- Fix PKCS12 container parsing by using consistent password
- Add proper file extensions for certificate downloads (.key, .csr, .crt)
- Improve private key parsing by removing unnecessary Base64 decoding
- Add error logging for certificate parsing failures
- Clean up certificate serializer code
The main changes include:
- Using P12_PASSWORD consistently across generation and parsing
- Adding proper file extensions for different certificate types
- Fixing private key parsing to handle PEM format correctly
- Adding detailed error logging for debugging purposes
- Removing redundant code comments and improving code clarity
This commit improves the reliability of certificate handling
and provides better user experience with correct file extensions.
- Refactor certificate generation into a dedicated service object
- Add Base64 encoding for p12 binary data storage
- Implement serial number generation and storage
- Remove deprecated certificate generation code
- Simplify certificate status checks
- Update certificate controller to use new generator
- Add proper password handling for p12 containers
The main changes include:
- Moving certificate generation logic to CertificateGenerator service
- Proper handling of binary data encoding
- Implementing serial number tracking for future CRL support
- Removing old certificate generation and validation code
- Simplifying the certificate lifecycle management
This commit provides a more maintainable and robust certificate
generation system while preparing for future CRL implementation.
Fix p12 containers being incorrectly generated with revoked status
Add proper serial number generation based on current time
Improve CRL handling in certificate_revoked? method
Fix controller parameter naming from cert_params to p12_params
Add comprehensive tests for certificate status and CRL handling
Include diagnostic methods for troubleshooting CRL issues
This commit resolves the issue where certificates were incorrectly
considered revoked during p12 container generation due to missing
or improperly handled CRL files.
The test for Certificate.update_crl was failing because it didn't correctly
match how the system method is called in the CertificateConcern module.
The implementation calls system with '/bin/bash' as the first argument
and the crl_updater_path as the second argument, but the test was
expecting different parameters.
- Simplified the test_update_crl_should_call_crl_updater_script test to
directly verify the script path is used without trying to intercept
the system call
- Added proper environment variable handling for crl_updater_path
- Ensured original method is restored after test execution
Update certificate download functionality to use appropriate file extensions:
- Use .p12 extension for PKCS#12 files
- Keep .pem extension for PEM-encoded files (CSR, CRT, private key)
This change ensures that downloaded certificate files have the correct extension based on their format, making it easier for users to identify and use the files correctly.
- Create UserCertificate model with validations and certificate renewal logic
- Add tests for UserCertificate model functionality
- Add user certificates fixtures for testing
- Add association between ApiUser and UserCertificates
- Add required gems: dry-types, dry-struct, openssl
- Add /certs to .gitignore
This commit implements the base model for storing user certificates in the
database, including private keys, CSRs, certificates and P12 files. The model
includes basic validation and certificate renewal functionality, with
comprehensive test coverage.
- Add force_delete_domain_statuses_history_data to store force delete metadata
- Update force delete queries to use new JSON status history
- Refactor force delete tests to use travel_to helper
- Remove direct force_delete_start field usage
- Update status notes to include company identification number
- Add environment variable 'allow_validate_business_contacts' to control business contact validation
- Remove redundant company_is_relevant? method
- Add integration test for skipping company validation
- Add tracking of lifted force delete domains with reason and date in json_statuses_history
- Modify ForceDeleteDailyAdminNotifierJob to include both force deleted and lifted domains
- Update admin mailer template to show separate tables for force deleted and lifted domains
- Update tests to reflect new functionality and fix timing issues with yesterday's data
Key changes:
- Store lift reason and date when canceling force delete
- Add new query method for finding lifted force delete domains
- Split email template into two sections
- Fix tests to properly handle the yesterday time window
- Split IP validation logic for IPv4 and IPv6 addresses
- Add specific validation for IPv6 to allow only single addresses (/128) or /64 ranges
- Remove old network address calculation for IPv6
- Keep IPv4 address limit validation unchanged
- Add localization for new IPv6 validation error message
- Add test coverage for IPv6 validation:
* Test for valid /64 range
* Test for valid single address
* Test for invalid ranges (/48 and /96)
- Add AgeValidation module for consistent age checks
- Validate admin contacts must be at least 18 years old
- Move age validation logic from Domain to shared module
- Add tests for admin contact age validation
- Fix JSON format for admin_contacts_allowed_ident_type setting
This change ensures that administrative contacts must be adults (18+),
using the same age validation logic as for registrants. The validation
works with both birthday and Estonian ID formats. Settings are now
properly stored as JSON strings for consistent parsing.
