diff --git a/app/controllers/admin/certificates_controller.rb b/app/controllers/admin/certificates_controller.rb
index 5fa736fbc..df878eec8 100644
--- a/app/controllers/admin/certificates_controller.rb
+++ b/app/controllers/admin/certificates_controller.rb
@@ -11,9 +11,11 @@ class Admin::CertificatesController < AdminController
def create
@api_user = ApiUser.find(params[:api_user_id])
+
+ crt = certificate_params[:crt].open.read if certificate_params[:crt]
csr = certificate_params[:csr].open.read if certificate_params[:csr]
- @certificate = @api_user.certificates.build(csr: csr)
+ @certificate = @api_user.certificates.build(csr: csr, crt: crt)
if @api_user.save
flash[:notice] = I18n.t('record_created')
redirect_to [:admin, @api_user, @certificate]
@@ -63,6 +65,10 @@ class Admin::CertificatesController < AdminController
end
def certificate_params
- params.require(:certificate).permit(:csr)
+ if params[:certificate]
+ params.require(:certificate).permit(:csr, :crt)
+ else
+ {}
+ end
end
end
diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index b96c96a54..c5b18ebe7 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -11,7 +11,13 @@ class Certificate < ActiveRecord::Base
REVOKED = 'revoked'
VALID = 'valid'
- validates :csr, presence: true
+ validate :validate_csr_and_crt
+
+ def validate_csr_and_crt
+ if csr.blank? && crt.blank?
+ errors.add(:base, I18n.t(:crt_or_csr_must_be_present))
+ end
+ end
def parsed_crt
@p_crt ||= OpenSSL::X509::Certificate.new(crt) if crt
diff --git a/app/views/admin/api_users/show.haml b/app/views/admin/api_users/show.haml
index 112dce676..1cb4423c3 100644
--- a/app/views/admin/api_users/show.haml
+++ b/app/views/admin/api_users/show.haml
@@ -35,6 +35,8 @@
.pull-left
= t(:certificates)
.pull-right
+ = link_to(t(:upload_crt),
+ new_admin_api_user_certificate_path(@api_user, crt: true), class: 'btn btn-primary btn-xs')
= link_to(t(:upload_csr),
new_admin_api_user_certificate_path(@api_user), class: 'btn btn-primary btn-xs')
@@ -50,3 +52,7 @@
%tr
%td= link_to(x.parsed_csr.try(:subject), admin_api_user_certificate_path(@api_user, x))
%td= x.status
+ - elsif x.crt
+ %tr
+ %td= link_to(x.parsed_crt.try(:subject), admin_api_user_certificate_path(@api_user, x))
+ %td= x.status
diff --git a/app/views/admin/certificates/new.haml b/app/views/admin/certificates/new.haml
index d214bcf90..60ece69d4 100644
--- a/app/views/admin/certificates/new.haml
+++ b/app/views/admin/certificates/new.haml
@@ -1,4 +1,4 @@
-= render 'shared/title', name: t(:upload_csr)
+= render 'shared/title', name: params[:crt] ? t(:upload_crt) : t(:upload_csr)
= form_for([:admin, @api_user, @certificate], multipart: true) do |f|
= render 'shared/full_errors', object: f.object
@@ -6,10 +6,16 @@
.row
.col-md-8
.form-group
- .col-md-4.control-label
- = f.label :csr, t(:certificate_signing_req)
- .col-md-8
- = f.file_field :csr
+ - if params[:crt]
+ .col-md-4.control-label
+ = f.label :crt, t(:certificate)
+ .col-md-8
+ = f.file_field :crt
+ - else
+ .col-md-4.control-label
+ = f.label :csr, t(:certificate_signing_req)
+ .col-md-8
+ = f.file_field :csr
%hr
.row
.col-md-8.text-right
diff --git a/app/views/admin/certificates/show.haml b/app/views/admin/certificates/show.haml
index 8be28ab8b..dc66b41c7 100644
--- a/app/views/admin/certificates/show.haml
+++ b/app/views/admin/certificates/show.haml
@@ -8,27 +8,29 @@
%br
- if @certificate.errors.any?
%hr
-.row
- .col-md-12
- .panel.panel-default
- .panel-heading.clearfix
- .pull-left
- = t(:csr)
- .pull-right
- = link_to(t(:download), download_csr_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
- - unless @crt
- = link_to(t(:sign_this_request), sign_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
- .panel-body
- %dl.dl-horizontal
- %dt= t(:version)
- %dd= @csr.version
+- if @csr
+ .row
+ .col-md-12
+ .panel.panel-default
+ .panel-heading.clearfix
+ .pull-left
+ = t(:csr)
+ .pull-right
+ = link_to(t(:download), download_csr_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
+ - unless @crt
+ = link_to(t(:sign_this_request), sign_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
- %dt= t(:subject)
- %dd= @csr.subject
+ .panel-body
+ %dl.dl-horizontal
+ %dt= t(:version)
+ %dd= @csr.version
- %dt= t(:signature_algorithm)
- %dd= @csr.signature_algorithm
+ %dt= t(:subject)
+ %dd= @csr.subject
+
+ %dt= t(:signature_algorithm)
+ %dd= @csr.signature_algorithm
- if @crt
.row
@@ -40,7 +42,7 @@
= t('crt_revoked') if @certificate.revoked?
.pull-right
= link_to(t(:download), download_crt_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
- - unless @certificate.revoked?
+ - if !@certificate.revoked? && @certificate.csr
= link_to(t(:revoke_this_certificate), revoke_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
- if @crt
.panel-body
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 62a461fc8..c745de9ea 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -771,4 +771,5 @@ en:
login_failed_check_id_card: 'Log in failed, check ID card'
not_valid_domain_verification_title: Domain verification not available
not_valid_domain_verification_body: This could mean your verification has been expired or done already.
Please contact us if you think something is wrong.
-
+ upload_crt: 'Upload CRT'
+ crt_or_csr_must_be_present: 'CRT or CSR must be present'
diff --git a/spec/models/certificate_spec.rb b/spec/models/certificate_spec.rb
index 26656e51b..232492269 100644
--- a/spec/models/certificate_spec.rb
+++ b/spec/models/certificate_spec.rb
@@ -11,7 +11,7 @@ describe Certificate do
it 'should not be valid' do
@certificate.valid?
@certificate.errors.full_messages.should match_array([
- "Csr is missing"
+ "CRT or CSR must be present"
])
end