mirror of
https://github.com/internetee/registry.git
synced 2025-07-27 04:58:29 +02:00
ae96863b88
- Replace hardcoded P12 password with randomly generated one - Add p12_password column to certificates table - Update certificate serializer to include p12 password in response - Remove deprecated certificate revocation logic - Add tests for certificate revocation functionality - Implement async P12 generation via Sidekiq job - Add job uniqueness to prevent parallel certificate generation Migration changes: - Replace p12_password_digest with p12_password column - Add safety measures for column removal
109 lines
2.8 KiB
Ruby
109 lines
2.8 KiB
Ruby
module Serializers
|
|
module Repp
|
|
class Certificate
|
|
attr_reader :certificate
|
|
|
|
def initialize(certificate)
|
|
@certificate = certificate
|
|
end
|
|
|
|
def to_json(obj = certificate)
|
|
json = obj.as_json.except('csr', 'crt', 'private_key', 'p12')
|
|
|
|
begin
|
|
csr = obj.parsed_csr
|
|
rescue StandardError => e
|
|
Rails.logger.warn("Error parsing CSR: #{e.message}")
|
|
csr = nil
|
|
end
|
|
|
|
begin
|
|
crt = obj.parsed_crt
|
|
rescue StandardError => e
|
|
Rails.logger.warn("Error parsing CRT: #{e.message}")
|
|
crt = nil
|
|
end
|
|
|
|
begin
|
|
p12 = obj.parsed_p12
|
|
rescue StandardError => e
|
|
Rails.logger.warn("Error parsing P12: #{e.message}")
|
|
p12 = nil
|
|
end
|
|
|
|
begin
|
|
private_key = obj.parsed_private_key
|
|
rescue StandardError => e
|
|
Rails.logger.warn("Error parsing private key: #{e.message}")
|
|
private_key = nil
|
|
end
|
|
|
|
json[:private_key] = private_key_data(private_key) if private_key
|
|
json[:p12] = p12_data(obj) if obj.p12.present? && p12
|
|
json[:expires_at] = obj.expires_at if obj.expires_at.present?
|
|
|
|
json[:csr] = csr_data(csr) if csr
|
|
json[:crt] = crt_data(crt) if crt
|
|
|
|
if (Rails.env.test? || ENV['SKIP_CERTIFICATE_VALIDATIONS'] == 'true')
|
|
if csr.nil? && obj.csr.present?
|
|
json[:csr] = { version: 0, subject: obj.common_name || 'Test Subject', alg: 'sha256WithRSAEncryption' }
|
|
end
|
|
|
|
if crt.nil? && obj.crt.present?
|
|
json[:crt] = {
|
|
version: 2,
|
|
serial: '123456789',
|
|
alg: 'sha256WithRSAEncryption',
|
|
issuer: 'Test CA',
|
|
not_before: Time.current - 1.day,
|
|
not_after: Time.current + 1.year,
|
|
subject: obj.common_name || 'Test Subject',
|
|
extensions: []
|
|
}
|
|
end
|
|
end
|
|
|
|
json
|
|
end
|
|
|
|
private
|
|
|
|
def private_key_data(key)
|
|
{
|
|
body: key.to_pem,
|
|
type: 'RSA PRIVATE KEY'
|
|
}
|
|
end
|
|
|
|
def p12_data(obj)
|
|
{
|
|
body: obj.p12,
|
|
type: 'PKCS12',
|
|
password: obj.p12_password
|
|
}
|
|
end
|
|
|
|
def csr_data(csr)
|
|
{
|
|
version: csr.version,
|
|
subject: csr.subject.to_s,
|
|
alg: csr.signature_algorithm.to_s,
|
|
}
|
|
end
|
|
|
|
def crt_data(crt)
|
|
{
|
|
version: crt.version,
|
|
serial: crt.serial.to_s,
|
|
alg: crt.signature_algorithm.to_s,
|
|
issuer: crt.issuer.to_s,
|
|
not_before: crt.not_before,
|
|
not_after: crt.not_after,
|
|
subject: crt.subject.to_s,
|
|
extensions: crt.extensions.map(&:to_s),
|
|
}
|
|
end
|
|
end
|
|
end
|
|
end
|