Add option to ?d= by SHA-256(Certificate).

3 files changed, 15 insertions, 8 deletions

diff --git a/download_cert.fnc b/download_cert.fnc
index 569438d..0daaa42 100644
--- a/download_cert.fnc
+++ b/download_cert.fnc
@@ -17,24 +17,31 @@
  */
 
 CREATE OR REPLACE FUNCTION download_cert(
-	cert_id					certificate.ID%TYPE
+	cert_identifier			text
 ) RETURNS text
 AS $$
 DECLARE
 	t_b64Certificate	text;
 	t_output			text;
 BEGIN
-	SELECT replace(encode(c.CERTIFICATE, 'base64'), chr(10), '')
-		INTO t_b64Certificate
-		FROM certificate c
-		WHERE c.ID = cert_id;
+	IF length(cert_identifier) = 64 THEN
+		SELECT replace(encode(c.CERTIFICATE, 'base64'), chr(10), '')
+			INTO t_b64Certificate
+			FROM certificate c
+			WHERE digest(c.CERTIFICATE, 'sha256') = decode(cert_identifier, 'hex');
+	ELSE
+		SELECT replace(encode(c.CERTIFICATE, 'base64'), chr(10), '')
+			INTO t_b64Certificate
+			FROM certificate c
+			WHERE c.ID = cert_identifier::integer;
+	END IF;
 	IF t_b64Certificate IS NULL THEN
 		RETURN NULL;
 	END IF;
 
 	t_output :=
 '[BEGIN_HEADERS]
-Content-Disposition: attachment; filename="' || cert_id::text || '.crt"
+Content-Disposition: attachment; filename="' || cert_identifier || '.crt"
 Content-Type: application/pkix-cert
 [END_HEADERS]
 ';
diff --git a/drop_schema.sql b/drop_schema.sql
index be9330f..372f878 100644
--- a/drop_schema.sql
+++ b/drop_schema.sql
@@ -36,7 +36,7 @@ DROP FUNCTION extract_cert_names(
 );
 
 DROP FUNCTION download_cert(
-	cert_id					certificate.ID%TYPE
+	cert_id					text
 );
 
 DROP FUNCTION lint_cached(
diff --git a/web_apis.fnc b/web_apis.fnc
index ad673cb..dc188ed 100644
--- a/web_apis.fnc
+++ b/web_apis.fnc
@@ -196,7 +196,7 @@ BEGIN
 			END;
 
 			IF t_type = 'Download Certificate' THEN
-				RETURN download_cert(t_value::integer);
+				RETURN download_cert(t_value);
 			ELSIF t_type IN ('ID', 'Certificate ASN.1', 'CA ID', 'CT Entry ID') THEN
 				BEGIN
 					EXIT WHEN t_value::integer IS NOT NULL;