zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-30 17:33:57 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add API pki cert check

Browse source
This commit is contained in:
Martin Lensment 2015-05-22 18:59:33 +03:00
parent fe19ac743b
commit f590a107fb
2 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/epp/sessions_controller.rb
View file

@ -9,13 +9,12 @@ class Epp::SessionsController < EppController
# rubocop: disable Metrics/CyclomaticComplexity
def login
cert_valid = true
if request.ip == ENV['webclient_ip']
@api_user = ApiUser.find_by(login_params)
else
if request.env['HTTP_SSL_CLIENT_S_DN_CN'] != login_params[:username]
if request.ip != ENV['webclient_ip'] && @api_user
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
cert_valid = false
end
@api_user = ApiUser.find_by(login_params)
end
if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok?

9
app/models/api_user.rb
View file

@ -54,8 +54,13 @@ class ApiUser < User
certificates.registrar.exists?(md5: md5, common_name: cn)
end
def api_pki_ok?(crt)
certificates.api.exists?(crt: crt)
def api_pki_ok?(crt, cn)
crt = crt.split(' ').join("\n")
crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
cert = OpenSSL::X509::Certificate.new(crt)
md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
certificates.api.exists?(md5: md5, common_name: cn)
end
class << self