diff options
author | Azul <azul@leap.se> | 2013-01-26 11:03:18 +0100 |
---|---|---|
committer | Azul <azul@leap.se> | 2013-01-26 11:05:34 +0100 |
commit | 4c2abd107f5959ea0f15f052acf73440648d8d52 (patch) | |
tree | e26729c937d9f4f8c7695ae1368ae0a8c332611b | |
parent | 88d566a7cdb2cc427eba1a9890eedf93605c17f1 (diff) |
moving leap_ca configs into defaults.yml
-rw-r--r-- | certs/app/models/client_certificate.rb | 15 | ||||
-rw-r--r-- | certs/test/files/ca.crt | 14 | ||||
-rw-r--r-- | certs/test/files/ca.key | 18 | ||||
-rw-r--r-- | config/defaults.yml | 16 |
4 files changed, 55 insertions, 8 deletions
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb index 23b66a2..0b1e43f 100644 --- a/certs/app/models/client_certificate.rb +++ b/certs/app/models/client_certificate.rb @@ -11,7 +11,6 @@ require 'date' class ClientCertificate < CouchRest::Model::Base - # No config yet. use_database LeapCA::Config.db_name use_database 'client_certificates' timestamps! @@ -62,16 +61,16 @@ class ClientCertificate < CouchRest::Model::Base cert.subject.common_name = random_common_name # set expiration - self.valid_until = months_from_yesterday(Config.client_cert_lifespan) + self.valid_until = months_from_yesterday(APP_CONFIG[:client_cert_lifespan]) cert.not_before = yesterday cert.not_after = self.valid_until # generate key cert.serial_number.number = cert_serial_number - cert.key_material.generate_key(Config.client_cert_bit_size) + cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size]) # sign - cert.parent = Cert.root_ca + cert.parent = ClientCertificate.root_ca cert.sign! client_signing_profile self.key = cert.key_material.private_key.to_pem @@ -86,11 +85,11 @@ class ClientCertificate < CouchRest::Model::Base def self.root_ca @root_ca ||= begin - crt = File.read(Config.ca_cert_path) - key = File.read(Config.ca_key_path) + crt = File.read(APP_CONFIG[:ca_cert_path]) + key = File.read(APP_CONFIG[:ca_key_path]) openssl_cert = OpenSSL::X509::Certificate.new(crt) cert = CertificateAuthority::Certificate.from_openssl(openssl_cert) - cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, Config.ca_key_password) + cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password]) cert end end @@ -114,7 +113,7 @@ class ClientCertificate < CouchRest::Model::Base def client_signing_profile { - "digest" => Config.client_cert_hash, + "digest" => APP_CONFIG[:client_cert_hash], "extensions" => { "keyUsage" => { "usage" => ["digitalSignature"] diff --git a/certs/test/files/ca.crt b/certs/test/files/ca.crt new file mode 100644 index 0000000..cade598 --- /dev/null +++ b/certs/test/files/ca.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICPDCCAYmgAwIBAgIEUKCI4DANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDExlS +b290IENBIGZvciBydW5uaW5nIHRlc3RzMB4XDTEyMTExMjA1MjgwMFoXDTEzMTEx +MjA1MjgwMFowJDEiMCAGA1UEAxMZUm9vdCBDQSBmb3IgcnVubmluZyB0ZXN0czCB +uzANBgkqhkiG9w0BAQEFAAOBqQAwgaUCgZ0ApeqCGQOmiHxCFxsfUKmBV6ruOYar +EsepFAycTmmakXBjNj4B9Pd3gE3Cc56rvkq0uxluRvqspzpEOQpCg8M5fkft/fxS +acw+ackj3ys7r0MrXgL66QeLnNGe8+RjBO8UHb3OPx547hqUHVg+3HqSCdn9cGQX +9//EJrnSJsLuZw9ktkN4Ytyd1deZo6AkiIeCyz0HxKQBIhdJAPRlAgMBAAGjQzBB +MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUBe1l +BbuGErEkHLffGvkY5dDOH1YwDQYJKoZIhvcNAQELBQADgZ0ADpudncToYPS183w8 +c68dObCCvNfv/FTBg4ihCLW6PapADYuvXmCvXgHflylET+rFdcrnUfl+XjNT5IjF +ImUyyOnCiy7scRgY+9qrEb7neH4CopGZKkWBTadZLu0QZqMcsWyAZBzaI8tBwL+G ++ylSgw3xTSf/HFjmTJAlDzUieV4DufrPqz7Yx0GrTswdJOcccc/PWUvQIU1GXvto +-----END CERTIFICATE----- diff --git a/certs/test/files/ca.key b/certs/test/files/ca.key new file mode 100644 index 0000000..d266ef7 --- /dev/null +++ b/certs/test/files/ca.key @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIC2gIBAAKBnQCl6oIZA6aIfEIXGx9QqYFXqu45hqsSx6kUDJxOaZqRcGM2PgH0 +93eATcJznqu+SrS7GW5G+qynOkQ5CkKDwzl+R+39/FJpzD5pySPfKzuvQyteAvrp +B4uc0Z7z5GME7xQdvc4/HnjuGpQdWD7cepIJ2f1wZBf3/8QmudImwu5nD2S2Q3hi +3J3V15mjoCSIh4LLPQfEpAEiF0kA9GUCAwEAAQKBnAKz9FSgqO42Sq6tBBtAolkh +nBSXK2L4mmTiOQr/UMOnzLtN0qMBWRK1Bu2dRcz+0zztEs0t45wsfdS0DxYDGy+s +elBrSOhs/w34IeZ5LM6xY0u4HZDmhn0pQNo6QZcFICr0GkkYdmWDlkLvIeJ/u6+q +nmyqAQXvj3R4nA7hrKUXzJjfvN3RYrhLN+/T41zLybeJ5vLZQK3jJSiIjQJPAMhS +HTIbYTUi2pxYVSwJDY4S2klTdroNGvTCkqcTRcB4Ms70FGLPZ6+ZumrkbSohHUsj +gDRRy3e4fjA9qMSQynVr2gkUobsR0tAdQGVOKwJPANQIUPaTc2ouNYNLAiHoAXoL +qAcF5g7/vtlMOwr+16EYoG7bLbiEie7nBfg9zz/VUnvOEy6pZ89YvsZOMlGicsRs ++tfUM1g/u0ZFEoQPrwJOC6bbE+ML0G9qj9WDfsA4DZ+DGujD6yZ//uSiax1v3TYg +nnEMDoNJ4KjscvM+dkjez1QNTP3E+/27OUsc2fIiFJplYEnW7m6m+Hv7FulpAk8A +tiASk0oiV/ErLARw53jmU9PRV378lqOcZgAxswclZo3FuJLxmc3WwOuV2B4Xd+gf +epKPLYR708GR1Lp0RGS6GfjWGi9+ju3nSbuo5OCnAk5yun/UvDdtnZ6fXo9aF22/ +yoiztru7yhJdVrMx3PbbndfN2y9ctqcd6CD5fIQdyZ4K8eTr686RjH8C0XP095Ib +an3AO/TQG1c4yE2hSvQ= +-----END RSA PRIVATE KEY----- diff --git a/config/defaults.yml b/config/defaults.yml index 4ffa2c9..f5a7c07 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -1,11 +1,27 @@ +dev_ca: &dev_ca + ca_key_path: "./certs/test/files/ca.key" + ca_key_password: nil + ca_cert_path: "./certs/test/files/ca.crt" + +cert_options: &cert_options + client_cert_lifespan: 2 + client_cert_bit_size: 2024 + client_cert_hash: "SHA256" + development: + <<: *dev_ca + <<: *cert_options admins: [admin, admin2] domain: develop.me test: + <<: *dev_ca + <<: *cert_options admins: [admin, admin2] domain: test.me + production: + <<: *cert_options admins: [] domain: deploy.me |