store expiry with cert fingerprints

We used to store the creation date but this way it's easier to query for non expired certs
author: Azul <azul@leap.se> 2014-07-07 10:05:37 +0200
committer: Azul <azul@leap.se> 2014-07-12 09:14:23 +0200
commit: 0e9c41a286b49b5ce52abcf0e014668d0167bbae (patch)
tree: 228ceba1ee81ece31c8a514121217145f7fa6af8 /app/models/client_certificate.rb
parent: 1c7308207a9ab46cfb60c72aceaee2b3c82281fe (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index d5bb1e0..6b57985 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -25,7 +25,7 @@ class ClientCertificate
 
     # set expiration
     cert.not_before = last_month
-    cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+    cert.not_after = expiry
 
     # generate key
     cert.serial_number.number = cert_serial_number
@@ -47,6 +47,10 @@ class ClientCertificate
     OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':')
   end
 
+  def expiry
+    @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+  end
+
   private
 
   def openssl_cert
author	Azul <azul@leap.se>	2014-07-07 10:05:37 +0200
committer	Azul <azul@leap.se>	2014-07-12 09:14:23 +0200
commit	0e9c41a286b49b5ce52abcf0e014668d0167bbae (patch)
tree	228ceba1ee81ece31c8a514121217145f7fa6af8 /app/models/client_certificate.rb
parent	1c7308207a9ab46cfb60c72aceaee2b3c82281fe (diff)