Form for uploading CRT directly

app/controllers/admin/certificates_controller.rb

@@ -11,9 +11,11 @@ class Admin::CertificatesController < AdminController
 
   def create
     @api_user = ApiUser.find(params[:api_user_id])
+
+    crt = certificate_params[:crt].open.read if certificate_params[:crt]
     csr = certificate_params[:csr].open.read if certificate_params[:csr]
 
-    @certificate = @api_user.certificates.build(csr: csr)
+    @certificate = @api_user.certificates.build(csr: csr, crt: crt)
     if @api_user.save
       flash[:notice] = I18n.t('record_created')
       redirect_to [:admin, @api_user, @certificate]
@@ -63,6 +65,10 @@ class Admin::CertificatesController < AdminController
   end
 
   def certificate_params
-    params.require(:certificate).permit(:csr)
+    if params[:certificate]
+      params.require(:certificate).permit(:csr, :crt)
+    else
+      {}
+    end
   end
 end

app/models/certificate.rb

@@ -11,7 +11,13 @@ class Certificate < ActiveRecord::Base
   REVOKED = 'revoked'
   VALID = 'valid'
 
-  validates :csr, presence: true
+  validate :validate_csr_and_crt
+
+  def validate_csr_and_crt
+    if csr.blank? && crt.blank?
+      errors.add(:base, I18n.t(:crt_or_csr_must_be_present))
+    end
+  end
 
   def parsed_crt
     @p_crt ||= OpenSSL::X509::Certificate.new(crt) if crt

app/views/admin/api_users/show.haml

@@ -35,6 +35,8 @@
         .pull-left
           = t(:certificates)
         .pull-right
+          = link_to(t(:upload_crt),
+            new_admin_api_user_certificate_path(@api_user, crt: true), class: 'btn btn-primary btn-xs')
           = link_to(t(:upload_csr),
             new_admin_api_user_certificate_path(@api_user), class: 'btn btn-primary btn-xs')
 
@@ -50,3 +52,7 @@
                 %tr
                   %td= link_to(x.parsed_csr.try(:subject), admin_api_user_certificate_path(@api_user, x))
                   %td= x.status
+              - elsif x.crt
+                %tr
+                  %td= link_to(x.parsed_crt.try(:subject), admin_api_user_certificate_path(@api_user, x))
+                  %td= x.status

app/views/admin/certificates/new.haml

@@ -1,4 +1,4 @@
-= render 'shared/title', name: t(:upload_csr)
+= render 'shared/title', name: params[:crt] ? t(:upload_crt) : t(:upload_csr)
 
 = form_for([:admin, @api_user, @certificate], multipart: true) do |f|
   = render 'shared/full_errors', object: f.object
@@ -6,10 +6,16 @@
   .row
     .col-md-8
       .form-group
-        .col-md-4.control-label
-          = f.label :csr, t(:certificate_signing_req)
-        .col-md-8
-          = f.file_field :csr
+        - if params[:crt]
+          .col-md-4.control-label
+            = f.label :crt, t(:certificate)
+          .col-md-8
+            = f.file_field :crt
+        - else
+          .col-md-4.control-label
+            = f.label :csr, t(:certificate_signing_req)
+          .col-md-8
+            = f.file_field :csr
   %hr
   .row
     .col-md-8.text-right

app/views/admin/certificates/show.haml

@@ -8,27 +8,29 @@
     %br
 - if @certificate.errors.any?
   %hr
-.row
-  .col-md-12
-    .panel.panel-default
-      .panel-heading.clearfix
-        .pull-left
-          = t(:csr)
-        .pull-right
-          = link_to(t(:download), download_csr_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
-          - unless @crt
-            = link_to(t(:sign_this_request), sign_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
 
-      .panel-body
-        %dl.dl-horizontal
-          %dt= t(:version)
-          %dd= @csr.version
+- if @csr
+  .row
+    .col-md-12
+      .panel.panel-default
+        .panel-heading.clearfix
+          .pull-left
+            = t(:csr)
+          .pull-right
+            = link_to(t(:download), download_csr_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
+            - unless @crt
+              = link_to(t(:sign_this_request), sign_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
 
-          %dt= t(:subject)
-          %dd= @csr.subject
+        .panel-body
+          %dl.dl-horizontal
+            %dt= t(:version)
+            %dd= @csr.version
 
-          %dt= t(:signature_algorithm)
-          %dd= @csr.signature_algorithm
+            %dt= t(:subject)
+            %dd= @csr.subject
+
+            %dt= t(:signature_algorithm)
+            %dd= @csr.signature_algorithm
 
 - if @crt
   .row
@@ -40,7 +42,7 @@
             = t('crt_revoked') if @certificate.revoked?
           .pull-right
             = link_to(t(:download), download_crt_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
-            - unless @certificate.revoked?
+            - if !@certificate.revoked? && @certificate.csr
               = link_to(t(:revoke_this_certificate), revoke_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
         - if @crt
           .panel-body

config/locales/en.yml

@@ -771,4 +771,5 @@ en:
   login_failed_check_id_card: 'Log in failed, check ID card'
   not_valid_domain_verification_title: Domain verification not available
   not_valid_domain_verification_body: This could mean your verification has been expired or done already.<br><br>Please contact us if you think something is wrong.
-
+  upload_crt: 'Upload CRT'
+  crt_or_csr_must_be_present: 'CRT or CSR must be present'

spec/models/certificate_spec.rb

@@ -11,7 +11,7 @@ describe Certificate do
     it 'should not be valid' do
       @certificate.valid?
       @certificate.errors.full_messages.should match_array([
-        "Csr is missing"
+        "CRT or CSR must be present"
       ])
     end