zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-31 23:16:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat: Implement P12 certificate generation improvements

Browse source 
- Replace hardcoded P12 password with randomly generated one
- Add p12_password column to certificates table
- Update certificate serializer to include p12 password in response
- Remove deprecated certificate revocation logic
- Add tests for certificate revocation functionality
- Implement async P12 generation via Sidekiq job
- Add job uniqueness to prevent parallel certificate generation

Migration changes:
- Replace p12_password_digest with p12_password column
- Add safety measures for column removal
This commit is contained in:
oleghasjanov 2025-03-19 13:25:43 +02:00
parent 072f4440e2
commit ae96863b88
13 changed files with 157 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

15
app/services/certificates/certificate_generator.rb
View file

@ -3,15 +3,14 @@ module Certificates
attribute :api_user_id, Types::Coercible::Integer
attribute? :interface, Types::String.optional
P12_PASSWORD = 'todo-change-me'
def execute
api_user = ApiUser.find(api_user_id)
password = generate_random_password
private_key = generate_user_key
csr = generate_user_csr(private_key)
certificate = sign_user_certificate(csr)
p12 = create_user_p12(private_key, certificate)
p12 = create_user_p12(private_key, certificate, password)
certificate_record = api_user.certificates.build(
private_key: private_key.to_pem,
@ -20,7 +19,7 @@ module Certificates
p12: Base64.strict_encode64(p12),
expires_at: certificate.not_after,
interface: interface || 'registrar',
p12_password_digest: P12_PASSWORD,
p12_password: password,
serial: certificate.serial.to_s,
common_name: api_user.username
)
@ -124,7 +123,7 @@ module Certificates
cert
end
def create_user_p12(key, cert, password = P12_PASSWORD)
def create_user_p12(key, cert, password)
ca_cert = OpenSSL::X509::Certificate.new(File.read(ca_cert_path))
p12 = OpenSSL::PKCS12.create(
@ -137,5 +136,11 @@ module Certificates
p12.to_der
end
private
def generate_random_password
SecureRandom.hex(8)
end
end
end