diff options
| author | elijah <elijah@riseup.net> | 2015-01-28 12:32:15 -0800 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2015-01-28 12:32:15 -0800 |
| commit | eebe08aba43302b080c7b534a746f0f30359f370 (patch) | |
| tree | 40d20aa9db55319328d70126635a8d84b542828a | |
| parent | 42ba688eabcdb428e0ce230175b72c357bea9cdb (diff) | |
client certificates: allow for time units to be specified in client_cert_lifespan config option.
| -rw-r--r-- | app/models/client_certificate.rb | 8 | ||||
| -rw-r--r-- | config/defaults.yml | 2 | ||||
| -rw-r--r-- | test/integration/api/smtp_cert_test.rb | 3 |
3 files changed, 8 insertions, 5 deletions
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb index 815801e..688d5c0 100644 --- a/app/models/client_certificate.rb +++ b/app/models/client_certificate.rb @@ -48,7 +48,7 @@ class ClientCertificate end def expiry - @expiry ||= lifespan.months.from_now.utc.at_midnight + @expiry ||= lifespan end private @@ -109,12 +109,14 @@ class ClientCertificate # We normalize timestamps at utc and midnight # to reduce the fingerprinting possibilities. # - def last_month 1.month.ago.utc.at_midnight end def lifespan - APP_CONFIG[:client_cert_lifespan] + number, unit = APP_CONFIG[:client_cert_lifespan].split(' ') + unit ||= :months + Time.now.utc.at_midnight.advance(unit.to_sym => number.to_i) end + end diff --git a/config/defaults.yml b/config/defaults.yml index 9eccb5e..9ffdf6a 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ dev_ca: &dev_ca ca_key_password: nil cert_options: &cert_options - client_cert_lifespan: 2 + client_cert_lifespan: "2 months" client_cert_bit_size: 2024 client_cert_hash: "SHA256" allow_limited_certs: false diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb index b1bfd43..2f50ef3 100644 --- a/test/integration/api/smtp_cert_test.rb +++ b/test/integration/api/smtp_cert_test.rb @@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest assert_text_response cert = OpenSSL::X509::Certificate.new(get_response.body) fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':') - expiry = APP_CONFIG[:client_cert_lifespan].months.from_now.utc.midnight + number, unit = APP_CONFIG[:client_cert_lifespan].split(' ') + expiry = Time.now.utc.at_midnight.advance(unit.to_sym => number.to_i) expiry_string = expiry.to_date.to_s fingerprints = {fingerprint => expiry_string} assert_equal fingerprints, @user.reload.identity.cert_fingerprints |