From 51db367df564b26b9392a4591a782225ab6a20b0 Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Fri, 22 May 2015 19:20:26 +0300
Subject: [PATCH] Add PKI check for REPP

---
 app/api/repp/api.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb
index 13712f997..36ab736dd 100644
--- a/app/api/repp/api.rb
+++ b/app/api/repp/api.rb
@@ -24,7 +24,9 @@ module Repp
         webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
         error! "Webclient #{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
       else
-        error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name
+        unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+          error! "#{message} #{@current_user.username}", 401
+        end
       end
     end