zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-17 17:59:47 +02:00
Code Issues Projects Releases Packages Wiki Activity

CRT generation with command line tool

Browse source
This commit is contained in:
Martin Lensment 2015-02-12 12:33:28 +02:00
parent bbe8a780a8
commit f2c9d18473
3 changed files with 14 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/admin/api_users_controller.rb
View file

@ -12,7 +12,10 @@ class Admin::ApiUsersController < AdminController
end end
def create def create
@api_user = ApiUser.new(api_user_params) app = api_user_params
app[:csr] = params[:api_user][:csr].open.read if params[:api_user][:csr]
@api_user = ApiUser.new(app)
if @api_user.save if @api_user.save
flash[:notice] = I18n.t('record_created') flash[:notice] = I18n.t('record_created')

2
app/controllers/epp/contacts_controller.rb
View file

@ -70,7 +70,7 @@ class Epp::ContactsController < EppController
end end
## UPDATE ## UPDATE
def validate_update def validate_updatezz
@ph = params_hash['epp']['command']['update']['update'] @ph = params_hash['epp']['command']['update']['update']
update_attrs_present? update_attrs_present?
# xml_attrs_present?(@ph, [['id'], %w(authInfo pw)]) # xml_attrs_present?(@ph, [['id'], %w(authInfo pw)])

35
app/models/api_user.rb
View file

@ -25,35 +25,18 @@ class ApiUser < ActiveRecord::Base
end end
def create_crt def create_crt
request = OpenSSL::X509::Request.new(csr) csr_file = Tempfile.new('client_csr')
fail 'CSR can not be verified' unless request.verify request.public_key csr_file.write(csr)
ca_cert = OpenSSL::X509::Certificate.new(File.read(APP_CONFIG['ca_cert_path'])) csr_file.rewind
ca_key = OpenSSL::PKey::RSA.new(File.read(APP_CONFIG['ca_key_path']), APP_CONFIG['ca_key_password'])
csr_cert = OpenSSL::X509::Certificate.new crt_file = Tempfile.new('client_crt')
csr_cert.serial = 0
csr_cert.version = 2
csr_cert.not_before = Time.now
csr_cert.not_after = Time.now + 600
csr_cert.subject = request.subject `openssl ca -keyfile #{APP_CONFIG['ca_key_path']} -cert #{APP_CONFIG['ca_cert_path']} \
csr_cert.public_key = request.public_key -extensions usr_cert -notext -md sha256 \
csr_cert.issuer = ca_cert.subject -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch`
extension_factory = OpenSSL::X509::ExtensionFactory.new crt_file.rewind
extension_factory.subject_certificate = csr_cert self.crt = crt_file.read
extension_factory.issuer_certificate = ca_cert
csr_cert.add_extension extension_factory.create_extension('basicConstraints', 'CA:FALSE')
csr_cert.add_extension extension_factory.create_extension(
'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
csr_cert.add_extension extension_factory.create_extension('subjectKeyIdentifier', 'hash')
csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
self.crt = csr_cert.to_pem
end end
end end
# rubocop: enable Metrics/ClassLength # rubocop: enable Metrics/ClassLength