From 0be023504a5d2ee961d217604c6c8850e4364a51 Mon Sep 17 00:00:00 2001
From: Simon Baker <simon.baker@portswigger.net>
Date: Thu, 27 Apr 2023 10:22:30 +0100
Subject: [PATCH] added suggestions by Ben to capture more details for cert
 requester, added entire cert in case needed in future

---
 README.md |  2 +-
 db.go     | 11 +++++++++++
 x509.go   |  1 +
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6e8e8e5..48d78f2 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# A golang PKI in less than 1000 lines of code.
+# A golang PKI in just over a 1000 lines of code.
 
 # Introduction
 
diff --git a/db.go b/db.go
index 4e3f988..5540ebb 100644
--- a/db.go
+++ b/db.go
@@ -1,14 +1,17 @@
 package main
 
 import (
+	"bufio"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/asn1"
+	"fmt"
 	"log"
 	"net"
 	"net/url"
+	"os"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -21,6 +24,7 @@ import (
 var dyndb *dynamodb.DynamoDB
 
 type x509Record struct {
+	Requester          string
 	SerialNumber       string
 	Issuer             string
 	Subject            string
@@ -33,6 +37,7 @@ type x509Record struct {
 	IPAddresses        []net.IP
 	URIs               []*url.URL
 	PubKey             []byte
+	DerCert            []byte
 }
 
 func addDbRecord(crtBytes []byte) error {
@@ -54,7 +59,12 @@ func addDbRecord(crtBytes []byte) error {
 	default:
 		return errors.New("only ECDSA and RSA public keys are supported")
 	}
+	reader := bufio.NewReader(os.Stdin)
+	fmt.Print("Enter Requester in the format of \"Joe Blogs <j.blogs@foo.com>\" ->   ")
+	requester, _ := reader.ReadString('\n') // E: requester declared and not used // E: requester declared and not used
+	// marshal the crt to a pem byte array
 	record := x509Record{
+		Requester:          requester,
 		SerialNumber:       crt.SerialNumber.String(), // serial number should be unique (as in cryptographically) so we can use this as the key
 		Issuer:             crt.Issuer.String(),
 		Subject:            crt.Subject.String(),
@@ -67,6 +77,7 @@ func addDbRecord(crtBytes []byte) error {
 		IPAddresses:        crt.IPAddresses,
 		URIs:               crt.URIs,
 		PubKey:             pubBytes,
+		DerCert:            crtBytes,
 	}
 
 	// we should be running under the role given to us by the sts tokens.
diff --git a/x509.go b/x509.go
index 45f4512..81edc4f 100644
--- a/x509.go
+++ b/x509.go
@@ -298,6 +298,7 @@ func signCSR(signer crypto11.Signer, csr *x509.CertificateRequest) (crtBytes []b
 		Critical: false,
 		Value:    yy,
 	}
+
 	tmpl := &x509.Certificate{
 		SerialNumber:       serialNumber,
 		Subject:            newSubject,