feat: improve certificate download extensions

Update certificate download functionality to use appropriate file extensions: - Use .p12 extension for PKCS#12 files - Keep .pem extension for PEM-encoded files (CSR, CRT, private key) This change ensures that downloaded certificate files have the correct extension based on their format, making it easier for users to identify and use the files correctly.
2025-08-03 16:32:04 +02:00 · 2025-02-19 16:07:50 +02:00 · 2025-02-19 16:07:50 +02:00 · 5355397025
commit 5355397025
parent 51035d1ddf
15 changed files with 281 additions and 262 deletions
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@ -52,6 +52,24 @@ class Certificate < ApplicationRecord
    @p_csr ||= OpenSSL::X509::Request.new(csr) if csr
  end

+  def parsed_private_key
+    return nil if private_key.blank?
+    
+    decoded_key = Base64.decode64(private_key)
+    OpenSSL::PKey::RSA.new(decoded_key, Certificates::CertificateGenerator::CA_PASSWORD)
+  rescue OpenSSL::PKey::RSAError
+    nil
+  end
+
+  def parsed_p12
+    return nil if p12.blank?
+    
+    decoded_p12 = Base64.decode64(p12)
+    OpenSSL::PKCS12.new(decoded_p12)
+  rescue OpenSSL::PKCS12::PKCS12Error
+    nil
+  end
+
  def revoked?
    status == REVOKED
  end
@ -101,6 +119,55 @@ class Certificate < ApplicationRecord
    handle_revocation_failure(err_output)
  end

+  def renewable?
+    return false if revoked?
+    return false if crt.blank?
+    return false if expires_at.blank?
+    
+    expires_at > Time.current && expires_at <= 30.days.from_now
+  end
+
+  def expired?
+    return false if revoked?
+    return false if crt.blank?
+    return false if expires_at.blank?
+    
+    expires_at < Time.current
+  end
+
+  def renew
+    raise "Certificate cannot be renewed" unless renewable?
+
+    generator = Certificates::CertificateGenerator.new(
+      username: api_user.username,
+      registrar_code: api_user.registrar_code,
+      registrar_name: api_user.registrar_name,
+      certificate: self
+    )
+
+    generator.renew_certificate
+  end
+
+  def self.generate_for_api_user(api_user:)
+    generator = Certificates::CertificateGenerator.new(
+      username: api_user.username,
+      registrar_code: api_user.registrar_code,
+      registrar_name: api_user.registrar_name
+    )
+    
+    cert_data = generator.call
+    
+    create!(
+      api_user: api_user,
+      interface: 'api',
+      private_key: Base64.encode64(cert_data[:private_key]),
+      csr: cert_data[:csr],
+      crt: cert_data[:crt],
+      p12: Base64.encode64(cert_data[:p12]),
+      expires_at: cert_data[:expires_at]
+    )
+  end
+
  private

  def certificate_origin