New DB design

[cyrill-k]

This pull requests modifies the structure of the DB. The goals of the new design are:

• Updates become faster by not needing to retrieve data from the DB, just push.
• We allow to expire certificates: the expiration time is visible in the certs table layout.
• The Sparse Merkle Tree is built using the hashes of the certificates and policies, not their payloads. This allows for a much faster update after a new certificate/policy has been added or modified. The hashes of the payloads and their aggregation into the domain field is done in the DB engine side, so there is no need to transmit data. Closes: #27, #28, #29, #39, #40

This change is 

[cyrill-k]

pkg/common/structure.go line 10 at r1 (raw file):

Previously, cyrill-k wrote…

New naming scheme: - RPC + SP become PolicyCertificate, which has a `subject`, `issuer`, `domain`, `IsIssuer` bit, and `PolicyAttributes`. - `IsIssuer` specifies if this PolicyCertificate can be used to sign another certificate (or if it is a leaf). If the `IsIssuer` bit is not set, the PolicyCertificate may not have a public key. - `domain` specifies the domain that this PolicyCertificate is tied to. If this value is empty, then there is no restriction on the domain. If this value is non-empty, the `domain` attribute of any child must have the same value. - RCSR + PSR become PolicyCertificateSigningRequest. - SPT becomes SignedPolicyCertificateTimestamp. - PolicyRevocation becomes PolicyCertificateRevocation.

I forgot two objects relating to revocations:

• SPRT becomes SignedPolicyCertificateRevocationTimestamp (same fields as the SignedPolicyCertificateTimestamp)
• RSR becomes PolicyCertificateRevocationSigningRequest

[cyrill-k]

pkg/common/policies.go line 42 at r8 (raw file):

Previously, juagargi (Juan A. Garcia Pardo) wrote…

I thought we agreed to *not* use the identification of the issuer or owner via `Issuer` or `Owner`. In my opinion, we should *remove* the fields `Issuer` and `Subject`, and *always* identify issuer and owner via the hash of something that uniquely identifies the certificate (payload maybe?). We could add a new field `Description`, if people would want to have a human readable description of the certificate and what it is used for.

Let's use a new field IssuerHash which is the hash of the payload without SPCTs and without issuer signature while preserving the owner signature.

The analogous is done for the OwnerHash field.

And remove the Issuer and Subject field.

[juagargi]

pkg/common/policies.go line 42 at r8 (raw file):

Previously, cyrill-k wrote…

Let's use a new field `IssuerHash` which is the hash of the payload without SPCTs and without issuer signature while preserving the owner signature. The analogous is done for the `OwnerHash` field. And remove the `Issuer` and `Subject` field.

Note for future self: the issuer will not be present in the SPCTs or requests, only in certificate and revocation. Also, we can remove now the IssuerPubKeyHash and OwnerPubKeyHash.