diff --git a/app/models/certificate.rb b/app/models/certificate.rb index 2840c691e..98ad7eea9 100644 --- a/app/models/certificate.rb +++ b/app/models/certificate.rb @@ -127,83 +127,16 @@ class Certificate < ApplicationRecord return false end - self.class.update_registry_crl - self.class.reload_apache + self.class.update_crl self end class << self def update_crl -# update_id_crl -# update_registry_crl -# reload_apache - run_crlupdater - end - def run_crlupdater STDOUT << "#{Time.zone.now.utc} - Running crlupdater\n" unless Rails.env.test? - system "#{ENV['crl_update_path']}" + system "#{ENV['crl_updater_path']}" STDOUT << "#{Time.zone.now.utc} - Finished running crlupdater\n" unless Rails.env.test? end - def update_id_crl - STDOUT << "#{Time.zone.now.utc} - Updating ID CRL\n" unless Rails.env.test? - - _out, _err, _st = Open3.capture3(" - mkdir -p #{ENV['crl_dir']}/crl-id-temp - cd #{ENV['crl_dir']}/crl-id-temp - - wget https://sk.ee/crls/esteid/esteid2007.crl - wget https://sk.ee/crls/juur/crl.crl - wget https://sk.ee/crls/eeccrca/eeccrca.crl - wget https://sk.ee/repository/crls/esteid2011.crl - - openssl crl -in esteid2007.crl -out esteid2007.crl -inform DER - openssl crl -in crl.crl -out crl.crl -inform DER - openssl crl -in eeccrca.crl -out eeccrca.crl -inform DER - openssl crl -in esteid2011.crl -out esteid2011.crl -inform DER - - ln -s crl.crl `openssl crl -hash -noout -in crl.crl`.r0 - ln -s esteid2007.crl `openssl crl -hash -noout -in esteid2007.crl`.r0 - ln -s eeccrca.crl `openssl crl -hash -noout -in eeccrca.crl`.r0 - ln -s esteid2011.crl `openssl crl -hash -noout -in esteid2011.crl`.r0 - - rm -rf #{ENV['crl_dir']}/*.crl #{ENV['crl_dir']}/*.r0 - - mv #{ENV['crl_dir']}/crl-id-temp/* #{ENV['crl_dir']} - - rm -rf #{ENV['crl_dir']}/crl-id-temp - ") - - STDOUT << "#{Time.zone.now.utc} - ID CRL updated\n" unless Rails.env.test? - end - - def update_registry_crl - STDOUT << "#{Time.zone.now.utc} - Updating registry CRL\n" unless Rails.env.test? - - _out, _err, _st = Open3.capture3(" - mkdir -p #{ENV['crl_dir']}/crl-temp - cd #{ENV['crl_dir']}/crl-temp - - openssl ca -config #{ENV['openssl_config_path']} -keyfile #{ENV['ca_key_path']} -cert \ - #{ENV['ca_cert_path']} -gencrl -out #{ENV['crl_dir']}/crl-temp/crl.pem -key \ - '#{ENV['ca_key_password']}' -batch - - ln -s crl.pem `openssl crl -hash -noout -in crl.pem`.r1 - - rm -rf #{ENV['crl_dir']}/*.pem #{ENV['crl_dir']}/*.r1 - - mv #{ENV['crl_dir']}/crl-temp/* #{ENV['crl_dir']} - - rm -rf #{ENV['crl_dir']}/crl-temp - ") - - STDOUT << "#{Time.zone.now.utc} - Registry CRL updated\n" unless Rails.env.test? - end - - def reload_apache - STDOUT << "#{Time.zone.now.utc} - Reloading apache\n" unless Rails.env.test? - _out, _err, _st = Open3.capture3("sudo /etc/init.d/apache2 reload") - STDOUT << "#{Time.zone.now.utc} - Apache reloaded\n" unless Rails.env.test? - end def parse_md_from_string(crt) return nil if crt.blank? diff --git a/config/application.yml.sample b/config/application.yml.sample index 2cd19b768..9bf0f769c 100644 --- a/config/application.yml.sample +++ b/config/application.yml.sample @@ -34,6 +34,7 @@ time_zone: 'Tallinn' # more zones by rake time:zones:all openssl_config_path: '/etc/ssl/openssl.cnf' crl_dir: '/home/registry/registry/shared/ca/crl' crl_path: '/home/registry/registry/shared/ca/crl/crl.pem' +crl_updater_path: '/home/registry/registry/shared/ca/crl/crlupdater.sh' ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem' ca_key_path: '/home/registry/registry/shared/ca/private/ca.key.pem' ca_key_password: 'your-root-key-password'