Adding the schemas for the external certs and the identifiers to db_schema-main.sql, and also removing the lastUpdate timestamp from the code and the import format document (since we don't really need it for anything).

cmd/external-cert-importer/import_format.txt

@@ -17,10 +17,6 @@ Example: `"10A9C1F8ADAACBFE2B0F83F7D5FA1FC293A8D2A2"`
 Data Type: Up to 255 characters
 Description: The domain to which the certificate applies, with the DNS labels reversed. Wildcards are included.  
 Example: `"org.eff.*"`
-1. Column Name: Last Changed Timestamp  
-Data Type: A MySQL `TIMESTAMP`, 19 characters long. (More information is available at https://dev.mysql.com/doc/refman/5.5/en/datetime.html)  
-Description: The UTC timestamp of the last time this row was updated.  
-Example: `"2015-03-23 22:59:01"`
 
 ###`valid-certs`
 1. Column Name: SHA1 Fingerprint  
@@ -51,10 +47,6 @@ Example: 1
 Data Type: 0 or 1  
 Description: 1 if the certificate is a valid Extended Validation (EV) certificate (as determined via the method described below in the section *EV Validity*), and 0 otherwise.  
 Example: 0  
-1. Column Name: Last Changed Timestamp  
-Data Type: A MySQL `TIMESTAMP`, 19 characters long. (More information is available at https://dev.mysql.com/doc/refman/5.5/en/datetime.html)  
-Description: The UTC timestamp of the last time this row was updated.  
-Example: `2015-03-23 22:59:01`
 1. Column Name: Hex-Encoded Certificate
 Data Type: Hexadecimal characters
 Description: The hexadecimal encoding of the DER-encoded certificate.

cmd/external-cert-importer/main.go

@@ -42,8 +42,7 @@ func addCerts(csvFilename string, dbMap *gorp.DbMap, stats statsd.Statter, stats
 
 		notAfter, err := time.Parse(datestamp_format, record[3])
 		spkiBytes, err := hex.DecodeString(record[4])
-		lastUpdated, err := time.Parse(datestamp_format, record[7])
-		certDER, err := hex.DecodeString(record[8])
+		certDER, err := hex.DecodeString(record[7])
 
 		externalCert := core.ExternalCert{
 			SHA1:        record[0],
@@ -53,7 +52,6 @@ func addCerts(csvFilename string, dbMap *gorp.DbMap, stats statsd.Statter, stats
 			SPKI:        spkiBytes,
 			Valid:       record[5] == "1",
 			EV:          record[6] == "1",
-			LastUpdated: lastUpdated,
 			CertDER:     certDER,
 		}
 
@@ -78,12 +76,9 @@ func addIdentifiers(csvFilename string, dbMap *gorp.DbMap, stats statsd.Statter,
 			return
 		}
 
-		lastUpdated, err := time.Parse(datestamp_format, record[2])
-
 		identifierData := core.IdentifierData{
 			ReversedName: record[1],
 			CertSHA1:     record[0],
-			LastUpdated:  lastUpdated,
 		}
 
 		importStart := time.Now()

core/objects.go

@@ -479,23 +479,21 @@ type IssuedCertIdentifierData struct {
 // IdentifierData rows contains information about certs issued by Boulder and
 // also information about certs observed from third parties.
 type IdentifierData struct {
-	ReversedName string    // The label-wise reverse of an identifier, e.g. com.example or com.example.*
-	CertSHA1     string    // The hex encoding of the SHA-1 hash of a cert containing the identifier
-	LastUpdated  time.Time // The time the entry for the cert associated with this identifier was last updated
+	ReversedName string    `db:"reversedName"` // The label-wise reverse of an identifier, e.g. com.example or com.example.*
+	CertSHA1     string    `db:"certSHA1"`     // The hex encoding of the SHA-1 hash of a cert containing the identifier
 }
 
 // ExternalCerts holds information about certificates issued by other CAs,
 // obtained through Certificate Transparency, the SSL Observatory, or scans.io.
 type ExternalCert struct {
-	SHA1        string    // The hex encoding of the SHA-1 hash of this cert
-	Issuer      string    // The Issuer field of this cert
-	Subject     string    // The Subject field of this cert
-	NotAfter    time.Time // Date after which this cert should be considered invalid
-	SPKI        []byte    // The hex encoding of the certificate's SubjectPublicKeyInfo in DER form
-	Valid       bool      // Whether this certificate was valid at LastUpdated time
-	EV          bool      // Whether this cert was EV valid
-	LastUpdated time.Time // Last time this cert's data was updated
-	CertDER     []byte    // DER (binary) encoding of the raw certificate
+	SHA1        string    `db:"sha1"`        // The hex encoding of the SHA-1 hash of this cert
+	Issuer      string    `db:"issuer"`      // The Issuer field of this cert
+	Subject     string    `db:"subject"`     // The Subject field of this cert
+	NotAfter    time.Time `db:"notAfter"`    // Date after which this cert should be considered invalid
+	SPKI        []byte    `db:"spki"`        // The hex encoding of the certificate's SubjectPublicKeyInfo in DER form
+	Valid       bool      `db:"valid"`       // Whether this certificate was valid at LastUpdated time
+	EV          bool      `db:"ev"`          // Whether this cert was EV valid
+	CertDER     []byte    `db:"rawDERCert"`  // DER (binary) encoding of the raw certificate
 }
 
 // MatchesCSR tests the contents of a generated certificate to make sure

docs/database/db_schema-main.sql

@@ -94,3 +94,20 @@ CREATE TABLE `pending_authz` (
   CONSTRAINT `regId_pending_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
+CREATE TABLE `identifierData` (
+  `reversedName` varchar(255) NOT NULL,
+  `certSHA1` varchar(40) NOT NULL,
+  UNIQUE INDEX (certSha1, reversedName)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `externalCerts` (
+  `sha1` varchar(40) NOT NULL,
+  `issuer` text DEFAULT NULL,
+  `subject` text DEFAULT NULL,
+  `notAfter` datetime DEFAULT NULL,
+  `spki` blob DEFAULT NULL,
+  `valid` tinyint(1) DEFAULT NULL,
+  `ev` tinyint(1) DEFAULT NULL,  
+  `rawDERCert` blob DEFAULT NULL,
+  UNIQUE INDEX (sha1)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;