summaryrefslogtreecommitdiff
path: root/certs/app
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-04-10 12:45:21 +0200
committerAzul <azul@leap.se>2014-04-10 12:54:36 +0200
commitc1486cb9688d53c5ae266ff22ab279ead12eaa36 (patch)
tree18244bfab76e0786d16b8c97d4fb17358d95e57e /certs/app
parent20197129459d90642c50c27e601ef13ece4a873b (diff)
move certs into toplevel
cleaned up all the engine stuff that was never really used. Afterwards there is not that much left that makes it into the toplevel.
Diffstat (limited to 'certs/app')
-rw-r--r--certs/app/assets/images/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/javascripts/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/stylesheets/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/controllers/.gitkeep0
-rw-r--r--certs/app/controllers/certs_controller.rb50
-rw-r--r--certs/app/helpers/.gitkeep0
-rw-r--r--certs/app/helpers/certs_helper.rb2
-rw-r--r--certs/app/mailers/.gitkeep0
-rw-r--r--certs/app/models/.gitkeep0
-rw-r--r--certs/app/models/client_certificate.rb113
-rw-r--r--certs/app/views/.gitkeep0
11 files changed, 0 insertions, 165 deletions
diff --git a/certs/app/assets/images/leap_web_certs/.gitkeep b/certs/app/assets/images/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/images/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/javascripts/leap_web_certs/.gitkeep b/certs/app/assets/javascripts/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/javascripts/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep b/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/.gitkeep b/certs/app/controllers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/controllers/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
deleted file mode 100644
index 82cbc44..0000000
--- a/certs/app/controllers/certs_controller.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-class CertsController < ApplicationController
-
- before_filter :require_login, :unless => :anonymous_certs_allowed?
-
- # GET /cert
- def show
- @cert = ClientCertificate.new(:prefix => certificate_prefix)
- render text: @cert.to_s, content_type: 'text/plain'
- end
-
- protected
-
- def anonymous_certs_allowed?
- APP_CONFIG[:allow_anonymous_certs]
- end
- #
- # this is some temporary logic until we store the service level in the user db.
- #
- # better logic might look like this:
- #
- # if logged_in?
- # service_level = user.service_level
- # elsif allow_anonymous?
- # service_level = service_levels[:anonymous]
- # else
- # service_level = nil
- # end
- #
- # if service_level.bandwidth == 'limited' && allow_limited?
- # prefix = limited
- # elsif allow_unlimited?
- # prefix = unlimited
- # else
- # prefix = nil
- # end
- #
- def certificate_prefix
- if logged_in?
- if APP_CONFIG[:allow_unlimited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- elsif APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:limited_cert_prefix]
- end
- elsif !APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- else
- APP_CONFIG[:limited_cert_prefix]
- end
- end
-end
diff --git a/certs/app/helpers/.gitkeep b/certs/app/helpers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/helpers/.gitkeep
+++ /dev/null
diff --git a/certs/app/helpers/certs_helper.rb b/certs/app/helpers/certs_helper.rb
deleted file mode 100644
index 94e76b8..0000000
--- a/certs/app/helpers/certs_helper.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-module CertsHelper
-end
diff --git a/certs/app/mailers/.gitkeep b/certs/app/mailers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/mailers/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/.gitkeep b/certs/app/models/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/models/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
deleted file mode 100644
index 76b07a2..0000000
--- a/certs/app/models/client_certificate.rb
+++ /dev/null
@@ -1,113 +0,0 @@
-#
-# Model for certificates
-#
-# This file must be loaded after Config has been loaded.
-#
-require 'base64'
-require 'digest/md5'
-require 'openssl'
-require 'certificate_authority'
-require 'date'
-
-class ClientCertificate
-
- attr_accessor :key # the client private RSA key
- attr_accessor :cert # the client x509 certificate, signed by the CA
-
- #
- # generate the private key and client certificate
- #
- def initialize(options = {})
- cert = CertificateAuthority::Certificate.new
-
- # set subject
- cert.subject.common_name = common_name(options[:prefix])
-
- # set expiration
- cert.not_before = yesterday
- cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
-
- # generate key
- cert.serial_number.number = cert_serial_number
- cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size])
-
- # sign
- cert.parent = ClientCertificate.root_ca
- cert.sign! client_signing_profile
-
- self.key = cert.key_material.private_key
- self.cert = cert
- end
-
- def to_s
- self.key.to_pem + self.cert.to_pem
- end
-
- private
-
- def self.root_ca
- @root_ca ||= begin
- crt = File.read(APP_CONFIG[:client_ca_cert])
- key = File.read(APP_CONFIG[:client_ca_key])
- openssl_cert = OpenSSL::X509::Certificate.new(crt)
- cert = CertificateAuthority::Certificate.from_openssl(openssl_cert)
- cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password])
- cert
- end
- end
-
- #
- # For cert serial numbers, we need a non-colliding number less than 160 bits.
- # md5 will do nicely, since there is no need for a secure hash, just a short one.
- # (md5 is 128 bits)
- #
- def cert_serial_number
- Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16)
- end
-
- def common_name(prefix = nil)
- [prefix, random_common_name].join
- end
-
- #
- # for the random common name, we need a text string that will be unique across all certs.
- # ruby 1.8 doesn't have a built-in uuid generator, or we would use SecureRandom.uuid
- #
- def random_common_name
- cert_serial_number.to_s(36)
- end
-
- def client_signing_profile
- {
- "digest" => APP_CONFIG[:client_cert_hash],
- "extensions" => {
- "keyUsage" => {
- "usage" => ["digitalSignature"]
- },
- "extendedKeyUsage" => {
- "usage" => ["clientAuth"]
- }
- }
- }
- end
-
- ##
- ## TIME HELPERS
- ##
- ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet
- ## are behind UTC.
- ##
-
- def yesterday
- t = Time.now - 24*60*60
- Time.utc t.year, t.month, t.day
- end
-
- def months_from_yesterday(num)
- t = yesterday
- date = Date.new t.year, t.month, t.day
- date = date >> num # >> is months in the future operator
- Time.utc date.year, date.month, date.day
- end
-
-end
diff --git a/certs/app/views/.gitkeep b/certs/app/views/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/views/.gitkeep
+++ /dev/null
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 02:00:59 +0000