mirror of
https://github.com/internetee/registry.git
synced 2025-05-17 17:59:47 +02:00
Generate crt from csr
This commit is contained in:
Martin Lensment
parent
994d4140c2
commit
bbe8a780a8
6 changed files with 58 additions and 7 deletions
|
|
@ -28,7 +28,10 @@ class Admin::ApiUsersController < AdminController
|
||||||
def edit; end
|
def edit; end
|
||||||
|
|
||||||
def update
|
def update
|
||||||
if @api_user.update(api_user_params)
|
app = api_user_params
|
||||||
|
app[:csr] = params[:api_user][:csr].open.read if params[:api_user][:csr]
|
||||||
|
|
||||||
|
if @api_user.update(app)
|
||||||
flash[:notice] = I18n.t('record_updated')
|
flash[:notice] = I18n.t('record_updated')
|
||||||
redirect_to [:admin, @api_user]
|
redirect_to [:admin, @api_user]
|
||||||
else
|
else
|
||||||
|
|
@ -47,6 +50,14 @@ class Admin::ApiUsersController < AdminController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def download_csr
|
||||||
|
send_data @api_user.csr, filename: "#{@api_user.username}.csr.pem"
|
||||||
|
end
|
||||||
|
|
||||||
|
def download_crt
|
||||||
|
send_data @api_user.crt, filename: "#{@api_user.username}.crt.pem"
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def set_api_user
|
def set_api_user
|
||||||
|
|
@ -54,6 +65,6 @@ class Admin::ApiUsersController < AdminController
|
||||||
end
|
end
|
||||||
|
|
||||||
def api_user_params
|
def api_user_params
|
||||||
params.require(:api_user).permit(:username, :password, :crt, :active, :registrar_id, :registrar_typeahead)
|
params.require(:api_user).permit(:username, :password, :csr, :active, :registrar_id, :registrar_typeahead)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@ class ApiUser < ActiveRecord::Base
|
||||||
validates :username, :password, :registrar, presence: true
|
validates :username, :password, :registrar, presence: true
|
||||||
validates :username, uniqueness: true
|
validates :username, uniqueness: true
|
||||||
|
|
||||||
|
before_save :create_crt, if: -> (au) { au.csr_changed? }
|
||||||
|
|
||||||
attr_accessor :registrar_typeahead
|
attr_accessor :registrar_typeahead
|
||||||
|
|
||||||
def registrar_typeahead
|
def registrar_typeahead
|
||||||
|
|
@ -21,5 +23,37 @@ class ApiUser < ActiveRecord::Base
|
||||||
def queued_messages
|
def queued_messages
|
||||||
registrar.messages.queued
|
registrar.messages.queued
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def create_crt
|
||||||
|
request = OpenSSL::X509::Request.new(csr)
|
||||||
|
fail 'CSR can not be verified' unless request.verify request.public_key
|
||||||
|
ca_cert = OpenSSL::X509::Certificate.new(File.read(APP_CONFIG['ca_cert_path']))
|
||||||
|
ca_key = OpenSSL::PKey::RSA.new(File.read(APP_CONFIG['ca_key_path']), APP_CONFIG['ca_key_password'])
|
||||||
|
|
||||||
|
csr_cert = OpenSSL::X509::Certificate.new
|
||||||
|
csr_cert.serial = 0
|
||||||
|
csr_cert.version = 2
|
||||||
|
csr_cert.not_before = Time.now
|
||||||
|
csr_cert.not_after = Time.now + 600
|
||||||
|
|
||||||
|
csr_cert.subject = request.subject
|
||||||
|
csr_cert.public_key = request.public_key
|
||||||
|
csr_cert.issuer = ca_cert.subject
|
||||||
|
|
||||||
|
extension_factory = OpenSSL::X509::ExtensionFactory.new
|
||||||
|
extension_factory.subject_certificate = csr_cert
|
||||||
|
extension_factory.issuer_certificate = ca_cert
|
||||||
|
|
||||||
|
csr_cert.add_extension extension_factory.create_extension('basicConstraints', 'CA:FALSE')
|
||||||
|
|
||||||
|
csr_cert.add_extension extension_factory.create_extension(
|
||||||
|
'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
|
||||||
|
|
||||||
|
csr_cert.add_extension extension_factory.create_extension('subjectKeyIdentifier', 'hash')
|
||||||
|
|
||||||
|
csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
|
||||||
|
|
||||||
|
self.crt = csr_cert.to_pem
|
||||||
|
end
|
||||||
end
|
end
|
||||||
# rubocop: enable Metrics/ClassLength
|
# rubocop: enable Metrics/ClassLength
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
= form_for([:admin, @api_user]) do |f|
|
= form_for([:admin, @api_user], multipart: true) do |f|
|
||||||
- if @api_user.errors.any?
|
- if @api_user.errors.any?
|
||||||
- @api_user.errors.each do |attr, err|
|
- @api_user.errors.each do |attr, err|
|
||||||
= err
|
= err
|
||||||
|
|
@ -30,7 +30,7 @@
|
||||||
.col-md-6.text-left
|
.col-md-6.text-left
|
||||||
.form-group
|
.form-group
|
||||||
= f.label :csr, t('certificate_signing_req')
|
= f.label :csr, t('certificate_signing_req')
|
||||||
= f.text_area :csr, class: 'form-control'
|
= f.file_field :csr
|
||||||
%hr
|
%hr
|
||||||
.row
|
.row
|
||||||
.col-md-12.text-right
|
.col-md-12.text-right
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@
|
||||||
.panel-body
|
.panel-body
|
||||||
%dl.dl-horizontal
|
%dl.dl-horizontal
|
||||||
%dt= t('csr')
|
%dt= t('csr')
|
||||||
%dd= @api_user.csr
|
%dd= link_to(t('download'), download_csr_admin_api_user_path)
|
||||||
|
|
||||||
%dt= t('crt')
|
%dt= t('crt')
|
||||||
%dd= @api_user.crt
|
%dd= link_to(t('download'), download_crt_admin_api_user_path)
|
||||||
|
|
|
||||||
|
|
@ -499,3 +499,4 @@ en:
|
||||||
contact_phone: 'Contact phone'
|
contact_phone: 'Contact phone'
|
||||||
contact_email: 'Contact e-mail'
|
contact_email: 'Contact e-mail'
|
||||||
address_help: 'Street name, house no - apartment no, city, county, country, zip'
|
address_help: 'Street name, house no - apartment no, city, county, country, zip'
|
||||||
|
download: 'Download'
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,12 @@ Rails.application.routes.draw do
|
||||||
end
|
end
|
||||||
|
|
||||||
resources :users
|
resources :users
|
||||||
resources :api_users
|
resources :api_users do
|
||||||
|
member do
|
||||||
|
get 'download_csr'
|
||||||
|
get 'download_crt'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
resources :delayed_jobs
|
resources :delayed_jobs
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue