split crl updating and application code

2025-06-13 16:14:47 +02:00 · 2020-08-18 08:42:16 +03:00 · 2020-08-18 08:42:16 +03:00 · 0e686c5af5
commit 0e686c5af5
parent 71b5af5b70
2 changed files with 3 additions and 69 deletions
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@ -127,83 +127,16 @@ class Certificate < ApplicationRecord
      return false
    end
-    self.class.update_registry_crl
+    self.class.update_crl
    self.class.reload_apache
    self
  end
  class << self
    def update_crl
 #      update_id_crl
 #      update_registry_crl
 #      reload_apache
      run_crlupdater
    end
    def run_crlupdater
      STDOUT << "#{Time.zone.now.utc} - Running crlupdater\n" unless Rails.env.test?
-      system "#{ENV['crl_update_path']}"
+      system "#{ENV['crl_updater_path']}"
      STDOUT << "#{Time.zone.now.utc} - Finished running crlupdater\n" unless Rails.env.test?
    end
    def update_id_crl
      STDOUT << "#{Time.zone.now.utc} - Updating ID CRL\n" unless Rails.env.test?
      _out, _err, _st = Open3.capture3("
        mkdir -p #{ENV['crl_dir']}/crl-id-temp
        cd #{ENV['crl_dir']}/crl-id-temp
        wget https://sk.ee/crls/esteid/esteid2007.crl
        wget https://sk.ee/crls/juur/crl.crl
        wget https://sk.ee/crls/eeccrca/eeccrca.crl
        wget https://sk.ee/repository/crls/esteid2011.crl
        openssl crl -in esteid2007.crl -out esteid2007.crl -inform DER
        openssl crl -in crl.crl -out crl.crl -inform DER
        openssl crl -in eeccrca.crl -out eeccrca.crl -inform DER
        openssl crl -in esteid2011.crl -out esteid2011.crl -inform DER
        ln -s crl.crl `openssl crl -hash -noout -in crl.crl`.r0
        ln -s esteid2007.crl `openssl crl -hash -noout -in esteid2007.crl`.r0
        ln -s eeccrca.crl `openssl crl -hash -noout -in eeccrca.crl`.r0
        ln -s esteid2011.crl `openssl crl -hash -noout -in esteid2011.crl`.r0
        rm -rf #{ENV['crl_dir']}/*.crl #{ENV['crl_dir']}/*.r0
        mv #{ENV['crl_dir']}/crl-id-temp/* #{ENV['crl_dir']}
        rm -rf #{ENV['crl_dir']}/crl-id-temp
      ")
      STDOUT << "#{Time.zone.now.utc} - ID CRL updated\n" unless Rails.env.test?
    end
    def update_registry_crl
      STDOUT << "#{Time.zone.now.utc} - Updating registry CRL\n" unless Rails.env.test?
      _out, _err, _st = Open3.capture3("
        mkdir -p #{ENV['crl_dir']}/crl-temp
        cd #{ENV['crl_dir']}/crl-temp
        openssl ca -config #{ENV['openssl_config_path']} -keyfile #{ENV['ca_key_path']} -cert \
        #{ENV['ca_cert_path']} -gencrl -out #{ENV['crl_dir']}/crl-temp/crl.pem -key \
        '#{ENV['ca_key_password']}' -batch
        ln -s crl.pem `openssl crl -hash -noout -in crl.pem`.r1
        rm -rf #{ENV['crl_dir']}/*.pem #{ENV['crl_dir']}/*.r1
        mv #{ENV['crl_dir']}/crl-temp/* #{ENV['crl_dir']}
        rm -rf #{ENV['crl_dir']}/crl-temp
      ")
      STDOUT << "#{Time.zone.now.utc} - Registry CRL updated\n" unless Rails.env.test?
    end
    def reload_apache
      STDOUT << "#{Time.zone.now.utc} - Reloading apache\n" unless Rails.env.test?
      _out, _err, _st = Open3.capture3("sudo /etc/init.d/apache2 reload")
      STDOUT << "#{Time.zone.now.utc} - Apache reloaded\n" unless Rails.env.test?
    end
    def parse_md_from_string(crt)
      return nil if crt.blank?
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@ -34,6 +34,7 @@ time_zone: 'Tallinn' # more zones by rake time:zones:all
 openssl_config_path: '/etc/ssl/openssl.cnf'
 crl_dir:     '/home/registry/registry/shared/ca/crl'
 crl_path:     '/home/registry/registry/shared/ca/crl/crl.pem'
 crl_updater_path: '/home/registry/registry/shared/ca/crl/crlupdater.sh'
 ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
 ca_key_path:  '/home/registry/registry/shared/ca/private/ca.key.pem'
 ca_key_password: 'your-root-key-password'