summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2015-01-28 12:32:15 -0800
committerelijah <elijah@riseup.net>2015-01-28 12:32:15 -0800
commiteebe08aba43302b080c7b534a746f0f30359f370 (patch)
tree40d20aa9db55319328d70126635a8d84b542828a
parent42ba688eabcdb428e0ce230175b72c357bea9cdb (diff)
client certificates: allow for time units to be specified in client_cert_lifespan config option.
-rw-r--r--app/models/client_certificate.rb8
-rw-r--r--config/defaults.yml2
-rw-r--r--test/integration/api/smtp_cert_test.rb3
3 files changed, 8 insertions, 5 deletions
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 815801e..688d5c0 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -48,7 +48,7 @@ class ClientCertificate
end
def expiry
- @expiry ||= lifespan.months.from_now.utc.at_midnight
+ @expiry ||= lifespan
end
private
@@ -109,12 +109,14 @@ class ClientCertificate
# We normalize timestamps at utc and midnight
# to reduce the fingerprinting possibilities.
#
-
def last_month
1.month.ago.utc.at_midnight
end
def lifespan
- APP_CONFIG[:client_cert_lifespan]
+ number, unit = APP_CONFIG[:client_cert_lifespan].split(' ')
+ unit ||= :months
+ Time.now.utc.at_midnight.advance(unit.to_sym => number.to_i)
end
+
end
diff --git a/config/defaults.yml b/config/defaults.yml
index 9eccb5e..9ffdf6a 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@ dev_ca: &dev_ca
ca_key_password: nil
cert_options: &cert_options
- client_cert_lifespan: 2
+ client_cert_lifespan: "2 months"
client_cert_bit_size: 2024
client_cert_hash: "SHA256"
allow_limited_certs: false
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index b1bfd43..2f50ef3 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest
assert_text_response
cert = OpenSSL::X509::Certificate.new(get_response.body)
fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
- expiry = APP_CONFIG[:client_cert_lifespan].months.from_now.utc.midnight
+ number, unit = APP_CONFIG[:client_cert_lifespan].split(' ')
+ expiry = Time.now.utc.at_midnight.advance(unit.to_sym => number.to_i)
expiry_string = expiry.to_date.to_s
fingerprints = {fingerprint => expiry_string}
assert_equal fingerprints, @user.reload.identity.cert_fingerprints