fix: improve certificate parsing and file extensions

- Fix PKCS12 container parsing by using consistent password - Add proper file extensions for certificate downloads (.key, .csr, .crt) - Improve private key parsing by removing unnecessary Base64 decoding - Add error logging for certificate parsing failures - Clean up certificate serializer code The main changes include: - Using P12_PASSWORD consistently across generation and parsing - Adding proper file extensions for different certificate types - Fixing private key parsing to handle PEM format correctly - Adding detailed error logging for debugging purposes - Removing redundant code comments and improving code clarity This commit improves the reliability of certificate handling and provides better user experience with correct file extensions.
2025-07-29 22:16:19 +02:00 · 2025-03-14 10:55:33 +02:00 · 2025-03-14 10:55:33 +02:00 · fe90d787c2
commit fe90d787c2
parent 0925fa4d4b
4 changed files with 29 additions and 5 deletions
--- a/app/controllers/repp/v1/certificates_controller.rb
+++ b/app/controllers/repp/v1/certificates_controller.rb
@ -36,7 +36,14 @@ module Repp
      desc "Download a specific api user's specific certificate"
      param :type, String, required: true, desc: 'Type of certificate (csr or crt)'
      def download
-        extension = params[:type] == 'p12' ? 'p12' : 'pem'
+        extension = case params[:type]
+                   when 'p12' then 'p12'
+                   when 'private_key' then 'key'
+                   when 'csr' then 'csr'
+                   when 'crt' then 'crt'
+                   else 'pem'
+                   end
+
        filename = "#{@api_user.username}_#{Time.zone.today.strftime('%y%m%d')}_portal.#{extension}"

        data = if params[:type] == 'p12' && @certificate.p12.present?
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@ -52,6 +52,25 @@ class Certificate < ApplicationRecord
    @p_csr ||= OpenSSL::X509::Request.new(csr) if csr
  end

+  def parsed_private_key
+    return nil if private_key.blank?
+    
+    OpenSSL::PKey::RSA.new(private_key)
+  rescue OpenSSL::PKey::RSAError => e
+    Rails.logger.error("Failed to parse private key: #{e.message}")
+    nil
+  end
+
+  def parsed_p12
+    return nil if p12.blank?
+    
+    decoded_p12 = Base64.decode64(p12)
+    OpenSSL::PKCS12.new(decoded_p12, Certificates::CertificateGenerator::P12_PASSWORD)
+  rescue OpenSSL::PKCS12::PKCS12Error => e
+    Rails.logger.error("Failed to parse PKCS12: #{e.message}")
+    nil
+  end
+
  def revoked?
    status == REVOKED
  end
--- a/app/services/certificates/certificate_generator.rb
+++ b/app/services/certificates/certificate_generator.rb
@ -124,7 +124,7 @@ module Certificates
      cert
    end

-    def create_user_p12(key, cert, password = '123456')
+    def create_user_p12(key, cert, password = P12_PASSWORD)
      ca_cert = OpenSSL::X509::Certificate.new(File.read(ca_cert_path))

      p12 = OpenSSL::PKCS12.create(
--- a/lib/serializers/repp/certificate.rb
+++ b/lib/serializers/repp/certificate.rb
@ -9,8 +9,7 @@ module Serializers

      def to_json(obj = certificate)
        json = obj.as_json.except('csr', 'crt', 'private_key', 'p12')
-        
-        # Безопасно извлекаем данные из сертификатов
+
        begin
          csr = obj.parsed_csr
        rescue StandardError => e
@ -46,7 +45,6 @@ module Serializers
        json[:csr] = csr_data(csr) if csr
        json[:crt] = crt_data(crt) if crt
        
-        # Если в тестовой среде данные не удалось извлечь, добавляем заглушки
        if (Rails.env.test? || ENV['SKIP_CERTIFICATE_VALIDATIONS'] == 'true')
          if csr.nil? && obj.csr.present?
            json[:csr] = { version: 0, subject: obj.common_name || 'Test Subject', alg: 'sha256WithRSAEncryption' }