From 71b5af5b70979f1a02d2928e1f0e2e460243023d Mon Sep 17 00:00:00 2001
From: Georg Kahest <georg@tld.ee>
Date: Tue, 18 Aug 2020 05:16:26 +0300
Subject: [PATCH 1/6] run configured crlupdater

---
 app/models/certificate.rb | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index d2428365a..2840c691e 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -134,11 +134,16 @@ class Certificate < ApplicationRecord
 
   class << self
     def update_crl
-      update_id_crl
-      update_registry_crl
-      reload_apache
+#      update_id_crl
+#      update_registry_crl
+#      reload_apache
+      run_crlupdater
+    end
+    def run_crlupdater
+      STDOUT << "#{Time.zone.now.utc} - Running crlupdater\n" unless Rails.env.test?
+      system "#{ENV['crl_update_path']}"
+      STDOUT << "#{Time.zone.now.utc} - Finished running crlupdater\n" unless Rails.env.test?
     end
-
     def update_id_crl
       STDOUT << "#{Time.zone.now.utc} - Updating ID CRL\n" unless Rails.env.test?
 

From 0e686c5af552f5dc91d61ac613fc88a8f9a0d989 Mon Sep 17 00:00:00 2001
From: Georg Kahest <georg@tld.ee>
Date: Tue, 18 Aug 2020 08:42:16 +0300
Subject: [PATCH 2/6] split crl updating and application code

---
 app/models/certificate.rb     | 71 +----------------------------------
 config/application.yml.sample |  1 +
 2 files changed, 3 insertions(+), 69 deletions(-)

diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index 2840c691e..98ad7eea9 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -127,83 +127,16 @@ class Certificate < ApplicationRecord
       return false
     end
 
-    self.class.update_registry_crl
-    self.class.reload_apache
+    self.class.update_crl
     self
   end
 
   class << self
     def update_crl
-#      update_id_crl
-#      update_registry_crl
-#      reload_apache
-      run_crlupdater
-    end
-    def run_crlupdater
       STDOUT << "#{Time.zone.now.utc} - Running crlupdater\n" unless Rails.env.test?
-      system "#{ENV['crl_update_path']}"
+      system "#{ENV['crl_updater_path']}"
       STDOUT << "#{Time.zone.now.utc} - Finished running crlupdater\n" unless Rails.env.test?
     end
-    def update_id_crl
-      STDOUT << "#{Time.zone.now.utc} - Updating ID CRL\n" unless Rails.env.test?
-
-      _out, _err, _st = Open3.capture3("
-        mkdir -p #{ENV['crl_dir']}/crl-id-temp
-        cd #{ENV['crl_dir']}/crl-id-temp
-
-        wget https://sk.ee/crls/esteid/esteid2007.crl
-        wget https://sk.ee/crls/juur/crl.crl
-        wget https://sk.ee/crls/eeccrca/eeccrca.crl
-        wget https://sk.ee/repository/crls/esteid2011.crl
-
-        openssl crl -in esteid2007.crl -out esteid2007.crl -inform DER
-        openssl crl -in crl.crl -out crl.crl -inform DER
-        openssl crl -in eeccrca.crl -out eeccrca.crl -inform DER
-        openssl crl -in esteid2011.crl -out esteid2011.crl -inform DER
-
-        ln -s crl.crl `openssl crl -hash -noout -in crl.crl`.r0
-        ln -s esteid2007.crl `openssl crl -hash -noout -in esteid2007.crl`.r0
-        ln -s eeccrca.crl `openssl crl -hash -noout -in eeccrca.crl`.r0
-        ln -s esteid2011.crl `openssl crl -hash -noout -in esteid2011.crl`.r0
-
-        rm -rf #{ENV['crl_dir']}/*.crl #{ENV['crl_dir']}/*.r0
-
-        mv #{ENV['crl_dir']}/crl-id-temp/* #{ENV['crl_dir']}
-
-        rm -rf #{ENV['crl_dir']}/crl-id-temp
-      ")
-
-      STDOUT << "#{Time.zone.now.utc} - ID CRL updated\n" unless Rails.env.test?
-    end
-
-    def update_registry_crl
-      STDOUT << "#{Time.zone.now.utc} - Updating registry CRL\n" unless Rails.env.test?
-
-      _out, _err, _st = Open3.capture3("
-        mkdir -p #{ENV['crl_dir']}/crl-temp
-        cd #{ENV['crl_dir']}/crl-temp
-
-        openssl ca -config #{ENV['openssl_config_path']} -keyfile #{ENV['ca_key_path']} -cert \
-        #{ENV['ca_cert_path']} -gencrl -out #{ENV['crl_dir']}/crl-temp/crl.pem -key \
-        '#{ENV['ca_key_password']}' -batch
-
-        ln -s crl.pem `openssl crl -hash -noout -in crl.pem`.r1
-
-        rm -rf #{ENV['crl_dir']}/*.pem #{ENV['crl_dir']}/*.r1
-
-        mv #{ENV['crl_dir']}/crl-temp/* #{ENV['crl_dir']}
-
-        rm -rf #{ENV['crl_dir']}/crl-temp
-      ")
-
-      STDOUT << "#{Time.zone.now.utc} - Registry CRL updated\n" unless Rails.env.test?
-    end
-
-    def reload_apache
-      STDOUT << "#{Time.zone.now.utc} - Reloading apache\n" unless Rails.env.test?
-      _out, _err, _st = Open3.capture3("sudo /etc/init.d/apache2 reload")
-      STDOUT << "#{Time.zone.now.utc} - Apache reloaded\n" unless Rails.env.test?
-    end
 
     def parse_md_from_string(crt)
       return nil if crt.blank?
diff --git a/config/application.yml.sample b/config/application.yml.sample
index 2cd19b768..9bf0f769c 100644
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@@ -34,6 +34,7 @@ time_zone: 'Tallinn' # more zones by rake time:zones:all
 openssl_config_path: '/etc/ssl/openssl.cnf'
 crl_dir:     '/home/registry/registry/shared/ca/crl'
 crl_path:     '/home/registry/registry/shared/ca/crl/crl.pem'
+crl_updater_path: '/home/registry/registry/shared/ca/crl/crlupdater.sh'
 ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
 ca_key_path:  '/home/registry/registry/shared/ca/private/ca.key.pem'
 ca_key_password: 'your-root-key-password'

From 630c8878d8a2fc9fecc78d55e1c2afa020fe2b20 Mon Sep 17 00:00:00 2001
From: Georg Kahest <georg@tld.ee>
Date: Tue, 1 Sep 2020 13:46:12 +0300
Subject: [PATCH 3/6] force usage of bash command with args

---
 app/models/certificate.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index 98ad7eea9..d372058ff 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -134,7 +134,7 @@ class Certificate < ApplicationRecord
   class << self
     def update_crl
       STDOUT << "#{Time.zone.now.utc} - Running crlupdater\n" unless Rails.env.test?
-      system "#{ENV['crl_updater_path']}"
+      system('/bin/bash', ENV['crl_updater_path'].to_s)
       STDOUT << "#{Time.zone.now.utc} - Finished running crlupdater\n" unless Rails.env.test?
     end
 

From 00eca4df5ee51c29b7b48e846ade6067e6846193 Mon Sep 17 00:00:00 2001
From: georg <georg@gj.ee>
Date: Fri, 4 Sep 2020 13:16:18 +0300
Subject: [PATCH 4/6] Branch Condition

---
 app/models/certificate.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index d372058ff..cbed05d6e 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -133,9 +133,11 @@ class Certificate < ApplicationRecord
 
   class << self
     def update_crl
-      STDOUT << "#{Time.zone.now.utc} - Running crlupdater\n" unless Rails.env.test?
+      start = "#{Time.zone.now.utc} - Running crlupdater\n"
+      stop = "#{Time.zone.now.utc} - Finished running crlupdater\n"
+      STDOUT << start unless Rails.env.test?
       system('/bin/bash', ENV['crl_updater_path'].to_s)
-      STDOUT << "#{Time.zone.now.utc} - Finished running crlupdater\n" unless Rails.env.test?
+      STDOUT << stop unless Rails.env.test?
     end
 
     def parse_md_from_string(crt)

From 718249971f47fbb247f753e1a37b696d7aa78c06 Mon Sep 17 00:00:00 2001
From: georg <georg@gj.ee>
Date: Fri, 4 Sep 2020 13:28:49 +0300
Subject: [PATCH 5/6] tostdout

---
 app/models/certificate.rb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index cbed05d6e..b3f1ed070 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -132,12 +132,16 @@ class Certificate < ApplicationRecord
   end
 
   class << self
+
+    def tostdout(message)
+      time = Time.zone.now.utc
+      STDOUT << "#{time} - #{message}\n" unless Rails.env.test?
+    end
     def update_crl
-      start = "#{Time.zone.now.utc} - Running crlupdater\n"
-      stop = "#{Time.zone.now.utc} - Finished running crlupdater\n"
-      STDOUT << start unless Rails.env.test?
+
+      tostdout('Running crlupdater')
       system('/bin/bash', ENV['crl_updater_path'].to_s)
-      STDOUT << stop unless Rails.env.test?
+      tostdout('Finished running crlupdater')
     end
 
     def parse_md_from_string(crt)

From 7d4fe1c64b14773a84dfc7fcad2e3ace22e0bb17 Mon Sep 17 00:00:00 2001
From: georg <georg@gj.ee>
Date: Fri, 4 Sep 2020 13:30:57 +0300
Subject: [PATCH 6/6] whitespace

---
 app/models/certificate.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index b3f1ed070..3bea9e9fc 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -132,13 +132,12 @@ class Certificate < ApplicationRecord
   end
 
   class << self
-
     def tostdout(message)
       time = Time.zone.now.utc
       STDOUT << "#{time} - #{message}\n" unless Rails.env.test?
     end
-    def update_crl
 
+    def update_crl
       tostdout('Running crlupdater')
       system('/bin/bash', ENV['crl_updater_path'].to_s)
       tostdout('Finished running crlupdater')