diff options
author | Azul <azul@leap.se> | 2014-07-07 10:05:37 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-07-12 09:14:23 +0200 |
commit | 0e9c41a286b49b5ce52abcf0e014668d0167bbae (patch) | |
tree | 228ceba1ee81ece31c8a514121217145f7fa6af8 /app | |
parent | 1c7308207a9ab46cfb60c72aceaee2b3c82281fe (diff) |
store expiry with cert fingerprints
We used to store the creation date but this way it's easier to query for non expired certs
Diffstat (limited to 'app')
-rw-r--r-- | app/models/client_certificate.rb | 6 | ||||
-rw-r--r-- | app/models/identity.rb | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb index d5bb1e0..6b57985 100644 --- a/app/models/client_certificate.rb +++ b/app/models/client_certificate.rb @@ -25,7 +25,7 @@ class ClientCertificate # set expiration cert.not_before = last_month - cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan]) + cert.not_after = expiry # generate key cert.serial_number.number = cert_serial_number @@ -47,6 +47,10 @@ class ClientCertificate OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':') end + def expiry + @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan]) + end + private def openssl_cert diff --git a/app/models/identity.rb b/app/models/identity.rb index eb67b1b..1d69437 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -146,9 +146,9 @@ class Identity < CouchRest::Model::Base end def register_cert(cert) - today = DateTime.now.to_date.to_s + expiry = cert.expiry.to_data.to_s write_attribute 'cert_fingerprints', - cert_fingerprints.merge(cert.fingerprint => today) + cert_fingerprints.merge(cert.fingerprint => expiry) end # for LoginFormatValidation |