zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-28 05:26:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added endpoints for creating and downloading api user certificates

Browse source
This commit is contained in:
Sergei Tsoganov 2023-06-28 15:48:40 +03:00
parent b558c80e83
commit 47b6a1b87a
18 changed files with 377 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

30
app/controllers/admin/certificates_controller.rb
View file

@ -1,10 +1,9 @@
module Admin
class CertificatesController < BaseController
load_and_authorize_resource
before_action :set_certificate, :set_api_user, only: [:sign, :show, :download_csr, :download_crt, :revoke, :destroy]
before_action :set_certificate, :set_api_user, only: %i[sign show download_csr download_crt revoke destroy]
def show;
end
def show; end
def new
@api_user = ApiUser.find(params[:api_user_id])
@ -28,11 +27,9 @@ module Admin
end
def destroy
if @certificate.interface == Certificate::REGISTRAR
@certificate.revoke!
end
success = @certificate.revokable? ? revoke_and_destroy_certificate : @certificate.destroy
if @certificate.destroy
if success
flash[:notice] = I18n.t('record_deleted')
redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user)
else
@ -42,8 +39,9 @@ module Admin
end
def sign
if @certificate.sign!
if @certificate.sign!(password: certificate_params[:password])
flash[:notice] = I18n.t('record_updated')
notify_api_user
redirect_to [:admin, @api_user, @certificate]
else
flash.now[:alert] = I18n.t('failed_to_update_record')
@ -52,7 +50,7 @@ module Admin
end
def revoke
if @certificate.revoke!
if @certificate.revoke!(password: certificate_params[:password])
flash[:notice] = I18n.t('record_updated')
else
flash[:alert] = I18n.t('failed_to_update_record')
@ -84,10 +82,22 @@ module Admin
def certificate_params
if params[:certificate]
params.require(:certificate).permit(:crt, :csr)
params.require(:certificate).permit(:crt, :csr, :password)
else
{}
end
end
def notify_api_user
api_user_email = @api_user.registrar.email
CertificateMailer.signed(email: api_user_email, api_user: @api_user,
crt: OpenSSL::X509::Certificate.new(@certificate.crt))
.deliver_now
end
def revoke_and_destroy_certificate
@certificate.revoke!(password: certificate_params[:password]) && @certificate.destroy
end
end
end

5
app/controllers/repp/v1/api_users_controller.rb
View file

@ -2,6 +2,7 @@ require 'serializers/repp/api_user'
module Repp
module V1
class ApiUsersController < BaseController
before_action :find_api_user, only: %i[show update destroy]
load_and_authorize_resource
THROTTLED_ACTIONS = %i[index show create update destroy].freeze
@ -60,6 +61,10 @@ module Repp
private
def find_api_user
@api_user = current_user.registrar.api_users.find(params[:id])
end
def api_user_params
params.require(:api_user).permit(:username, :plain_text_password, :active,
:identity_code, { roles: [] })

37
app/controllers/repp/v1/certificates_controller.rb
View file

@ -1,29 +1,52 @@
require 'serializers/repp/certificate'
module Repp
module V1
class CertificatesController < BaseController
THROTTLED_ACTIONS = %i[create].freeze
before_action :find_certificate, only: %i[show download]
load_and_authorize_resource param_method: :cert_params
THROTTLED_ACTIONS = %i[show create download].freeze
include Shunter::Integration::Throttle
api :GET, '/repp/v1/api_users/:api_user_id/certificates/:id'
desc "Get a specific api user's specific certificate data"
def show
serializer = Serializers::Repp::Certificate.new(@certificate)
render_success(data: { cert: serializer.to_json })
end
api :POST, '/repp/v1/certificates'
desc 'Submit a new api user certificate signing request'
def create
authorize! :create, Certificate
@api_user = current_user.registrar.api_users.find(cert_params[:api_user_id])
csr = decode_cert_params(cert_params[:csr])
@certificate = @api_user.certificates.build(csr: csr)
unless @certificate.save
handle_non_epp_errors(@certificate)
return
end
if @certificate.save
notify_admins
render_success(data: { api_user: { id: @api_user.id } })
else
handle_non_epp_errors(@certificate)
end
end
api :get, '/repp/v1/api_users/:api_user_id/certificates/:id/download'
desc "Download a specific api user's specific certificate"
param :type, String, required: true, desc: 'Type of certificate (csr or crt)'
def download
filename = "#{@api_user.username}_#{Time.zone.today.strftime('%y%m%d')}_portal.#{params[:type]}.pem"
send_data @certificate[params[:type].to_s], filename: filename
end
private
def find_certificate
@api_user = current_user.registrar.api_users.find(params[:api_user_id])
@certificate = @api_user.certificates.find(params[:id])
end
def cert_params
params.require(:certificate).permit(:api_user_id, csr: %i[body type])
end
@ -40,7 +63,7 @@ module Repp
return if admin_users_emails.empty?
admin_users_emails.each do |email|
CertificateMailer.new_certificate_signing_request(email: email,
CertificateMailer.certificate_signing_requested(email: email,
api_user: @api_user,
csr: @certificate)
.deliver_now

7
app/controllers/repp/v1/invoices_controller.rb
View file

@ -2,6 +2,7 @@ require 'serializers/repp/invoice'
module Repp
module V1
class InvoicesController < BaseController # rubocop:disable Metrics/ClassLength
before_action :find_invoice, only: %i[show download send_to_recipient cancel]
load_and_authorize_resource
THROTTLED_ACTIONS = %i[download add_credit send_to_recipient cancel index show].freeze
@ -35,8 +36,6 @@ module Repp
desc 'Download a specific invoice as pdf file'
def download
filename = "Invoice-#{@invoice.number}.pdf"
@response = { code: 1000, message: 'Command completed successfully',
data: filename }
send_data @invoice.as_pdf, filename: filename
end
@ -91,6 +90,10 @@ module Repp
private
def find_invoice
@invoice = current_user.registrar.invoices.find(params[:id])
end
def index_params
params.permit(:id, :limit, :offset, :details, :q, :simple,
:page, :per_page,

5
app/controllers/repp/v1/white_ips_controller.rb
View file

@ -1,6 +1,7 @@
module Repp
module V1
class WhiteIpsController < BaseController
before_action :find_white_ip, only: %i[show update destroy]
load_and_authorize_resource
THROTTLED_ACTIONS = %i[index show create update destroy].freeze
@ -57,6 +58,10 @@ module Repp
private
def find_white_ip
@white_ip = current_user.registrar.white_ips.find(params[:id])
end
def white_ip_params
params.require(:white_ip).permit(:ipv4, :ipv6, interfaces: [])
end

9
app/mailers/certificate_mailer.rb
View file

@ -1,8 +1,15 @@
class CertificateMailer < ApplicationMailer
def new_certificate_signing_request(email:, api_user:, csr:)
def certificate_signing_requested(email:, api_user:, csr:)
@certificate = csr
@api_user = api_user
subject = 'New Certificate Signing Request Received'
mail(to: email, subject: subject)
end
def signed(email:, api_user:, crt:)
@crt = crt
@api_user = api_user
subject = "Certificate Signing Confirmation for API User '#{@api_user.username}'"
mail(to: email, subject: subject)
end
end

2
app/models/ability.rb
View file

@ -30,7 +30,7 @@ class Ability
billing
can :manage, ApiUser
can :manage, WhiteIp
can :create, Certificate
can :manage, Certificate
end
def epp # Registrar/api_user dynamic role

166
app/models/certificate.rb
View file

@ -17,6 +17,7 @@ class Certificate < ApplicationRecord
scope 'api', -> { where(interface: API) }
scope 'registrar', -> { where(interface: REGISTRAR) }
scope 'unrevoked', -> { where(revoked: false) }
validate :validate_csr_and_crt_presence
def validate_csr_and_crt_presence
@ -64,75 +65,49 @@ class Certificate < ApplicationRecord
status == REVOKED
end
def revokable?
interface == REGISTRAR && status != UNSIGNED
end
def status
return UNSIGNED if crt.blank?
return @cached_status if @cached_status
@cached_status = SIGNED
expired = parsed_crt.not_before > Time.zone.now.utc && parsed_crt.not_after < Time.zone.now.utc
@cached_status = EXPIRED if expired
crl = OpenSSL::X509::CRL.new(File.open("#{ENV['crl_dir']}/crl.pem").read)
return @cached_status unless crl.revoked.map(&:serial).include?(parsed_crt.serial)
if certificate_expired?
@cached_status = EXPIRED
elsif certificate_revoked?
@cached_status = REVOKED
end
def sign!
csr_file = Tempfile.new('client_csr')
csr_file.write(csr)
csr_file.rewind
crt_file = Tempfile.new('client_crt')
_out, err, _st = Open3.capture3('openssl', 'ca', '-config', ENV['openssl_config_path'],
'-keyfile', ENV['ca_key_path'], '-cert', ENV['ca_cert_path'],
'-extensions', 'usr_cert', '-notext', '-md', 'sha256',
'-in', csr_file.path, '-out', crt_file.path, '-key', ENV['ca_key_password'],
'-batch')
if err.match?(/Data Base Updated/)
crt_file.rewind
self.crt = crt_file.read
self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
save!
else
logger.error('FAILED TO CREATE CLIENT CERTIFICATE')
if err.match?(/TXT_DB error number 2/)
errors.add(:base, I18n.t('failed_to_create_crt_csr_already_signed'))
logger.error('CSR ALREADY SIGNED')
else
errors.add(:base, I18n.t('failed_to_create_certificate'))
@cached_status
end
logger.error(err)
puts "Certificate sign issue: #{err.inspect}" if Rails.env.test?
def sign!(password:)
csr_file = create_tempfile('client_csr', csr)
crt_file = Tempfile.new('client_crt')
err_output = execute_openssl_sign_command(password, csr_file.path, crt_file.path)
update_certificate_details(crt_file) and return true if err_output.match?(/Data Base Updated/)
log_failed_to_create_certificate(err_output)
false
end
end
def revoke!
crt_file = Tempfile.new('client_crt')
crt_file.write(crt)
crt_file.rewind
def revoke!(password:)
crt_file = create_tempfile('client_crt', crt)
_out, err, _st = Open3.capture3("openssl ca -config #{ENV['openssl_config_path']} \
-keyfile #{ENV['ca_key_path']} \
-cert #{ENV['ca_cert_path']} \
-revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
self.revoked = true
save!
@cached_status = REVOKED
else
errors.add(:base, I18n.t('failed_to_revoke_certificate'))
logger.error('FAILED TO REVOKE CLIENT CERTIFICATE')
logger.error(err)
return false
end
err_output = execute_openssl_revoke_command(password, crt_file.path)
if revocation_successful?(err_output)
update_revocation_status
self.class.update_crl
self
return self
end
handle_revocation_failure(err_output)
end
class << self
@ -157,4 +132,89 @@ class Certificate < ApplicationRecord
OpenSSL::Digest::MD5.new(cert.to_der).to_s
end
end
private
def create_tempfile(filename, content = '')
tempfile = Tempfile.new(filename)
tempfile.write(content)
tempfile.rewind
tempfile
end
def log_failed_to_create_certificate(err_output)
logger.error('FAILED TO CREATE CLIENT CERTIFICATE')
if err_output.match?(/TXT_DB error number 2/)
handle_csr_already_signed_error
else
errors.add(:base, I18n.t('failed_to_create_certificate'))
end
logger.error(err_output)
puts "Certificate sign issue: #{err_output.inspect}" if Rails.env.test?
end
def execute_openssl_sign_command(password, csr_path, crt_path)
openssl_command = [
'openssl', 'ca', '-config', ENV['openssl_config_path'],
'-keyfile', ENV['ca_key_path'], '-cert', ENV['ca_cert_path'],
'-extensions', 'usr_cert', '-notext', '-md', 'sha256',
'-in', csr_path, '-out', crt_path,
'-key', password,
'-batch'
]
_out, err, _st = Open3.capture3(*openssl_command)
err
end
def execute_openssl_revoke_command(password, crt_path)
openssl_command = [
'openssl', 'ca', '-config', ENV['openssl_config_path'],
'-keyfile', ENV['ca_key_path'], '-cert', ENV['ca_cert_path'],
'-revoke', crt_path,
'-key', password,
'-batch'
]
_out, err, _st = Open3.capture3(*openssl_command)
err
end
def update_certificate_details(crt_file)
crt_file.rewind
self.crt = crt_file.read
self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
save!
end
def handle_csr_already_signed_error
errors.add(:base, I18n.t('failed_to_create_crt_csr_already_signed'))
logger.error('CSR ALREADY SIGNED')
end
def handle_revocation_failure(err_output)
errors.add(:base, I18n.t('failed_to_revoke_certificate'))
logger.error('FAILED TO REVOKE CLIENT CERTIFICATE')
logger.error(err_output)
false
end
def revocation_successful?(err_output)
err_output.match?(/Data Base Updated/) || err_output.match?(/ERROR:Already revoked/)
end
def update_revocation_status
self.revoked = true
save!
@cached_status = REVOKED
end
def certificate_expired?
parsed_crt.not_before > Time.zone.now.utc && parsed_crt.not_after < Time.zone.now.utc
end
def certificate_revoked?
crl = OpenSSL::X509::CRL.new(File.open("#{ENV['crl_dir']}/crl.pem").read)
crl.revoked.map(&:serial).include?(parsed_crt.serial)
end
end

52
app/views/admin/certificates/show.haml
View file

@ -1,15 +1,7 @@
- content_for :actions do
= link_to(t(:delete), admin_api_user_certificate_path(@api_user, @certificate),
method: :delete, data: { confirm: t(:are_you_sure) }, class: 'btn btn-danger')
= link_to(t(:delete), '#', "data-toggle": "modal", "data-target": "#deleteModal", class: 'btn btn-danger')
= render 'shared/title', name: t(:certificates)
- if @certificate.errors.any?
- @certificate.errors.each do |attr, err|
= err
%br
- if @certificate.errors.any?
%hr
.row
.col-md-12
.panel.panel-default
@ -47,7 +39,8 @@
.pull-right
= link_to(t(:download), download_csr_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
- unless @crt
= link_to(t(:sign_this_request), sign_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
- sign_revoke_url = sign_admin_api_user_certificate_path(@api_user, @certificate)
= link_to(t(:sign_this_request), '#', "data-toggle": "modal", "data-target": "#signRevokeModal", class: 'btn btn-primary btn-xs')
.panel-body
%dl.dl-horizontal
@ -55,7 +48,7 @@
%dd= @csr.version
%dt= CertificationRequest.human_attribute_name :subject
%dd= @csr.subject
%dd{ style: 'word-break:break-all;' }= @csr.subject
%dt= t(:signature_algorithm)
%dd= @csr.signature_algorithm
@ -71,7 +64,8 @@
.pull-right
= link_to(t(:download), download_crt_admin_api_user_certificate_path(@api_user, @certificate), class: 'btn btn-default btn-xs')
- if !@certificate.revoked? && @certificate.csr
= link_to(t(:revoke_this_certificate), revoke_admin_api_user_certificate_path(@api_user, @certificate), method: :post, class: 'btn btn-primary btn-xs')
- sign_revoke_url = revoke_admin_api_user_certificate_path(@api_user, @certificate)
= link_to(t(:revoke_this_certificate), '#', "data-toggle": "modal", "data-target": "#signRevokeModal", class: 'btn btn-primary btn-xs')
- if @crt
.panel-body
%dl.dl-horizontal
@ -98,3 +92,37 @@
%dt= Certificate.human_attribute_name :extensions
%dd= @crt.extensions.map(&:to_s).join('<br>').html_safe
.modal.fade{ id: "signRevokeModal", tabindex: "-1", role: "dialog", "aria-labelledby": "signRevokeModalLabel" }
.modal-dialog{ role: "document" }
.modal-content
= form_for(:certificate, url: sign_revoke_url) do |f|
.modal-header
%button.close{ type: "button", "data-dismiss": "modal", "aria-label": "Close" }
%span{ "aria-hidden" => "true" } &times;
%h4.modal-title{ id: "signRevokeModalLabel" }
= t(:enter_ca_key_password)
.modal-body
= f.password_field :password, required: true, class: 'form-control'
.modal-footer
%button.btn.btn-default{ type: "button", "data-dismiss": "modal" }
= t(:close)
%button.btn.btn-primary{ type: "submit" }
= @crt.nil? ? t(:sign) : t(:submit)
.modal.fade{ id: "deleteModal", tabindex: "-1", role: "dialog", "aria-labelledby": "deleteModalLabel" }
.modal-dialog{ role: "document" }
.modal-content
= form_for(:certificate, url: admin_api_user_certificate_path(@api_user, @certificate), method: :delete) do |f|
.modal-header
%button.close{ type: "button", "data-dismiss": "modal", "aria-label": "Close" }
%span{ "aria-hidden" => "true" } &times;
%h4.modal-title{ id: "deleteModalLabel" }
= t(:enter_ca_key_password)
.modal-body
= f.password_field :password, required: true, class: 'form-control'
.modal-footer
%button.btn.btn-default{ type: "button", "data-dismiss": "modal" }
= t(:close)
%button.btn.btn-primary{ type: "submit" }
= t(:delete)

0
app/views/mailers/certificate_mailer/new_certificate_signing_request.html.erb → app/views/mailers/certificate_mailer/certificate_signing_requested.html.erb
View file

0
app/views/mailers/certificate_mailer/new_certificate_signing_request.text.erb → app/views/mailers/certificate_mailer/certificate_signing_requested.text.erb
View file

50
app/views/mailers/certificate_mailer/signed.html.erb Normal file
View file

@ -0,0 +1,50 @@
Tere,
<br><br>
<p>
Anname teada, et API kasutaja on esitanud .ee registrisüsteemiga integreerumiseks sertifikaadi taotluse.
Oleme selle taotlusega seotud sertifikaadi edukalt töödelnud ja allkirjastanud.
</p>
<h3>API Kasutaja andmed:</h3>
<ul>
<li><strong>API Kasutaja nimi:</strong> <%= @api_user.username %></li>
<li><strong>Sertifikaadi seerianumber:</strong> <%= @crt.serial %></li>
<li><strong>Sertifikaadi aegumiskuupäev:</strong> <%= @crt.not_after %></li>
<li><strong>Sertifikaadi subjekt:</strong> <%= @crt.subject %></li>
</ul>
<p>
Allkirjastatud sertifikaat tagab turvalise suhtluse .ee registripidaja ning registri süsteemide vahel.
See toimib digitaalse identiteedikinnitusena, võimaldades autoriseeritud juurdepääsu .ee liidestele.
</p>
Kui Teil on küsimusi või vajate täiendavat teavet seoses sertifikaadi taotluse või API integratsiooniga, võtke meiega ühendust.
</p>
<p>
Parimate soovidega,
</p>
<%= render 'mailers/shared/signatures/signature.et.html' %>
<hr>
<br><br>
Hi,
<br><br>
<p>
We are writing to inform you that a certificate request has been made by an API user to integrate with our system.
We have successfully processed and signed the certificate associated with this request.
</p>
<h3>Api User Details:</h3>
<ul>
<li><strong>API User Name:</strong> <%= @api_user.username %></li>
<li><strong>Certificate Serial Number:</strong> <%= @crt.serial %></li>
<li><strong>Certificate Expiry Date:</strong> <%= @crt.not_after %></li>
<li><strong>Certificate Subject:</strong> <%= @crt.subject %></li>
</ul>
<p>
The signed certificate ensures secure communication between the API user's integration and .ee registry system.
It serves as a digital identity verification, enabling authorized access to the APIs.
</p>
<p>
If you have any questions or require further information regarding this certificate request or the API integration, please do not hesitate to reach out to us.
</p>
<p>
Best regards,
</p>
<%= render 'mailers/shared/signatures/signature.en.html' %>

34
app/views/mailers/certificate_mailer/signed.text.erb Normal file
View file

@ -0,0 +1,34 @@
Tere,
Anname teada, et API kasutaja on esitanud .ee registrisüsteemiga integreerumiseks sertifikaadi taotluse. Oleme selle taotlusega seotud sertifikaadi edukalt töödelnud ja allkirjastanud.
API Kasutaja andmed:
- API Kasutaja nimi: <%= @api_user.username %>
- Sertifikaadi seerianumber: <%= @crt.serial %>
- Sertifikaadi aegumiskuupäev: <%= @crt.not_after %>
- Sertifikaadi subjekt: <%= @crt.subject %>
Allkirjastatud sertifikaat tagab turvalise suhtluse .ee registripidaja ning registri süsteemide vahel. See toimib digitaalse identiteedikinnitusena, võimaldades autoriseeritud juurdepääsu .ee liidestele.
Kui Teil on küsimusi või vajate täiendavat teavet seoses sertifikaadi taotluse või API integratsiooniga, võtke meiega ühendust.
Parimate soovidega,
<%= render 'mailers/shared/signatures/signature.et.text' %>
---
Hi,
We are writing to inform you that a certificate request has been made by an API user to integrate with our system. We have successfully processed and signed the certificate associated with this request.
API User Details:
- API User Name: <%= @api_user.username %>
- Certificate Serial Number: <%= @crt.serial %>
- Certificate Expiry Date: <%= @crt.not_after %>
- Certificate Subject: <%= @crt.subject %>
The signed certificate ensures secure communication between the API user's integration and .ee registry system. It serves as a digital identity verification, enabling authorized access to the APIs.
If you have any questions or require further information regarding this certificate request or the API integration, please do not hesitate to reach out to us.
Best regards,
<%= render 'mailers/shared/signatures/signature.en.text' %>

1
config/application.yml.sample
View file

@ -36,7 +36,6 @@ crl_path: '/home/registry/registry/shared/ca/crl/crl.pem'
crl_updater_path: '/home/registry/registry/shared/ca/crl/crlupdater.sh'
ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
ca_key_path: '/home/registry/registry/shared/ca/private/ca.key.pem'
ca_key_password: 'your-root-key-password'
directo_invoice_url: 'https://domain/ddddd.asp'
cdns_scanner_input_file: '/opt/cdns/input.txt'

2
config/locales/en.yml
View file

@ -363,7 +363,9 @@ en:
signature_algorithm: 'Signature algorithm'
version: 'Version'
sign_this_request: 'Sign this request'
sign: 'Sign'
revoke_this_certificate: 'Revoke this certificate'
enter_ca_key_password: 'Enter passphrase for a CA key'
crt_revoked: 'CRT (revoked)'
contact_org_error: 'Parameter value policy error. Org must be blank'
contact_fax_error: 'Parameter value policy error. Fax must be blank'

10
config/routes.rb
View file

@ -92,10 +92,10 @@ Rails.application.routes.draw do
end
resources :invoices, only: %i[index show] do
collection do
get ':id/download', to: 'invoices#download'
post 'add_credit'
end
member do
get 'download'
post 'send_to_recipient', to: 'invoices#send_to_recipient'
put 'cancel', to: 'invoices#cancel'
end
@ -108,7 +108,13 @@ Rails.application.routes.draw do
get '/market_share_growth_rate', to: 'stats#market_share_growth_rate'
end
end
resources :api_users, only: %i[index show update create destroy]
resources :api_users, only: %i[index show update create destroy] do
resources :certificates, only: %i[show] do
member do
get 'download'
end
end
end
resources :white_ips, only: %i[index show update create destroy]
resources :certificates, only: %i[create]
namespace :registrar do

4
lib/serializers/repp/api_user.rb
View file

@ -32,9 +32,9 @@ module Serializers
private
def certificates
user.certificates.map do |x|
user.certificates.unrevoked.map do |x|
subject = x.csr ? x.parsed_csr.try(:subject) : x.parsed_crt.try(:subject)
{ subject: subject.to_s, status: x.status }
{ id: x.id, subject: subject.to_s, status: x.status }
end
end
end

43
lib/serializers/repp/certificate.rb Normal file
View file

@ -0,0 +1,43 @@
module Serializers
module Repp
class Certificate
attr_reader :certificate
def initialize(certificate)
@certificate = certificate
end
def to_json(obj = certificate)
json = obj.as_json.except('csr', 'crt')
csr = obj.parsed_csr
crt = obj.parsed_crt
json[:csr] = csr_data(csr) if csr
json[:crt] = crt_data(crt) if crt
json
end
private
def csr_data(csr)
{
version: csr.version,
subject: csr.subject.to_s,
alg: csr.signature_algorithm.to_s,
}
end
def crt_data(crt)
{
version: crt.version,
serial: crt.serial.to_s,
alg: crt.signature_algorithm.to_s,
issuer: crt.issuer.to_s,
not_before: crt.not_before,
not_after: crt.not_after,
subject: crt.subject.to_s,
extensions: crt.extensions.map(&:to_s),
}
end
end
end
end