CRT generation with command line tool

2025-05-17 17:59:47 +02:00 · 2015-02-12 12:33:28 +02:00 · 2015-02-12 12:33:28 +02:00 · f2c9d18473
commit f2c9d18473
parent bbe8a780a8
3 changed files with 14 additions and 28 deletions
--- a/app/controllers/admin/api_users_controller.rb
+++ b/app/controllers/admin/api_users_controller.rb
@ -12,7 +12,10 @@ class Admin::ApiUsersController < AdminController
  end

  def create
-    @api_user = ApiUser.new(api_user_params)
+    app = api_user_params
+    app[:csr] = params[:api_user][:csr].open.read if params[:api_user][:csr]
+
+    @api_user = ApiUser.new(app)

    if @api_user.save
      flash[:notice] = I18n.t('record_created')
--- a/app/controllers/epp/contacts_controller.rb
+++ b/app/controllers/epp/contacts_controller.rb
@ -70,7 +70,7 @@ class Epp::ContactsController < EppController
  end

  ## UPDATE
-  def validate_update
+  def validate_updatezz
    @ph = params_hash['epp']['command']['update']['update']
    update_attrs_present?
    # xml_attrs_present?(@ph, [['id'], %w(authInfo pw)])
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@ -25,35 +25,18 @@ class ApiUser < ActiveRecord::Base
  end

  def create_crt
-    request = OpenSSL::X509::Request.new(csr)
-    fail 'CSR can not be verified' unless request.verify request.public_key
-    ca_cert = OpenSSL::X509::Certificate.new(File.read(APP_CONFIG['ca_cert_path']))
-    ca_key = OpenSSL::PKey::RSA.new(File.read(APP_CONFIG['ca_key_path']), APP_CONFIG['ca_key_password'])
+    csr_file = Tempfile.new('client_csr')
+    csr_file.write(csr)
+    csr_file.rewind

-    csr_cert = OpenSSL::X509::Certificate.new
-    csr_cert.serial = 0
-    csr_cert.version = 2
-    csr_cert.not_before = Time.now
-    csr_cert.not_after = Time.now + 600
+    crt_file = Tempfile.new('client_crt')

-    csr_cert.subject = request.subject
-    csr_cert.public_key = request.public_key
-    csr_cert.issuer = ca_cert.subject
+    `openssl ca -keyfile #{APP_CONFIG['ca_key_path']} -cert #{APP_CONFIG['ca_cert_path']} \
+    -extensions usr_cert -notext -md sha256 \
+    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch`

-    extension_factory = OpenSSL::X509::ExtensionFactory.new
-    extension_factory.subject_certificate = csr_cert
-    extension_factory.issuer_certificate = ca_cert
-
-    csr_cert.add_extension extension_factory.create_extension('basicConstraints', 'CA:FALSE')
-
-    csr_cert.add_extension extension_factory.create_extension(
-        'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
-
-    csr_cert.add_extension extension_factory.create_extension('subjectKeyIdentifier', 'hash')
-
-    csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
-
-    self.crt = csr_cert.to_pem
+    crt_file.rewind
+    self.crt = crt_file.read
  end
 end
 # rubocop: enable Metrics/ClassLength