diff --git a/app/controllers/admin/certificates_controller.rb b/app/controllers/admin/certificates_controller.rb
index aadbc245a..3f1113b0f 100644
--- a/app/controllers/admin/certificates_controller.rb
+++ b/app/controllers/admin/certificates_controller.rb
@@ -1,10 +1,9 @@
module Admin
class CertificatesController < BaseController
load_and_authorize_resource
- before_action :set_certificate, :set_api_user, only: [:sign, :show, :download_csr, :download_crt, :revoke, :destroy]
+ before_action :set_certificate, :set_api_user, only: %i[sign show download_csr download_crt revoke destroy]
- def show;
- end
+ def show; end
def new
@api_user = ApiUser.find(params[:api_user_id])
@@ -28,11 +27,9 @@ module Admin
end
def destroy
- if @certificate.interface == Certificate::REGISTRAR
- @certificate.revoke!
- end
+ success = @certificate.revokable? ? revoke_and_destroy_certificate : @certificate.destroy
- if @certificate.destroy
+ if success
flash[:notice] = I18n.t('record_deleted')
redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user)
else
@@ -42,8 +39,9 @@ module Admin
end
def sign
- if @certificate.sign!
+ if @certificate.sign!(password: certificate_params[:password])
flash[:notice] = I18n.t('record_updated')
+ notify_api_user
redirect_to [:admin, @api_user, @certificate]
else
flash.now[:alert] = I18n.t('failed_to_update_record')
@@ -52,7 +50,7 @@ module Admin
end
def revoke
- if @certificate.revoke!
+ if @certificate.revoke!(password: certificate_params[:password])
flash[:notice] = I18n.t('record_updated')
else
flash[:alert] = I18n.t('failed_to_update_record')
@@ -84,10 +82,22 @@ module Admin
def certificate_params
if params[:certificate]
- params.require(:certificate).permit(:crt, :csr)
+ params.require(:certificate).permit(:crt, :csr, :password)
else
{}
end
end
+
+ def notify_api_user
+ api_user_email = @api_user.registrar.email
+
+ CertificateMailer.signed(email: api_user_email, api_user: @api_user,
+ crt: OpenSSL::X509::Certificate.new(@certificate.crt))
+ .deliver_now
+ end
+
+ def revoke_and_destroy_certificate
+ @certificate.revoke!(password: certificate_params[:password]) && @certificate.destroy
+ end
end
end
diff --git a/app/controllers/repp/v1/api_users_controller.rb b/app/controllers/repp/v1/api_users_controller.rb
index 41e1187b1..659802129 100644
--- a/app/controllers/repp/v1/api_users_controller.rb
+++ b/app/controllers/repp/v1/api_users_controller.rb
@@ -2,6 +2,7 @@ require 'serializers/repp/api_user'
module Repp
module V1
class ApiUsersController < BaseController
+ before_action :find_api_user, only: %i[show update destroy]
load_and_authorize_resource
THROTTLED_ACTIONS = %i[index show create update destroy].freeze
@@ -60,6 +61,10 @@ module Repp
private
+ def find_api_user
+ @api_user = current_user.registrar.api_users.find(params[:id])
+ end
+
def api_user_params
params.require(:api_user).permit(:username, :plain_text_password, :active,
:identity_code, { roles: [] })
diff --git a/app/controllers/repp/v1/certificates_controller.rb b/app/controllers/repp/v1/certificates_controller.rb
index 290182d55..140d87a04 100644
--- a/app/controllers/repp/v1/certificates_controller.rb
+++ b/app/controllers/repp/v1/certificates_controller.rb
@@ -1,29 +1,52 @@
+require 'serializers/repp/certificate'
module Repp
module V1
class CertificatesController < BaseController
- THROTTLED_ACTIONS = %i[create].freeze
+ before_action :find_certificate, only: %i[show download]
+ load_and_authorize_resource param_method: :cert_params
+
+ THROTTLED_ACTIONS = %i[show create download].freeze
include Shunter::Integration::Throttle
+ api :GET, '/repp/v1/api_users/:api_user_id/certificates/:id'
+ desc "Get a specific api user's specific certificate data"
+ def show
+ serializer = Serializers::Repp::Certificate.new(@certificate)
+ render_success(data: { cert: serializer.to_json })
+ end
+
api :POST, '/repp/v1/certificates'
desc 'Submit a new api user certificate signing request'
def create
- authorize! :create, Certificate
@api_user = current_user.registrar.api_users.find(cert_params[:api_user_id])
csr = decode_cert_params(cert_params[:csr])
@certificate = @api_user.certificates.build(csr: csr)
- unless @certificate.save
- handle_non_epp_errors(@certificate)
- return
- end
- notify_admins
- render_success(data: { api_user: { id: @api_user.id } })
+ if @certificate.save
+ notify_admins
+ render_success(data: { api_user: { id: @api_user.id } })
+ else
+ handle_non_epp_errors(@certificate)
+ end
+ end
+
+ api :get, '/repp/v1/api_users/:api_user_id/certificates/:id/download'
+ desc "Download a specific api user's specific certificate"
+ param :type, String, required: true, desc: 'Type of certificate (csr or crt)'
+ def download
+ filename = "#{@api_user.username}_#{Time.zone.today.strftime('%y%m%d')}_portal.#{params[:type]}.pem"
+ send_data @certificate[params[:type].to_s], filename: filename
end
private
+ def find_certificate
+ @api_user = current_user.registrar.api_users.find(params[:api_user_id])
+ @certificate = @api_user.certificates.find(params[:id])
+ end
+
def cert_params
params.require(:certificate).permit(:api_user_id, csr: %i[body type])
end
@@ -40,9 +63,9 @@ module Repp
return if admin_users_emails.empty?
admin_users_emails.each do |email|
- CertificateMailer.new_certificate_signing_request(email: email,
- api_user: @api_user,
- csr: @certificate)
+ CertificateMailer.certificate_signing_requested(email: email,
+ api_user: @api_user,
+ csr: @certificate)
.deliver_now
end
end
diff --git a/app/controllers/repp/v1/invoices_controller.rb b/app/controllers/repp/v1/invoices_controller.rb
index fe2c1c50a..238c31af4 100644
--- a/app/controllers/repp/v1/invoices_controller.rb
+++ b/app/controllers/repp/v1/invoices_controller.rb
@@ -2,6 +2,7 @@ require 'serializers/repp/invoice'
module Repp
module V1
class InvoicesController < BaseController # rubocop:disable Metrics/ClassLength
+ before_action :find_invoice, only: %i[show download send_to_recipient cancel]
load_and_authorize_resource
THROTTLED_ACTIONS = %i[download add_credit send_to_recipient cancel index show].freeze
@@ -35,8 +36,6 @@ module Repp
desc 'Download a specific invoice as pdf file'
def download
filename = "Invoice-#{@invoice.number}.pdf"
- @response = { code: 1000, message: 'Command completed successfully',
- data: filename }
send_data @invoice.as_pdf, filename: filename
end
@@ -91,6 +90,10 @@ module Repp
private
+ def find_invoice
+ @invoice = current_user.registrar.invoices.find(params[:id])
+ end
+
def index_params
params.permit(:id, :limit, :offset, :details, :q, :simple,
:page, :per_page,
diff --git a/app/controllers/repp/v1/white_ips_controller.rb b/app/controllers/repp/v1/white_ips_controller.rb
index 259120f20..4cb8d8987 100644
--- a/app/controllers/repp/v1/white_ips_controller.rb
+++ b/app/controllers/repp/v1/white_ips_controller.rb
@@ -1,6 +1,7 @@
module Repp
module V1
class WhiteIpsController < BaseController
+ before_action :find_white_ip, only: %i[show update destroy]
load_and_authorize_resource
THROTTLED_ACTIONS = %i[index show create update destroy].freeze
@@ -57,6 +58,10 @@ module Repp
private
+ def find_white_ip
+ @white_ip = current_user.registrar.white_ips.find(params[:id])
+ end
+
def white_ip_params
params.require(:white_ip).permit(:ipv4, :ipv6, interfaces: [])
end
diff --git a/app/mailers/certificate_mailer.rb b/app/mailers/certificate_mailer.rb
index ad5622352..ae6f475e5 100644
--- a/app/mailers/certificate_mailer.rb
+++ b/app/mailers/certificate_mailer.rb
@@ -1,8 +1,15 @@
class CertificateMailer < ApplicationMailer
- def new_certificate_signing_request(email:, api_user:, csr:)
+ def certificate_signing_requested(email:, api_user:, csr:)
@certificate = csr
@api_user = api_user
subject = 'New Certificate Signing Request Received'
mail(to: email, subject: subject)
end
+
+ def signed(email:, api_user:, crt:)
+ @crt = crt
+ @api_user = api_user
+ subject = "Certificate Signing Confirmation for API User '#{@api_user.username}'"
+ mail(to: email, subject: subject)
+ end
end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 8ccb0d18f..7f3a96177 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -30,7 +30,7 @@ class Ability
billing
can :manage, ApiUser
can :manage, WhiteIp
- can :create, Certificate
+ can :manage, Certificate
end
def epp # Registrar/api_user dynamic role
diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index e5214fdc8..0d8f0465a 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -17,6 +17,7 @@ class Certificate < ApplicationRecord
scope 'api', -> { where(interface: API) }
scope 'registrar', -> { where(interface: REGISTRAR) }
+ scope 'unrevoked', -> { where(revoked: false) }
validate :validate_csr_and_crt_presence
def validate_csr_and_crt_presence
@@ -64,75 +65,49 @@ class Certificate < ApplicationRecord
status == REVOKED
end
+ def revokable?
+ interface == REGISTRAR && status != UNSIGNED
+ end
+
def status
return UNSIGNED if crt.blank?
return @cached_status if @cached_status
@cached_status = SIGNED
- expired = parsed_crt.not_before > Time.zone.now.utc && parsed_crt.not_after < Time.zone.now.utc
- @cached_status = EXPIRED if expired
-
- crl = OpenSSL::X509::CRL.new(File.open("#{ENV['crl_dir']}/crl.pem").read)
- return @cached_status unless crl.revoked.map(&:serial).include?(parsed_crt.serial)
-
- @cached_status = REVOKED
- end
-
- def sign!
- csr_file = Tempfile.new('client_csr')
- csr_file.write(csr)
- csr_file.rewind
-
- crt_file = Tempfile.new('client_crt')
- _out, err, _st = Open3.capture3('openssl', 'ca', '-config', ENV['openssl_config_path'],
- '-keyfile', ENV['ca_key_path'], '-cert', ENV['ca_cert_path'],
- '-extensions', 'usr_cert', '-notext', '-md', 'sha256',
- '-in', csr_file.path, '-out', crt_file.path, '-key', ENV['ca_key_password'],
- '-batch')
-
- if err.match?(/Data Base Updated/)
- crt_file.rewind
- self.crt = crt_file.read
- self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
- save!
- else
- logger.error('FAILED TO CREATE CLIENT CERTIFICATE')
- if err.match?(/TXT_DB error number 2/)
- errors.add(:base, I18n.t('failed_to_create_crt_csr_already_signed'))
- logger.error('CSR ALREADY SIGNED')
- else
- errors.add(:base, I18n.t('failed_to_create_certificate'))
- end
- logger.error(err)
- puts "Certificate sign issue: #{err.inspect}" if Rails.env.test?
- false
- end
- end
-
- def revoke!
- crt_file = Tempfile.new('client_crt')
- crt_file.write(crt)
- crt_file.rewind
-
- _out, err, _st = Open3.capture3("openssl ca -config #{ENV['openssl_config_path']} \
- -keyfile #{ENV['ca_key_path']} \
- -cert #{ENV['ca_cert_path']} \
- -revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
-
- if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
- self.revoked = true
- save!
+ if certificate_expired?
+ @cached_status = EXPIRED
+ elsif certificate_revoked?
@cached_status = REVOKED
- else
- errors.add(:base, I18n.t('failed_to_revoke_certificate'))
- logger.error('FAILED TO REVOKE CLIENT CERTIFICATE')
- logger.error(err)
- return false
end
- self.class.update_crl
- self
+ @cached_status
+ end
+
+ def sign!(password:)
+ csr_file = create_tempfile('client_csr', csr)
+ crt_file = Tempfile.new('client_crt')
+
+ err_output = execute_openssl_sign_command(password, csr_file.path, crt_file.path)
+
+ update_certificate_details(crt_file) and return true if err_output.match?(/Data Base Updated/)
+
+ log_failed_to_create_certificate(err_output)
+ false
+ end
+
+ def revoke!(password:)
+ crt_file = create_tempfile('client_crt', crt)
+
+ err_output = execute_openssl_revoke_command(password, crt_file.path)
+
+ if revocation_successful?(err_output)
+ update_revocation_status
+ self.class.update_crl
+ return self
+ end
+
+ handle_revocation_failure(err_output)
end
class << self
@@ -157,4 +132,89 @@ class Certificate < ApplicationRecord
OpenSSL::Digest::MD5.new(cert.to_der).to_s
end
end
+
+ private
+
+ def create_tempfile(filename, content = '')
+ tempfile = Tempfile.new(filename)
+ tempfile.write(content)
+ tempfile.rewind
+ tempfile
+ end
+
+ def log_failed_to_create_certificate(err_output)
+ logger.error('FAILED TO CREATE CLIENT CERTIFICATE')
+ if err_output.match?(/TXT_DB error number 2/)
+ handle_csr_already_signed_error
+ else
+ errors.add(:base, I18n.t('failed_to_create_certificate'))
+ end
+ logger.error(err_output)
+ puts "Certificate sign issue: #{err_output.inspect}" if Rails.env.test?
+ end
+
+ def execute_openssl_sign_command(password, csr_path, crt_path)
+ openssl_command = [
+ 'openssl', 'ca', '-config', ENV['openssl_config_path'],
+ '-keyfile', ENV['ca_key_path'], '-cert', ENV['ca_cert_path'],
+ '-extensions', 'usr_cert', '-notext', '-md', 'sha256',
+ '-in', csr_path, '-out', crt_path,
+ '-key', password,
+ '-batch'
+ ]
+
+ _out, err, _st = Open3.capture3(*openssl_command)
+ err
+ end
+
+ def execute_openssl_revoke_command(password, crt_path)
+ openssl_command = [
+ 'openssl', 'ca', '-config', ENV['openssl_config_path'],
+ '-keyfile', ENV['ca_key_path'], '-cert', ENV['ca_cert_path'],
+ '-revoke', crt_path,
+ '-key', password,
+ '-batch'
+ ]
+
+ _out, err, _st = Open3.capture3(*openssl_command)
+ err
+ end
+
+ def update_certificate_details(crt_file)
+ crt_file.rewind
+ self.crt = crt_file.read
+ self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
+ save!
+ end
+
+ def handle_csr_already_signed_error
+ errors.add(:base, I18n.t('failed_to_create_crt_csr_already_signed'))
+ logger.error('CSR ALREADY SIGNED')
+ end
+
+ def handle_revocation_failure(err_output)
+ errors.add(:base, I18n.t('failed_to_revoke_certificate'))
+ logger.error('FAILED TO REVOKE CLIENT CERTIFICATE')
+ logger.error(err_output)
+ false
+ end
+
+ def revocation_successful?(err_output)
+ err_output.match?(/Data Base Updated/) || err_output.match?(/ERROR:Already revoked/)
+ end
+
+ def update_revocation_status
+ self.revoked = true
+ save!
+ @cached_status = REVOKED
+ end
+
+ def certificate_expired?
+ parsed_crt.not_before > Time.zone.now.utc && parsed_crt.not_after < Time.zone.now.utc
+ end
+
+ def certificate_revoked?
+ crl = OpenSSL::X509::CRL.new(File.open("#{ENV['crl_dir']}/crl.pem").read)
+ crl.revoked.map(&:serial).include?(parsed_crt.serial)
+ end
end
diff --git a/app/views/admin/certificates/show.haml b/app/views/admin/certificates/show.haml
index 30d095f65..517140e4b 100644
--- a/app/views/admin/certificates/show.haml
+++ b/app/views/admin/certificates/show.haml
@@ -1,15 +1,7 @@
- content_for :actions do
- = link_to(t(:delete), admin_api_user_certificate_path(@api_user, @certificate),
- method: :delete, data: { confirm: t(:are_you_sure) }, class: 'btn btn-danger')
+ = link_to(t(:delete), '#', "data-toggle": "modal", "data-target": "#deleteModal", class: 'btn btn-danger')
= render 'shared/title', name: t(:certificates)
-- if @certificate.errors.any?
- - @certificate.errors.each do |attr, err|
- = err
- %br
-- if @certificate.errors.any?
- %hr
-
.row
.col-md-12
.panel.panel-default
@@ -47,7 +39,8 @@
.pull-right
= link_to(t(:download), download_csr_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
- unless @crt
- = link_to(t(:sign_this_request), sign_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
+ - sign_revoke_url = sign_admin_api_user_certificate_path(@api_user, @certificate)
+ = link_to(t(:sign_this_request), '#', "data-toggle": "modal", "data-target": "#signRevokeModal", class: 'btn btn-primary btn-xs')
.panel-body
%dl.dl-horizontal
@@ -55,7 +48,7 @@
%dd= @csr.version
%dt= CertificationRequest.human_attribute_name :subject
- %dd= @csr.subject
+ %dd{ style: 'word-break:break-all;' }= @csr.subject
%dt= t(:signature_algorithm)
%dd= @csr.signature_algorithm
@@ -71,7 +64,8 @@
.pull-right
= link_to(t(:download), download_crt_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
- if !@certificate.revoked? && @certificate.csr
- = link_to(t(:revoke_this_certificate), revoke_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
+ - sign_revoke_url = revoke_admin_api_user_certificate_path(@api_user, @certificate)
+ = link_to(t(:revoke_this_certificate), '#', "data-toggle": "modal", "data-target": "#signRevokeModal", class: 'btn btn-primary btn-xs')
- if @crt
.panel-body
%dl.dl-horizontal
@@ -98,3 +92,37 @@
%dt= Certificate.human_attribute_name :extensions
%dd= @crt.extensions.map(&:to_s).join('
').html_safe
+
+.modal.fade{ id: "signRevokeModal", tabindex: "-1", role: "dialog", "aria-labelledby": "signRevokeModalLabel" }
+ .modal-dialog{ role: "document" }
+ .modal-content
+ = form_for(:certificate, url: sign_revoke_url) do |f|
+ .modal-header
+ %button.close{ type: "button", "data-dismiss": "modal", "aria-label": "Close" }
+ %span{ "aria-hidden" => "true" } ×
+ %h4.modal-title{ id: "signRevokeModalLabel" }
+ = t(:enter_ca_key_password)
+ .modal-body
+ = f.password_field :password, required: true, class: 'form-control'
+ .modal-footer
+ %button.btn.btn-default{ type: "button", "data-dismiss": "modal" }
+ = t(:close)
+ %button.btn.btn-primary{ type: "submit" }
+ = @crt.nil? ? t(:sign) : t(:submit)
+
+.modal.fade{ id: "deleteModal", tabindex: "-1", role: "dialog", "aria-labelledby": "deleteModalLabel" }
+ .modal-dialog{ role: "document" }
+ .modal-content
+ = form_for(:certificate, url: admin_api_user_certificate_path(@api_user, @certificate), method: :delete) do |f|
+ .modal-header
+ %button.close{ type: "button", "data-dismiss": "modal", "aria-label": "Close" }
+ %span{ "aria-hidden" => "true" } ×
+ %h4.modal-title{ id: "deleteModalLabel" }
+ = t(:enter_ca_key_password)
+ .modal-body
+ = f.password_field :password, required: true, class: 'form-control'
+ .modal-footer
+ %button.btn.btn-default{ type: "button", "data-dismiss": "modal" }
+ = t(:close)
+ %button.btn.btn-primary{ type: "submit" }
+ = t(:delete)
diff --git a/app/views/mailers/certificate_mailer/new_certificate_signing_request.html.erb b/app/views/mailers/certificate_mailer/certificate_signing_requested.html.erb
similarity index 100%
rename from app/views/mailers/certificate_mailer/new_certificate_signing_request.html.erb
rename to app/views/mailers/certificate_mailer/certificate_signing_requested.html.erb
diff --git a/app/views/mailers/certificate_mailer/new_certificate_signing_request.text.erb b/app/views/mailers/certificate_mailer/certificate_signing_requested.text.erb
similarity index 100%
rename from app/views/mailers/certificate_mailer/new_certificate_signing_request.text.erb
rename to app/views/mailers/certificate_mailer/certificate_signing_requested.text.erb
diff --git a/app/views/mailers/certificate_mailer/signed.html.erb b/app/views/mailers/certificate_mailer/signed.html.erb
new file mode 100644
index 000000000..3334184b6
--- /dev/null
+++ b/app/views/mailers/certificate_mailer/signed.html.erb
@@ -0,0 +1,50 @@
+Tere,
+
+
+Anname teada, et API kasutaja on esitanud .ee registrisüsteemiga integreerumiseks sertifikaadi taotluse.
+Oleme selle taotlusega seotud sertifikaadi edukalt töödelnud ja allkirjastanud.
+
+API Kasutaja andmed:
+
+ - API Kasutaja nimi: <%= @api_user.username %>
+ - Sertifikaadi seerianumber: <%= @crt.serial %>
+ - Sertifikaadi aegumiskuupäev: <%= @crt.not_after %>
+ - Sertifikaadi subjekt: <%= @crt.subject %>
+
+
+Allkirjastatud sertifikaat tagab turvalise suhtluse .ee registripidaja ning registri süsteemide vahel.
+See toimib digitaalse identiteedikinnitusena, võimaldades autoriseeritud juurdepääsu .ee liidestele.
+
+Kui Teil on küsimusi või vajate täiendavat teavet seoses sertifikaadi taotluse või API integratsiooniga, võtke meiega ühendust.
+
+
+Parimate soovidega,
+
+<%= render 'mailers/shared/signatures/signature.et.html' %>
+
+
+
+Hi,
+
+
+We are writing to inform you that a certificate request has been made by an API user to integrate with our system.
+We have successfully processed and signed the certificate associated with this request.
+
+Api User Details:
+
+ - API User Name: <%= @api_user.username %>
+ - Certificate Serial Number: <%= @crt.serial %>
+ - Certificate Expiry Date: <%= @crt.not_after %>
+ - Certificate Subject: <%= @crt.subject %>
+
+
+The signed certificate ensures secure communication between the API user's integration and .ee registry system.
+It serves as a digital identity verification, enabling authorized access to the APIs.
+
+
+If you have any questions or require further information regarding this certificate request or the API integration, please do not hesitate to reach out to us.
+
+
+Best regards,
+
+<%= render 'mailers/shared/signatures/signature.en.html' %>
\ No newline at end of file
diff --git a/app/views/mailers/certificate_mailer/signed.text.erb b/app/views/mailers/certificate_mailer/signed.text.erb
new file mode 100644
index 000000000..ff24cd7a4
--- /dev/null
+++ b/app/views/mailers/certificate_mailer/signed.text.erb
@@ -0,0 +1,34 @@
+Tere,
+
+Anname teada, et API kasutaja on esitanud .ee registrisüsteemiga integreerumiseks sertifikaadi taotluse. Oleme selle taotlusega seotud sertifikaadi edukalt töödelnud ja allkirjastanud.
+
+API Kasutaja andmed:
+- API Kasutaja nimi: <%= @api_user.username %>
+- Sertifikaadi seerianumber: <%= @crt.serial %>
+- Sertifikaadi aegumiskuupäev: <%= @crt.not_after %>
+- Sertifikaadi subjekt: <%= @crt.subject %>
+
+Allkirjastatud sertifikaat tagab turvalise suhtluse .ee registripidaja ning registri süsteemide vahel. See toimib digitaalse identiteedikinnitusena, võimaldades autoriseeritud juurdepääsu .ee liidestele.
+
+Kui Teil on küsimusi või vajate täiendavat teavet seoses sertifikaadi taotluse või API integratsiooniga, võtke meiega ühendust.
+
+Parimate soovidega,
+<%= render 'mailers/shared/signatures/signature.et.text' %>
+---
+
+Hi,
+
+We are writing to inform you that a certificate request has been made by an API user to integrate with our system. We have successfully processed and signed the certificate associated with this request.
+
+API User Details:
+- API User Name: <%= @api_user.username %>
+- Certificate Serial Number: <%= @crt.serial %>
+- Certificate Expiry Date: <%= @crt.not_after %>
+- Certificate Subject: <%= @crt.subject %>
+
+The signed certificate ensures secure communication between the API user's integration and .ee registry system. It serves as a digital identity verification, enabling authorized access to the APIs.
+
+If you have any questions or require further information regarding this certificate request or the API integration, please do not hesitate to reach out to us.
+
+Best regards,
+<%= render 'mailers/shared/signatures/signature.en.text' %>
diff --git a/config/application.yml.sample b/config/application.yml.sample
index 61bf6f223..2de9c29cb 100644
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@@ -36,7 +36,6 @@ crl_path: '/home/registry/registry/shared/ca/crl/crl.pem'
crl_updater_path: '/home/registry/registry/shared/ca/crl/crlupdater.sh'
ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
ca_key_path: '/home/registry/registry/shared/ca/private/ca.key.pem'
-ca_key_password: 'your-root-key-password'
directo_invoice_url: 'https://domain/ddddd.asp'
cdns_scanner_input_file: '/opt/cdns/input.txt'
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 4a37c35f8..a5633c82d 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -363,7 +363,9 @@ en:
signature_algorithm: 'Signature algorithm'
version: 'Version'
sign_this_request: 'Sign this request'
+ sign: 'Sign'
revoke_this_certificate: 'Revoke this certificate'
+ enter_ca_key_password: 'Enter passphrase for a CA key'
crt_revoked: 'CRT (revoked)'
contact_org_error: 'Parameter value policy error. Org must be blank'
contact_fax_error: 'Parameter value policy error. Fax must be blank'
diff --git a/config/routes.rb b/config/routes.rb
index 34144d6ad..6652f013e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -92,10 +92,10 @@ Rails.application.routes.draw do
end
resources :invoices, only: %i[index show] do
collection do
- get ':id/download', to: 'invoices#download'
post 'add_credit'
end
member do
+ get 'download'
post 'send_to_recipient', to: 'invoices#send_to_recipient'
put 'cancel', to: 'invoices#cancel'
end
@@ -108,7 +108,13 @@ Rails.application.routes.draw do
get '/market_share_growth_rate', to: 'stats#market_share_growth_rate'
end
end
- resources :api_users, only: %i[index show update create destroy]
+ resources :api_users, only: %i[index show update create destroy] do
+ resources :certificates, only: %i[show] do
+ member do
+ get 'download'
+ end
+ end
+ end
resources :white_ips, only: %i[index show update create destroy]
resources :certificates, only: %i[create]
namespace :registrar do
diff --git a/lib/serializers/repp/api_user.rb b/lib/serializers/repp/api_user.rb
index 43218b179..b753ee2ad 100644
--- a/lib/serializers/repp/api_user.rb
+++ b/lib/serializers/repp/api_user.rb
@@ -32,9 +32,9 @@ module Serializers
private
def certificates
- user.certificates.map do |x|
+ user.certificates.unrevoked.map do |x|
subject = x.csr ? x.parsed_csr.try(:subject) : x.parsed_crt.try(:subject)
- { subject: subject.to_s, status: x.status }
+ { id: x.id, subject: subject.to_s, status: x.status }
end
end
end
diff --git a/lib/serializers/repp/certificate.rb b/lib/serializers/repp/certificate.rb
new file mode 100644
index 000000000..680117248
--- /dev/null
+++ b/lib/serializers/repp/certificate.rb
@@ -0,0 +1,43 @@
+module Serializers
+ module Repp
+ class Certificate
+ attr_reader :certificate
+
+ def initialize(certificate)
+ @certificate = certificate
+ end
+
+ def to_json(obj = certificate)
+ json = obj.as_json.except('csr', 'crt')
+ csr = obj.parsed_csr
+ crt = obj.parsed_crt
+ json[:csr] = csr_data(csr) if csr
+ json[:crt] = crt_data(crt) if crt
+ json
+ end
+
+ private
+
+ def csr_data(csr)
+ {
+ version: csr.version,
+ subject: csr.subject.to_s,
+ alg: csr.signature_algorithm.to_s,
+ }
+ end
+
+ def crt_data(crt)
+ {
+ version: crt.version,
+ serial: crt.serial.to_s,
+ alg: crt.signature_algorithm.to_s,
+ issuer: crt.issuer.to_s,
+ not_before: crt.not_before,
+ not_after: crt.not_after,
+ subject: crt.subject.to_s,
+ extensions: crt.extensions.map(&:to_s),
+ }
+ end
+ end
+ end
+end