moving leap_ca configs into defaults.yml

4 files changed, 55 insertions, 8 deletions

diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
index 23b66a2..0b1e43f 100644
--- a/certs/app/models/client_certificate.rb
+++ b/certs/app/models/client_certificate.rb
@@ -11,7 +11,6 @@ require 'date'
 
 class ClientCertificate < CouchRest::Model::Base
 
-  # No config yet.    use_database LeapCA::Config.db_name
   use_database 'client_certificates'
 
   timestamps!
@@ -62,16 +61,16 @@ class ClientCertificate < CouchRest::Model::Base
     cert.subject.common_name = random_common_name
 
     # set expiration
-    self.valid_until = months_from_yesterday(Config.client_cert_lifespan)
+    self.valid_until = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
     cert.not_before = yesterday
     cert.not_after = self.valid_until
 
     # generate key
     cert.serial_number.number = cert_serial_number
-    cert.key_material.generate_key(Config.client_cert_bit_size)
+    cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size])
 
     # sign
-    cert.parent = Cert.root_ca
+    cert.parent = ClientCertificate.root_ca
     cert.sign! client_signing_profile
 
     self.key = cert.key_material.private_key.to_pem
@@ -86,11 +85,11 @@ class ClientCertificate < CouchRest::Model::Base
 
   def self.root_ca
     @root_ca ||= begin
-                   crt = File.read(Config.ca_cert_path)
-                   key = File.read(Config.ca_key_path)
+                   crt = File.read(APP_CONFIG[:ca_cert_path])
+                   key = File.read(APP_CONFIG[:ca_key_path])
                    openssl_cert = OpenSSL::X509::Certificate.new(crt)
                    cert = CertificateAuthority::Certificate.from_openssl(openssl_cert)
-                   cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, Config.ca_key_password)
+                   cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password])
                    cert
                  end
   end
@@ -114,7 +113,7 @@ class ClientCertificate < CouchRest::Model::Base
 
   def client_signing_profile
     {
-      "digest" => Config.client_cert_hash,
+      "digest" => APP_CONFIG[:client_cert_hash],
       "extensions" => {
       "keyUsage" => {
       "usage" => ["digitalSignature"]
diff --git a/certs/test/files/ca.crt b/certs/test/files/ca.crt
new file mode 100644
index 0000000..cade598
--- /dev/null
+++ b/certs/test/files/ca.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICPDCCAYmgAwIBAgIEUKCI4DANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDExlS
+b290IENBIGZvciBydW5uaW5nIHRlc3RzMB4XDTEyMTExMjA1MjgwMFoXDTEzMTEx
+MjA1MjgwMFowJDEiMCAGA1UEAxMZUm9vdCBDQSBmb3IgcnVubmluZyB0ZXN0czCB
+uzANBgkqhkiG9w0BAQEFAAOBqQAwgaUCgZ0ApeqCGQOmiHxCFxsfUKmBV6ruOYar
+EsepFAycTmmakXBjNj4B9Pd3gE3Cc56rvkq0uxluRvqspzpEOQpCg8M5fkft/fxS
+acw+ackj3ys7r0MrXgL66QeLnNGe8+RjBO8UHb3OPx547hqUHVg+3HqSCdn9cGQX
+9//EJrnSJsLuZw9ktkN4Ytyd1deZo6AkiIeCyz0HxKQBIhdJAPRlAgMBAAGjQzBB
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUBe1l
+BbuGErEkHLffGvkY5dDOH1YwDQYJKoZIhvcNAQELBQADgZ0ADpudncToYPS183w8
+c68dObCCvNfv/FTBg4ihCLW6PapADYuvXmCvXgHflylET+rFdcrnUfl+XjNT5IjF
+ImUyyOnCiy7scRgY+9qrEb7neH4CopGZKkWBTadZLu0QZqMcsWyAZBzaI8tBwL+G
++ylSgw3xTSf/HFjmTJAlDzUieV4DufrPqz7Yx0GrTswdJOcccc/PWUvQIU1GXvto
+-----END CERTIFICATE-----
diff --git a/certs/test/files/ca.key b/certs/test/files/ca.key
new file mode 100644
index 0000000..d266ef7
--- /dev/null
+++ b/certs/test/files/ca.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIC2gIBAAKBnQCl6oIZA6aIfEIXGx9QqYFXqu45hqsSx6kUDJxOaZqRcGM2PgH0
+93eATcJznqu+SrS7GW5G+qynOkQ5CkKDwzl+R+39/FJpzD5pySPfKzuvQyteAvrp
+B4uc0Z7z5GME7xQdvc4/HnjuGpQdWD7cepIJ2f1wZBf3/8QmudImwu5nD2S2Q3hi
+3J3V15mjoCSIh4LLPQfEpAEiF0kA9GUCAwEAAQKBnAKz9FSgqO42Sq6tBBtAolkh
+nBSXK2L4mmTiOQr/UMOnzLtN0qMBWRK1Bu2dRcz+0zztEs0t45wsfdS0DxYDGy+s
+elBrSOhs/w34IeZ5LM6xY0u4HZDmhn0pQNo6QZcFICr0GkkYdmWDlkLvIeJ/u6+q
+nmyqAQXvj3R4nA7hrKUXzJjfvN3RYrhLN+/T41zLybeJ5vLZQK3jJSiIjQJPAMhS
+HTIbYTUi2pxYVSwJDY4S2klTdroNGvTCkqcTRcB4Ms70FGLPZ6+ZumrkbSohHUsj
+gDRRy3e4fjA9qMSQynVr2gkUobsR0tAdQGVOKwJPANQIUPaTc2ouNYNLAiHoAXoL
+qAcF5g7/vtlMOwr+16EYoG7bLbiEie7nBfg9zz/VUnvOEy6pZ89YvsZOMlGicsRs
++tfUM1g/u0ZFEoQPrwJOC6bbE+ML0G9qj9WDfsA4DZ+DGujD6yZ//uSiax1v3TYg
+nnEMDoNJ4KjscvM+dkjez1QNTP3E+/27OUsc2fIiFJplYEnW7m6m+Hv7FulpAk8A
+tiASk0oiV/ErLARw53jmU9PRV378lqOcZgAxswclZo3FuJLxmc3WwOuV2B4Xd+gf
+epKPLYR708GR1Lp0RGS6GfjWGi9+ju3nSbuo5OCnAk5yun/UvDdtnZ6fXo9aF22/
+yoiztru7yhJdVrMx3PbbndfN2y9ctqcd6CD5fIQdyZ4K8eTr686RjH8C0XP095Ib
+an3AO/TQG1c4yE2hSvQ=
+-----END RSA PRIVATE KEY-----
diff --git a/config/defaults.yml b/config/defaults.yml
index 4ffa2c9..f5a7c07 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -1,11 +1,27 @@
+dev_ca: &dev_ca
+  ca_key_path: "./certs/test/files/ca.key"
+  ca_key_password: nil
+  ca_cert_path: "./certs/test/files/ca.crt"
+
+cert_options: &cert_options
+  client_cert_lifespan: 2
+  client_cert_bit_size: 2024
+  client_cert_hash: "SHA256"
+
 development:
+  <<: *dev_ca
+  <<: *cert_options
   admins: [admin, admin2]
   domain: develop.me
 
 test:
+  <<: *dev_ca
+  <<: *cert_options
   admins: [admin, admin2]
   domain: test.me
+  
 
 production:
+  <<: *cert_options
   admins: []
   domain: deploy.me