DEFAULT '',
`CN` varchar(255) NOT NULL DEFAULT '',
`subject` text NOT NULL,
`keytype` char(2) NOT NULL DEFAULT 'NS',
`csr_name` varchar(255) NOT NULL DEFAULT '',
`crt_name` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`revoked` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`expire` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`renewed` tinyint(1) NOT NULL DEFAULT 0,
`rootcert` int(2) NOT NULL DEFAULT 1,
`md` enum ('md5','sha1','sha256','sha512') NOT NULL DEFAULT 'sha512',
`type` tinyint(4) DEFAULT NULL,
`codesign` tinyint(1) NOT NULL DEFAULT 0,
`warning` tinyint(1) NOT NULL DEFAULT 0,
`pkhash` char(40) DEFAULT NULL,
`certhash` char(40) DEFAULT NULL,
`coll_found` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
KEY `orgemailcerts_pkhash` (`pkhash`),
KEY `stats_orgemailcerts_created` (`created`),
KEY `stats_orgemailcerts_revoked` (`revoked`),
KEY `stats_orgemailcerts_expire` (`expire`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `orgemaillink` (
`emailcertsid` int(11) NOT NULL DEFAULT 0,
`domid` int(11) NOT NULL DEFAULT 0,
KEY `index` (`emailcertsid`, `domid`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `orginfo` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`contact` varchar(255) NOT NULL DEFAULT '',
`O` varchar(255) NOT NULL DEFAULT '',
`L` varchar(255) NOT NULL DEFAULT '',
`ST` varchar(255) NOT NULL DEFAULT '',
`C` char(2) NOT NULL DEFAULT '',
`comments` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `otphashes` (
`when` datetime NOT NULL,
`username` varchar(255) NOT NULL,
`otp` varchar(255) NOT NULL
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `pinglog` (
`when` datetime NOT NULL,
`uid` int(11) NOT NULL,
`email` varchar(255) NOT NULL,
`result` varchar(255) NOT NULL
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `regions` (
`id` int(5) NOT NULL AUTO_INCREMENT,
`ccid` int(3) NOT NULL DEFAULT 0,
`name` varchar(50) NOT NULL DEFAULT '',
`acount` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `ccid` (`ccid`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
-- stores names of root certificates (CN from SubjectDN?)
CREATE TABLE `root_certs` (
`id` int(2) NOT NULL,
`cert_text` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `cert_text` (`cert_text`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
-- TODO: replace with goose_db_version table
CREATE TABLE `schema_version` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`version` int(11) NOT NULL,
`when` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `version` (`version`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `stampcache` (
`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`certid` int(10) UNSIGNED DEFAULT NULL,
`cacheexpire` bigint(20) UNSIGNED DEFAULT NULL,
`issued` datetime NOT NULL,
`expire` datetime NOT NULL,
`subject` varchar(255) NOT NULL,
`hostname` varchar(255) NOT NULL,
`org` tinyint(1) NOT NULL,
`points` tinyint(3) UNSIGNED NOT NULL,
`O` varchar(255) NOT NULL,
`L` varchar(255) NOT NULL,
`ST` varchar(255) NOT NULL,
`C` varchar(255) NOT NULL,
`valid` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `hostname` (`hostname`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `statscache` (
`timestamp` bigint(20) NOT NULL,
`cache` text NOT NULL,
PRIMARY KEY (`timestamp`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
-- not mentioned in version5.sh
CREATE TABLE `temp` (
`id` int(11) DEFAULT NULL,
`data` int(11) DEFAULT NULL
) ENGINE = InnoDB
DEFAULT CHARSET = latin1;
CREATE TABLE `tickets` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP() ON UPDATE CURRENT_TIMESTAMP(),
PRIMARY KEY (`id`),
KEY `timestamp` (`timestamp`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1 COMMENT ='Is used to generate ticket numbers for tracing back problems';
CREATE TABLE `tverify` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`memid` int(11) NOT NULL DEFAULT 0,
`photoid` varchar(255) NOT NULL DEFAULT '',
`URL` text NOT NULL,
`CN` text NOT NULL,
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `tverify-vote` (
`tverify` int(11) NOT NULL DEFAULT 0,
`memid` int(11) NOT NULL DEFAULT 0,
`when` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`vote` tinyint(1) NOT NULL DEFAULT 0,
`comment` varchar(255) NOT NULL DEFAULT ''
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `userlocations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`memid` int(11) NOT NULL DEFAULT 0,
`ccid` int(11) NOT NULL DEFAULT 0,
`regid` int(11) NOT NULL DEFAULT 0,
`locid` int(11) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(255) NOT NULL DEFAULT '',
`password` varchar(255) NOT NULL DEFAULT '',
`fname` varchar(255) NOT NULL DEFAULT '',
`mname` varchar(255) NOT NULL DEFAULT '',
`lname` varchar(255) NOT NULL DEFAULT '',
`suffix` varchar(50) NOT NULL DEFAULT '',
`dob` date NOT NULL DEFAULT '0000-00-00',
`verified` int(1) NOT NULL DEFAULT 0,
`ccid` int(3) NOT NULL DEFAULT 0,
`regid` int(5) NOT NULL DEFAULT 0,
`locid` int(7) NOT NULL DEFAULT 0,
`listme` int(1) NOT NULL DEFAULT 0,
`codesign` int(1) NOT NULL DEFAULT 0,
`1024bit` tinyint(1) NOT NULL DEFAULT 0,
`contactinfo` varchar(255) NOT NULL DEFAULT '',
`admin` tinyint(1) NOT NULL DEFAULT 0,
`orgadmin` tinyint(1) NOT NULL,
`ttpadmin` tinyint(1) NOT NULL DEFAULT 0,
`adadmin` tinyint(1) UNSIGNED NOT NULL,
`board` tinyint(1) NOT NULL DEFAULT 0,
`tverify` tinyint(1) NOT NULL DEFAULT 0,
`locadmin` tinyint(1) NOT NULL DEFAULT 0,
`language` varchar(5) NOT NULL DEFAULT '',
`Q1` varchar(255) NOT NULL DEFAULT '',
`Q2` varchar(255) NOT NULL DEFAULT '',
`Q3` varchar(255) NOT NULL DEFAULT '',
`Q4` varchar(255) NOT NULL DEFAULT '',
`Q5` varchar(255) NOT NULL DEFAULT '',
`A1` varchar(255) NOT NULL DEFAULT '',
`A2` varchar(255) NOT NULL DEFAULT '',
`A3` varchar(255) NOT NULL DEFAULT '',
`A4` varchar(255) NOT NULL DEFAULT '',
`A5` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`locked` tinyint(1) NOT NULL,
`uniqueID` varchar(255) NOT NULL,
`otphash` varchar(16) NOT NULL,
`otppin` smallint(4) UNSIGNED ZEROFILL NOT NULL,
`assurer` int(2) NOT NULL DEFAULT 0,
`assurer_blocked` tinyint(1) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
KEY `ccid` (`ccid`),
KEY `regid` (`regid`),
KEY `locid` (`locid`),
KEY `email` (`email`),
KEY `stats_users_created` (`created`),
KEY `stats_users_verified` (`verified`),
KEY `userverified` (`verified`)
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;

113
migrations/00002_version1.sql
View file

@ -1,113 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2020 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- changes from version1.sh of the original code base
-- CCA agreements and such
CREATE TABLE `user_agreements` (
`id` int(11) PRIMARY KEY AUTO_INCREMENT,
-- the user that agrees
`memid` int(11) NOT NULL,
-- user that is involved in the agreement (e.g. Assurer)
`secmemid` int(11) DEFAULT NULL,
-- what is being agreed to? e.g. CCA
`document` varchar(50) DEFAULT NULL,
-- when did the agreement take place?
`date` datetime DEFAULT NULL,
-- whether the user actively agreed or if the agreement took place via
-- an indirect process (e.g. Assurance)
`active` int(1) NOT NULL,
-- in which process did the agreement take place (e.g. certificate
-- issuance, account creation, assurance)
`method` varchar(100) NOT NULL,
-- user comment
`comment` varchar(100) DEFAULT NULL
) DEFAULT CHARSET = latin1;
-- description for all certs to make identifying a cert easier
ALTER TABLE `domaincerts`
ADD `description` varchar(100) NOT NULL
DEFAULT '';
ALTER TABLE `emailcerts`
ADD `description` varchar(100) NOT NULL
DEFAULT '';
ALTER TABLE `gpg`
ADD `description` varchar(100) NOT NULL
DEFAULT '';
ALTER TABLE `orgdomaincerts`
ADD `description` varchar(100) NOT NULL
DEFAULT '';
ALTER TABLE `orgemailcerts`
ADD `description` varchar(100) NOT NULL
DEFAULT '';
-- Bugs #855, #863, #864, #888
ALTER TABLE `notary`
-- allow for marking as deleted instead of really deleting
ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
-- add "TOPUP" as method for point transfers (for TTP)
MODIFY `method`
enum (
'Face to Face Meeting',
'Trusted Third Parties',
'Thawte Points Transfer',
'Administrative Increase',
'CT Magazine - Germany',
'Temporary Increase',
'Unknown',
'TOPUP'
) NOT NULL DEFAULT 'Face to Face Meeting';
-- Organisation Assurance
ALTER TABLE `orginfo`
-- which Organisation Assurer entered the organisation?
ADD `creator_id` int(11) NOT NULL DEFAULT '0',
-- when was the organisation entered?
ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
-- allow for marking as deleted instead of really deleting
ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00';
ALTER TABLE `org`
-- which Organisation Assurer assigned the Organisation Admin?
ADD `creator_id` int(11) NOT NULL DEFAULT '0',
-- when was the Organisation Admin assigned?
ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
-- allow for marking as deleted instead of really deleting
ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00';
-- Update schema version number
INSERT INTO `schema_version`
(`version`, `when`)
VALUES ('1', NOW());

46
migrations/00003_version2.sql
View file

@ -1,46 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2020 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- changes from version2.sh of the original code base
-- Organisation Assurance bug #1118
ALTER TABLE `orgemailcerts`
ADD `ou` varchar(50) NOT NULL
DEFAULT '';
-- Bugs #855, #863, #864, #888, #1118
ALTER TABLE `notary`
-- add "TTP-Assisted" as method for point transfers (for TTP)
MODIFY `method`
enum (
'Face to Face Meeting',
'Trusted Third Parties',
'Thawte Points Transfer',
'Administrative Increase',
'CT Magazine - Germany',
'Temporary Increase',
'Unknown',
'TOPUP',
'TTP-Assisted'
) NOT NULL DEFAULT 'Face to Face Meeting';
-- Update schema version number
INSERT INTO `schema_version`
(`version`, `when`)
VALUES ('2', NOW());

52
migrations/00004_version3.sql
View file

@ -1,52 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2020 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- changes from version3.sh of the original code base
-- alter table Admin log
ALTER TABLE `adminlog`
ADD `type` varchar(50) NOT NULL,
ADD `information` varchar(50) NOT NULL;
-- create new table OrgAdminLog
CREATE TABLE IF NOT EXISTS `orgadminlog` (
`when` datetime NOT NULL,
`oid` int(11) NOT NULL,
`adminid` int(11) NOT NULL,
`type` varchar(50) NOT NULL,
`information` varchar(50) NOT NULL
) ENGINE = MyISAM
DEFAULT CHARSET = latin1;
-- alter table OrgDomainCerts
ALTER TABLE `orgdomaincerts`
ADD orgadminid int(11) NULL,
ADD revokeorgadminid int(11) NULL;
-- alter table OrgEmailCerts
ALTER TABLE `orgemailcerts`
ADD orgadminid int(11) NULL,
ADD revokeorgadminid int(11) NULL;
-- Update schema version number
INSERT INTO `schema_version`
(`version`, `when`)
VALUES ('3', NOW());

38
migrations/00005_version4.sql
View file

@ -1,38 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2020 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- changes from version4.sh of the original code base
-- update table admin log
UPDATE `adminlog`
SET `type` = 'old name or dob change',
`information` = 'see adminlog_table_backup_1135';
-- alter table admin log
ALTER TABLE `adminlog`
DROP `old-lname`,
DROP `old-dob`,
DROP `new-lname`,
DROP `new-dob`;
-- Update schema version number
INSERT INTO `schema_version`
(`version`, `when`)
VALUES ('4', NOW());

158
migrations/00006_version5.sql
View file

@ -1,158 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2020 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- changes from version5.sh of the original code base
-- Move myISAM to InnoDB bug #1172
ALTER TABLE `abusereports`
ENGINE =INNODB;
ALTER TABLE `addlang`
ENGINE =INNODB;
ALTER TABLE `adminlog`
ENGINE =INNODB;
ALTER TABLE `advertising`
ENGINE =INNODB;
ALTER TABLE `alerts`
ENGINE =INNODB;
ALTER TABLE `baddomains`
ENGINE =INNODB;
ALTER TABLE `cats_passed`
ENGINE =INNODB;
ALTER TABLE `cats_type`
ENGINE =INNODB;
ALTER TABLE `cats_variant`
ENGINE =INNODB;
ALTER TABLE `countries`
ENGINE =INNODB;
ALTER TABLE `disputedomain`
ENGINE =INNODB;
ALTER TABLE `disputeemail`
ENGINE =INNODB;
ALTER TABLE `domaincerts`
ENGINE =INNODB;
ALTER TABLE `domains`
ENGINE =INNODB;
ALTER TABLE `domlink`
ENGINE =INNODB;
ALTER TABLE `email`
ENGINE =INNODB;
ALTER TABLE `emailcerts`
ENGINE =INNODB;
ALTER TABLE `emaillink`
ENGINE =INNODB;
ALTER TABLE `gpg`
ENGINE =INNODB;
ALTER TABLE `languages`
ENGINE =INNODB;
ALTER TABLE `localias`
ENGINE =INNODB;
ALTER TABLE `locations`
ENGINE =INNODB;
ALTER TABLE `news`
ENGINE =INNODB;
ALTER TABLE `notary`
ENGINE =INNODB;
ALTER TABLE `org`
ENGINE =INNODB;
ALTER TABLE `orgadminlog`
ENGINE =INNODB;
ALTER TABLE `orgdomaincerts`
ENGINE =INNODB;
ALTER TABLE `orgdomains`
ENGINE =INNODB;
ALTER TABLE `orgdomlink`
ENGINE =INNODB;
ALTER TABLE `orgemailcerts`
ENGINE =INNODB;
ALTER TABLE `orgemaillink`
ENGINE =INNODB;
ALTER TABLE `orginfo`
ENGINE =INNODB;
ALTER TABLE `otphashes`
ENGINE =INNODB;
ALTER TABLE `pinglog`
ENGINE =INNODB;
ALTER TABLE `regions`
ENGINE =INNODB;
ALTER TABLE `root_certs`
ENGINE =INNODB;
ALTER TABLE `schema_version`
ENGINE =INNODB;
ALTER TABLE `stampcache`
ENGINE =INNODB;
ALTER TABLE `statscache`
ENGINE =INNODB;
ALTER TABLE `tickets`
ENGINE =INNODB;
ALTER TABLE `tverify`
ENGINE =INNODB;
ALTER TABLE `tverify-vote`
ENGINE =INNODB;
ALTER TABLE `user_agreements`
ENGINE =INNODB;
ALTER TABLE `userlocations`
ENGINE =INNODB;
-- Update schema version number
INSERT INTO `schema_version`
(`version`, `when`)
VALUES ('5', NOW());

26
migrations/00007_version6.sql
View file

@ -1,26 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2011 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- changes from version6.sh of the original code base
ALTER TABLE `users`
ADD `lastLoginAttempt` datetime NULL;
-- Update schema version number
INSERT INTO `schema_version`
(`version`, `when`)
VALUES ('6', NOW());

60
migrations/00008_initial_data.sql
View file

@ -1,60 +0,0 @@
-- +goose Up
-- LibreSSL - CAcert web application
-- Copyright (C) 2004-2020 CAcert Inc.
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation; version 2 of the License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- initial data set from test database
-- tables for cats (https://cats.cacert.org/)
INSERT INTO cats_type (id, type_text)
VALUES (1, 'Assurer Challenge'),
(2, 'Org Assurer Test'),
(3, 'Triage Challenge'),
(5, 'Data Privacy Quiz');
INSERT INTO cats_variant (id, type_id, test_text)
VALUES (5, 1, 'Assurer\'s challenge (EN)'),
(6, 1, 'CAcert Assurer Prüfung (DE)'),
(4, 1, 'CATS V0.1'),
(12, 5, 'Data Privacy Quiz (Generic)'),
(15, 5, 'Data Privacy Quiz (Infrastructure Admins)'),
(13, 5, 'Data Privacy Quiz (Software)'),
(14, 5, 'Data Privacy Quiz (Triage and Support)'),
(11, 1, 'Výzva zaru&#269;ovatele (CZ)');
-- country list
-- TODO: fetch from external source like https://github.com/datasets/country-codes
-- TODO: check for completeness / add mapping to ISO country codes?
-- language selection
-- TODO: fetch from external source like https://github.com/datasets/language-codes
-- in combination with http://www.unicode.org/Public/cldr/latest/core.zip
-- TODO: transform to UTF-8, check against current ISO standards
-- region names
-- TODO: take from https://github.com/datasets/fips-10-4
-- locations list is just too big to include here (>110 MiB dump)
-- TODO: take from an external source like https://github.com/datasets/un-locode
;
-- +goose Down
TRUNCATE TABLE cats_variant;
TRUNCATE TABLE cats_type;

4
migrations/00009_intial_root_certs.sql
View file

@ -1,4 +0,0 @@
-- +goose Up
INSERT INTO root_certs (id, cert_text)
VALUES (1, 'CAcert Testserver Root'),
(2, 'CAcert Testserver Class 3');

310
migrations/00010_go.go
View file

@ -1,310 +0,0 @@
package migrations
import (
"crypto/md5"
"crypto/rand"
"crypto/sha1"
"database/sql"
"encoding/csv"
"fmt"
"io"
"net/http"
"strings"
"time"
"github.com/pressly/goose"
log "github.com/sirupsen/logrus"
"golang.org/x/text/encoding"
"golang.org/x/text/encoding/charmap"
)
func init() {
goose.AddMigration(Up20201214193523, Down20201214193523)
}
func Up20201214193523(tx *sql.Tx) error {
// This code is executed when the migration is applied.
var (
data int
countryId, regionId, locationId int64
row *sql.Row
result sql.Result
err error
)
row = tx.QueryRow("SELECT COUNT(*) FROM users WHERE admin=1")
if err = row.Scan(&data); err != nil {
return err
}
log.Infof("%d admins found\n", data)
var countryFipsCodeMap map[string]int64
if countryFipsCodeMap, err = updateCountries(tx); err != nil {
return err
}
if err = updateRegions(tx, &countryFipsCodeMap); err != nil {
return err
}
if data == 0 {
location, err := time.LoadLocation("Europe/Berlin")
if err != nil {
return err
}
dob, err := time.ParseInLocation(
"2006-01-02",
"1977-08-08",
location,
)
if err != nil {
return err
}
if countryId, err = getCountryId(tx, "Germany"); err != nil {
return err
}
if regionId, err = getRegionId(tx, "Sachsen", countryId); err != nil {
return err
}
if locationId, err = getLocationId(tx, "Dresden", countryId, regionId); err != nil {
return err
}
random64Bytes := make([]byte, 64)
_, err = rand.Read(random64Bytes)
if err != nil {
return err
}
result, err = tx.Exec(`INSERT INTO users (email, password, fname, mname,
lname, suffix, dob, verified, ccid,
regid, locid, listme, codesign, 1024bit, contactinfo, admin, orgadmin,
ttpadmin, adadmin, board, tverify, locadmin, language,
Q1, Q2, Q3, Q4, Q5,
A1, A2, A3, A4, A5,
created, modified, locked, uniqueID,
otphash, otppin, assurer, assurer_blocked, lastLoginAttempt)
VALUES (?, ?, ?, '', ?, '', ?, 0,
?, ?, ?, 0, 1, 0, ?,
1, 0, 0, 0, 0, 0, 0, ?,
'', '', '', '', '', '', '', '', '', '',
CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0,
SHA1(CONCAT(NOW(), ?)),
'', 0, 0, 0, NULL)`,
"jandd@cacert.org",
fmt.Sprintf("%x", sha1.Sum([]byte("abcdefghijklmn"))),
"Jan",
"Dittberner",
dob,
countryId,
regionId,
locationId,
"Somewhere over the rainbow",
"de_DE",
fmt.Sprintf("%x", md5.Sum(random64Bytes)))
if err != nil {
return err
}
lastId, err := result.LastInsertId()
if err != nil {
return err
}
log.Infof("new user id is %d", lastId)
}
return nil
}
func updateRegions(tx *sql.Tx, codeMap *map[string]int64) error {
client := &http.Client{}
var (
err error
request *http.Request
response *http.Response
csvReader *csv.Reader
)
request, err = http.NewRequest("GET", "https://raw.githubusercontent.com/datasets/fips-10-4/master/data/data.csv", nil)
if err != nil {
return err
}
response, err = client.Do(request)
if err != nil {
return err
}
if response.StatusCode != 200 {
return fmt.Errorf("got unexpected HTTP status %d %s", response.StatusCode, response.Status)
}
csvReader = csv.NewReader(response.Body)
headings, err := csvReader.Read()
log.Infof("CSV headings %s", strings.Join(headings, ","))
for {
record, err := csvReader.Read()
if err == io.EOF {
break
}
if err != nil {
return err
}
regionCode := record[0]
regionDivision := record[1]
regionName := record[2]
fipsCode := regionCode[:2]
log.Infof("read %s %s %s", regionCode, regionName, fipsCode)
var countryId int64
var exists bool
if countryId, exists = (*codeMap)[fipsCode]; exists {
log.Infof("country id %d", countryId)
} else if regionDivision == "country" {
countryId, err = getCountryId(tx, regionName)
(*codeMap)[fipsCode] = countryId
} else {
return fmt.Errorf("could not find country for %s %s", fipsCode, regionName)
}
_, err = getRegionId(tx, regionName, countryId)
if err != nil {
return err
}
}
return nil
}
func updateCountries(tx *sql.Tx) (map[string]int64, error) {
client := &http.Client{}
var (
err error
request *http.Request
response *http.Response
csvReader *csv.Reader
)
request, err = http.NewRequest("GET", "https://raw.githubusercontent.com/datasets/country-codes/master/data/country-codes.csv", nil)
if err != nil {
return nil, err
}
response, err = client.Do(request)
if err != nil {
return nil, err
}
if response.StatusCode != 200 {
return nil, fmt.Errorf("got unexpected HTTP status %d %s", response.StatusCode, response.Status)
}
csvReader = csv.NewReader(response.Body)
headings, err := csvReader.Read()
log.Infof("CSV headings %s", strings.Join(headings, ","))
countryFipsMapping := make(map[string]int64, 0)
var count int64 = 0
for {
record, err := csvReader.Read()
if err == io.EOF {
break
}
if err != nil {
return nil, err
}
name := strings.TrimSpace(record[54])
if len(name) > 0 {
countryId, err := getCountryId(tx, name)
if err != nil {
return nil, err
}
countryFipsMapping[record[7]] = countryId
count++
}
}
log.Infof("read %d countries", count)
return countryFipsMapping, nil
}
func getLocationId(tx *sql.Tx, name string, countryId, regionId int64) (int64, error) {
var (
row *sql.Row
result sql.Result
locationId int64
err error
)
row = tx.QueryRow("SELECT id FROM locations WHERE name=? AND ccid=? AND regid=?", name, countryId, regionId)
if err := row.Scan(&locationId); err != nil {
if err != sql.ErrNoRows {
return 0, err
}
} else {
return locationId, nil
}
result, err = tx.Exec("INSERT INTO locations (regid, ccid, name, acount) VALUES (?, ?, ?, ?)", regionId, countryId, name, 0)
if err != nil {
return 0, err
}
locationId, err = result.LastInsertId()
if err != nil {
return 0, err
}
return locationId, nil
}
func getRegionId(tx *sql.Tx, name string, countryId int64) (int64, error) {
var (
row *sql.Row
result sql.Result
regionId int64
err error
)
encoder := charmap.ISO8859_1.NewEncoder()
cutDownName, err := encoding.HTMLEscapeUnsupported(encoder).String(name)
if err != nil {
return 0, err
}
if len(cutDownName) > 50 {
cutDownName = cutDownName[:50]
}
row = tx.QueryRow("SELECT id FROM regions WHERE name=? AND ccid=?", cutDownName, countryId)
if err := row.Scan(&regionId); err != nil {
if err != sql.ErrNoRows {
return 0, err
}
} else {
return regionId, nil
}
result, err = tx.Exec("INSERT INTO regions (ccid, name, acount) VALUES (?, ?, ?)", countryId, cutDownName, 0)
if err != nil {
return 0, err
}
regionId, err = result.LastInsertId()
if err != nil {
return 0, err
}
return regionId, nil
}
func getCountryId(tx *sql.Tx, name string) (int64, error) {
var (
row *sql.Row
result sql.Result
countryId int64
err error
)
row = tx.QueryRow("SELECT id FROM countries WHERE name=?", name)
if err := row.Scan(&countryId); err != nil {
if err != sql.ErrNoRows {
return 0, err
}
} else {
return countryId, nil
}
result, err = tx.Exec("INSERT INTO countries (countries.name, countries.acount) VALUES (?, ?)", name, 0)
if err != nil {
return 0, err
}
countryId, err = result.LastInsertId()
if err != nil {
return 0, err
}
return countryId, nil
}
func Down20201214193523(tx *sql.Tx) error {
// This code is executed when the migration is rolled back.
return nil
}

100
migrations/00011_languages.sql
View file

@ -1,100 +0,0 @@
INSERT INTO cacert_test.languages (locale, en_co, en_lang, country, lang)
VALUES ('sq_AL', 'Albania', 'Albanian', 'Shqip&euml;ria', 'shqipe'),
('ar_DZ', 'Algeria', 'Arabic', '&#65198;&#65164;&#65166;&#65200;&#65184;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('ar_AA', 'Arabic Speaking', 'Arabic', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_AR', 'Argentina', 'Spanish', 'Argentina', 'Espa&ntilde;ol'),
('en_AU', 'Australia', 'English', 'Australia', 'English'),
('de_AT', 'Austria', 'German', '&Ouml;sterreich', 'Deutsch'),
('ar_BH', 'Bahrain', 'Arabic', '&#65254;&#65268;&#65198;&#65188;&#65168;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('be_BY', 'Belarus', 'Belarusian', '&#1041;&#1077;&#1083;&#1072;&#1088;&#1091;&#1089;&#1100;', '&#1073;&#1077;&#1083;&#1072;&#1088;&#1091;&#1089;&#1082;&#1080;'),
('nl_BE', 'Belgium', 'Dutch', 'Belgi&euml;', 'Nederlands'),
('fr_BE', 'Belgium', 'French', 'Belgique', 'fran&ccedil;ais'),
('es_BO', 'Bolivia', 'Spanish', 'Bolivia', 'Espa&ntilde;ol'),
('sh_BA', 'Bosnia Herzogovina', 'Serbo-Croatian', 'Bosnia Herzogovina', 'Serbo-Croatian'),
('pt_BR', 'Brazil', 'Portuguese', 'Brasil', 'Portugu&ecirc;s'),
('bg_BG', 'Bulgaria', 'Bulgarian', '&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1080;&#1103;', '&#1073;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080;'),
('en_CA', 'Canada', 'English', 'Canada', 'English'),
('fr_CA', 'Canada', 'French', 'Canada', 'fran&ccedil;ais'),
('es_CL', 'Chile', 'Spanish', 'Chile', 'Espa&ntilde;ol'),
('es_CO', 'Colombia', 'Spanish', 'Colombia', 'Espa&ntilde;ol'),
('es_CR', 'Costa Rica', 'Spanish', 'Costa Rica', 'Espa&ntilde;ol'),
('hr_HR', 'Croatia', 'Croatian', 'Hrvatska', 'hrvatski'),
('cs_CZ', 'Czech Republic', 'Czech', '&#268;esk&aacute; republika', '&#269;e&scaron;tina'),
('da_DK', 'Denmark', 'Danish', 'Danmark', 'dansk'),
('es_DO', 'Dominican Republic', 'Spanish', 'Rep&uacute;blica Dominicana', 'Espa&ntilde;ol'),
('es_EC', 'Ecuador', 'Spanish', 'Ecuador', 'Espa&ntilde;ol'),
('ar_EG', 'Egypt', 'Arabic', '&#65198;&#65212;&#65251;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_SV', 'El Salvador', 'Spanish', 'El Salvador', 'Espa&ntilde;ol'),
('et_EE', 'Estonia', 'Estonian', 'Eesti', 'eesti'),
('mk_MK', 'FYR Macedonia', 'Macedonian', 'FYR Macedonia', 'Macedonian'),
('fi_FI', 'Finland', 'Finnish', 'Suomi', 'suomi'),
('sv_FI', 'Finland', 'Swedish', 'Finland', 'svenska'),
('fr_FR', 'France', 'French', 'France', 'fran&ccedil;ais'),
('de_DE', 'Germany', 'German', 'Deutschland', 'Deutsch'),
('el_GR', 'Greece', 'Greek', '&Epsilon;&lambda;&lambda;&#940;&delta;&alpha;', '&epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940;'),
('es_GT', 'Guatemala', 'Spanish', 'Guatemala', 'Espa&ntilde;ol'),
('es_HN', 'Honduras', 'Spanish', 'Honduras', 'Espa&ntilde;ol'),
('zh_HK', 'Hong Kong', 'Chinese', '&#39321;&#28207;', '&#20013;&#25991;'),
('hu_HU', 'Hungary', 'Hungarian', 'Magyarorsz&aacute;g', 'magyar'),
('is_IS', 'Iceland', 'Icelandic', '&Iacute;sland', '&iacute;slenska'),
('in_ID', 'Indonesia', 'Indonesian', 'Indonesia', 'Bahasa Indonesia'),
('fa_IR', 'Iran', 'Farsi', 'Iran', '&#65264;&#65204;&#65198;&#65166;&#65235;'),
('en_IE', 'Ireland', 'English', 'Ireland', 'English'),
('he_IL', 'Israel', 'Hebrew', '&#1500;&#1488;&#1512;&#1513;&#1497;', '&#1514;&#1497;&#1512;&#1489;&#1506;'),
('iw_IL', 'Israel', 'Hebrew', '&#1500;&#1488;&#1512;&#1513;&#1497;', '&#1514;&#1497;&#1512;&#1489;&#1506;'),
('it_IT', 'Italy', 'Italian', 'Italia', 'italiano'),
('ja_JP', 'Japan', 'Japanese', '&#26085;&#26412;', '&#26085;&#26412;&#35486;'),
('ar_JO', 'Jordan', 'Arabic', '&#65254;&#65194;&#65198;&#65156;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('ko_KR', 'Korea', 'Korean', '&#45824;&#54620;&#48124;&#44397;', '&#54620;&#44397;&#50612;'),
('ar_KW', 'Kuwait', 'Arabic', '&#65174;&#65268;&#65262;&#65244;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_LA', 'Latin America', 'Spanish', 'Am&eacute;rica latina', 'Espa&ntilde;ol'),
('lv_LV', 'Latvia', 'Latvian', 'Latvija', 'latvie&scaron;u'),
('ar_LB', 'Lebanon', 'Arabic', '&#65254;&#65166;&#65256;&#65168;&#65247;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('de_LI', 'Liechtenstein', 'German', 'Liechtenstein', 'Deutsch'),
('lt_LT', 'Lithuania', 'Lithuanian', 'Lietuva', 'lietuvi&#371;'),
('fr_LU', 'Luxembourg', 'French', 'Luxembourg', 'fran&ccedil;ais'),
('de_LU', 'Luxembourg', 'German', 'Luxemburg', 'Deutsch'),
('es_MX', 'Mexico', 'Spanish', 'M&eacute;xico', 'Espa&ntilde;ol'),
('ar_MA', 'Morocco', 'Arabic', '&#65172;&#65268;&#65168;&#65198;&#65232;&#65252;&#65248;&#65165; &#65172;&#65244;&#65248;&#65252;&#65252;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('nl_NL', 'Netherlands', 'Dutch', 'Nederland', 'Nederlands'),
('en_NZ', 'New Zealand', 'English', 'New Zealand', 'English'),
('es_NI', 'Nicaragua', 'Spanish', 'Nicar&aacute;gua', 'Espa&ntilde;ol'),
('no_NO', 'Norway', 'Norwegian', 'Norge', 'bokm&aring;l'),
('ar_OM', 'Oman', 'Arabic', '&#65254;&#65166;&#65252;&#65227;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_PA', 'Panama', 'Spanish', 'Panam&aacute;', 'Espa&ntilde;ol'),
('es_PY', 'Paraguay', 'Spanish', 'Paraguay', 'Espa&ntilde;ol'),
('zh_CN', 'People''s Republic of China', 'Chinese', '&#20013;&#21326;&#20154;&#27665;&#20849;&#21644;&#22269;', '&#20013;&#25991;'),
('es_PE', 'Peru', 'Spanish', 'Per&uacute;', 'Espa&ntilde;ol'),
('pl_PL', 'Poland', 'Polish', 'Polska', 'polski'),
('pt_PT', 'Portugal', 'Portuguese', 'Portugal', 'portugu&ecirc;s'),
('ar_QA', 'Qatar', 'Arabic', '&#65198;&#65220;&#65239;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('ro_RO', 'Romania', 'Romanian', 'Rom&acirc;nia', 'rom&acirc;n&#259;'),
('ru_RU', 'Russia', 'Russian', '&#1056;&#1086;&#1089;&#1089;&#1080;&#1103;', '&#1088;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081;'),
('ar_SA', 'Saudi Arabia', 'Arabic', '&#65172;&#65268;&#65194;&#65262;&#65228;&#65204;&#65248;&#65165; &#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165; &#65172;&#65244;&#65248;&#65252;&#65252;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('hr_SP', 'Serbia', 'Romanian', 'Srbija', 'rom&acirc;n&#259;'),
('sr_SP', 'Serbia', 'Serbian (Cyrillic)', '&#1032;&#1091;&#1075;&#1086;&#1089;&#1083;&#1072;&#1074;&#1080;&#1112;&#1072;', '&#1089;&#1088;&#1087;&#1089;&#1082;&#1080;'),
('zh_SG', 'Singapore', 'Chinese', '&#26032;&#21152;&#22369;', '&#20013;&#25991;'),
('sk_SK', 'Slovakia', 'Slovak', 'Slovensk&aacute; republika', 'sloven&#269;ina'),
('sl_SI', 'Slovenia', 'Slovene', 'Slovenija', 'slovenski'),
('en_ZA', 'South Africa', 'English', 'South Africa', 'English'),
('eu_ES', 'Spain', 'Basque', 'Espainia', 'Euskara'),
('ca_ES', 'Spain', 'Catalan', 'Espanya', 'catal&agrave;'),
('es_ES', 'Spain', 'Spanish', 'Espa&ntilde;a', 'Espa&ntilde;ol'),
('sv_SE', 'Sweden', 'Swedish', 'Sverige', 'svenska'),
('fr_CH', 'Switzerland', 'French', 'Suisse', 'fran&ccedil;ais'),
('de_CH', 'Switzerland', 'German', 'Schweiz', 'Deutsch'),
('it_CH', 'Switzerland', 'Italian', 'Svizzera', 'italiano'),
('ar_SY', 'Syria', 'Arabic', '&#65166;&#65268;&#65198;&#65262;&#65203;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('zh_TW', 'Taiwan', 'Chinese', '&#20013;&#33775;&#27665;&#22283;', '&#20013;&#25991;'),
('th_TH', 'Thailand', 'Thai', '&#3652;&#3607;&#3618;', '&#3652;&#3607;&#3618;'),
('ar_TN', 'Tunisia', 'Arabic', '&#65202;&#65256;&#65262;&#65175;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('tr_TR', 'Turkey', 'Turkish', 'T&uuml;rkiye', 'T&uuml;rk&ccedil;e'),
('ar_UA', 'U.A.E.', 'Arabic', '&#65172;&#65194;&#65188;&#65176;&#65252;&#65248;&#65165; &#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165; &#65174;&#65166;&#65198;&#65166;&#65252;&#65160;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('uk_UA', 'Ukraine', 'Ukrainian', '&#1059;&#1082;&#1088;&#1072;&#1111;&#1085;&#1072;', '&#1091;&#1082;&#1088;&#1072;&#1111;&#1085;&#1100;&#1089;&#1082;&#1072;'),
('en_GB', 'United Kingdom', 'English', 'United Kingdom', 'English'),
('en_US', 'United States', 'English', 'United States', 'English'),
('es_US', 'United States', 'Spanish', 'Estados Unidos', 'Espa&ntilde;ol'),
('es_UY', 'Uruguay', 'Spanish', 'Uruguay', 'Espa&ntilde;ol'),
('es_VE', 'Venezuela', 'Spanish', 'Venezuela', 'Espa&ntilde;ol'),
('vi_VN', 'Vietnam', 'Vietnamese', 'Vi&#7879;t Nam', 'Ti&#7875;ng Vi&#7879;t'),
('ar_YE', 'Yemen', 'Arabic', '&#65254;&#65252;&#65268;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;');

57
migrations/main.go
View file

@ -1,57 +0,0 @@
package migrations
import (
"database/sql"
"flag"
"os"
"github.com/pressly/goose"
log "github.com/sirupsen/logrus"
_ "github.com/go-sql-driver/mysql"
)
var (
flags = flag.NewFlagSet("goose", flag.ExitOnError)
dir = flags.String("dir", ".", "directory with migration files")
)
func init() {
_ = flags.Parse(os.Args[1:])
args := flags.Args()
if len(args) < 1 {
flags.Usage()
return
}
command := args[0]
var dbUrl string
var exists bool
if dbUrl, exists = os.LookupEnv("DB_URL"); !exists {
log.Fatalf("define database URL in environment variable DB_URL")
}
db, err := sql.Open("mysql", dbUrl)
if err != nil {
log.Fatalf("goose: failt to open DB: %v\n", err)
}
if err = goose.SetDialect("mysql"); err != nil {
log.Fatalf("failed to set dialect: %v\n", err)
}
defer func() {
if err := db.Close(); err != nil {
log.Fatalf("goose: failed to close DB: %v\n", err)
}
}()
arguments := make([]string, 0)
if len(args) > 3 {
arguments = append(arguments, args[3:]...)
}
if err := goose.Run(command, db, *dir, arguments...); err != nil {
log.Fatalf("goose %v: %v", command, err)
}
}

26
setup_example_ca.sh
View file

@ -6,10 +6,10 @@ COUNTRY_CODE=CH
ORGANIZATION="Acme Ltd."
if [ ! -d "example_ca" ]; then
mkdir -p example_ca/root/newcerts example_ca/sub/newcerts example_ca/email/newcerts
touch example_ca/root/index.txt example_ca/sub/index.txt example_ca/email/index.txt
mkdir -p example_ca/root/newcerts example_ca/sub/newcerts
touch example_ca/root/index.txt example_ca/sub/index.txt
umask 077
mkdir example_ca/root/private example_ca/sub/private example_ca/email/private
mkdir example_ca/root/private example_ca/sub/private
openssl req -new -x509 \
-config ca.cnf \
-keyout example_ca/root/private/ca.key.pem \
@ -32,24 +32,8 @@ if [ ! -d "example_ca" ]; then
-config ca.cnf \
-name rootca \
-in example_ca/sub/ca.csr.pem \
-extensions ext_sub_ca \
-extensions sub_ca \
-out example_ca/sub/ca.crt.pem \
-rand_serial \
-batch
openssl req -new \
-config ca.cnf \
-keyout example_ca/email/private/ca.key.pem \
-newkey rsa:3072 \
-nodes \
-subj "/CN=Example Email CA/C=${COUNTRY_CODE}/O=${ORGANIZATION}" \
-utf8 \
-out example_ca/email/ca.csr.pem
openssl ca \
-config ca.cnf \
-name rootca \
-in example_ca/email/ca.csr.pem \
-extensions ext_email_ca \
-out example_ca/email/ca.crt.pem \
-rand_serial \
-create_serial \
-batch
fi