summaryrefslogtreecommitdiff
path: root/certs
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-05-16 08:42:36 +0200
committerAzul <azul@leap.se>2014-05-16 08:42:36 +0200
commit8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /certs
parent81555ec6244ed76f92e3629880f68104b8705817 (diff)
parenta4f7a410c536d88c91c834cab6ee950c71005ddd (diff)
Merge remote-tracking branch 'origin/develop'
Conflicts: app/assets/javascripts/srp test/nagios/soledad_sync.py test/nagios/webapp_login.py
Diffstat (limited to 'certs')
-rw-r--r--certs/Gemfile14
-rw-r--r--certs/Rakefile44
-rw-r--r--certs/Readme.md9
-rw-r--r--certs/app/assets/images/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/javascripts/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/stylesheets/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/controllers/.gitkeep0
-rw-r--r--certs/app/controllers/certs_controller.rb51
-rw-r--r--certs/app/helpers/.gitkeep0
-rw-r--r--certs/app/helpers/certs_helper.rb2
-rw-r--r--certs/app/mailers/.gitkeep0
-rw-r--r--certs/app/models/.gitkeep0
-rw-r--r--certs/app/models/client_certificate.rb113
-rw-r--r--certs/app/views/.gitkeep0
-rw-r--r--certs/config/locales/en.yml2
-rw-r--r--certs/config/routes.rb5
-rw-r--r--certs/leap_web_certs.gemspec21
-rw-r--r--certs/lib/leap_web_certs.rb4
-rw-r--r--certs/lib/leap_web_certs/engine.rb7
-rw-r--r--certs/lib/tasks/leap_web_certs_tasks.rake4
-rwxr-xr-xcerts/script/rails8
-rw-r--r--certs/test/files/ca.crt15
-rw-r--r--certs/test/files/ca.key16
-rw-r--r--certs/test/functional/certs_controller_test.rb44
-rw-r--r--certs/test/integration/navigation_test.rb9
-rw-r--r--certs/test/leap_web_certs_test.rb7
-rw-r--r--certs/test/test_helper.rb10
-rw-r--r--certs/test/unit/client_certificate_test.rb24
28 files changed, 0 insertions, 409 deletions
diff --git a/certs/Gemfile b/certs/Gemfile
deleted file mode 100644
index 992f236..0000000
--- a/certs/Gemfile
+++ /dev/null
@@ -1,14 +0,0 @@
-source "https://rubygems.org"
-
-eval(File.read(File.dirname(__FILE__) + '/../common_dependencies.rb'))
-
-# We require leap_web_core from here so we can use the path option.
-gem "leap_web_core", :path => '../core'
-
-# Declare your gem's dependencies in leap_web_users.gemspec.
-# Bundler will treat runtime dependencies like base dependencies, and
-# development dependencies will be added by default to the :development group.
-gemspec
-
-# To use debugger
-# gem 'ruby-debug'
diff --git a/certs/Rakefile b/certs/Rakefile
deleted file mode 100644
index 54ed86d..0000000
--- a/certs/Rakefile
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/usr/bin/env rake
-
-require 'rake/packagetask'
-require 'rubygems/package_task'
-
-begin
- require 'bundler/setup'
-rescue LoadError
- puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
-begin
- require 'rdoc/task'
-rescue LoadError
- require 'rdoc/rdoc'
- require 'rake/rdoctask'
- RDoc::Task = Rake::RDocTask
-end
-
-RDoc::Task.new(:rdoc) do |rdoc|
- rdoc.rdoc_dir = 'rdoc'
- rdoc.title = 'LeapWebCerts'
- rdoc.options << '--line-numbers'
- rdoc.rdoc_files.include('README.rdoc')
- rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-spec = eval(File.read('leap_web_certs.gemspec'))
-Gem::PackageTask.new(spec) do |p|
- p.gem_spec = spec
-end
-
-Bundler::GemHelper.install_tasks
-
-require 'rake/testtask'
-
-Rake::TestTask.new(:test) do |t|
- t.libs << 'lib'
- t.libs << 'test'
- t.pattern = 'test/**/*_test.rb'
- t.verbose = false
-end
-
-
-task :default => :test
diff --git a/certs/Readme.md b/certs/Readme.md
deleted file mode 100644
index 4ea8d9d..0000000
--- a/certs/Readme.md
+++ /dev/null
@@ -1,9 +0,0 @@
-LeapWebCerts
-=========
-
-
-Configuration
--------------
-
-
-Currently LeapWebCerts falls back to handing out a cert in /config/cert if the cert pool is empty. You need to add that file in the application that includes this engine.
diff --git a/certs/app/assets/images/leap_web_certs/.gitkeep b/certs/app/assets/images/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/images/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/javascripts/leap_web_certs/.gitkeep b/certs/app/assets/javascripts/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/javascripts/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep b/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/.gitkeep b/certs/app/controllers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/controllers/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
deleted file mode 100644
index 62ef3fd..0000000
--- a/certs/app/controllers/certs_controller.rb
+++ /dev/null
@@ -1,51 +0,0 @@
-class CertsController < ApplicationController
-
- before_filter :login_if_required
-
- # GET /cert
- def show
- @cert = ClientCertificate.new(:prefix => certificate_prefix)
- render text: @cert.to_s, content_type: 'text/plain'
- end
-
- protected
-
- def login_if_required
- authorize unless APP_CONFIG[:allow_anonymous_certs]
- end
-
- #
- # this is some temporary logic until we store the service level in the user db.
- #
- # better logic might look like this:
- #
- # if logged_in?
- # service_level = user.service_level
- # elsif allow_anonymous?
- # service_level = service_levels[:anonymous]
- # else
- # service_level = nil
- # end
- #
- # if service_level.bandwidth == 'limited' && allow_limited?
- # prefix = limited
- # elsif allow_unlimited?
- # prefix = unlimited
- # else
- # prefix = nil
- # end
- #
- def certificate_prefix
- if logged_in?
- if APP_CONFIG[:allow_unlimited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- elsif APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:limited_cert_prefix]
- end
- elsif !APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- else
- APP_CONFIG[:limited_cert_prefix]
- end
- end
-end
diff --git a/certs/app/helpers/.gitkeep b/certs/app/helpers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/helpers/.gitkeep
+++ /dev/null
diff --git a/certs/app/helpers/certs_helper.rb b/certs/app/helpers/certs_helper.rb
deleted file mode 100644
index 94e76b8..0000000
--- a/certs/app/helpers/certs_helper.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-module CertsHelper
-end
diff --git a/certs/app/mailers/.gitkeep b/certs/app/mailers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/mailers/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/.gitkeep b/certs/app/models/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/models/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
deleted file mode 100644
index 76b07a2..0000000
--- a/certs/app/models/client_certificate.rb
+++ /dev/null
@@ -1,113 +0,0 @@
-#
-# Model for certificates
-#
-# This file must be loaded after Config has been loaded.
-#
-require 'base64'
-require 'digest/md5'
-require 'openssl'
-require 'certificate_authority'
-require 'date'
-
-class ClientCertificate
-
- attr_accessor :key # the client private RSA key
- attr_accessor :cert # the client x509 certificate, signed by the CA
-
- #
- # generate the private key and client certificate
- #
- def initialize(options = {})
- cert = CertificateAuthority::Certificate.new
-
- # set subject
- cert.subject.common_name = common_name(options[:prefix])
-
- # set expiration
- cert.not_before = yesterday
- cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
-
- # generate key
- cert.serial_number.number = cert_serial_number
- cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size])
-
- # sign
- cert.parent = ClientCertificate.root_ca
- cert.sign! client_signing_profile
-
- self.key = cert.key_material.private_key
- self.cert = cert
- end
-
- def to_s
- self.key.to_pem + self.cert.to_pem
- end
-
- private
-
- def self.root_ca
- @root_ca ||= begin
- crt = File.read(APP_CONFIG[:client_ca_cert])
- key = File.read(APP_CONFIG[:client_ca_key])
- openssl_cert = OpenSSL::X509::Certificate.new(crt)
- cert = CertificateAuthority::Certificate.from_openssl(openssl_cert)
- cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password])
- cert
- end
- end
-
- #
- # For cert serial numbers, we need a non-colliding number less than 160 bits.
- # md5 will do nicely, since there is no need for a secure hash, just a short one.
- # (md5 is 128 bits)
- #
- def cert_serial_number
- Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16)
- end
-
- def common_name(prefix = nil)
- [prefix, random_common_name].join
- end
-
- #
- # for the random common name, we need a text string that will be unique across all certs.
- # ruby 1.8 doesn't have a built-in uuid generator, or we would use SecureRandom.uuid
- #
- def random_common_name
- cert_serial_number.to_s(36)
- end
-
- def client_signing_profile
- {
- "digest" => APP_CONFIG[:client_cert_hash],
- "extensions" => {
- "keyUsage" => {
- "usage" => ["digitalSignature"]
- },
- "extendedKeyUsage" => {
- "usage" => ["clientAuth"]
- }
- }
- }
- end
-
- ##
- ## TIME HELPERS
- ##
- ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet
- ## are behind UTC.
- ##
-
- def yesterday
- t = Time.now - 24*60*60
- Time.utc t.year, t.month, t.day
- end
-
- def months_from_yesterday(num)
- t = yesterday
- date = Date.new t.year, t.month, t.day
- date = date >> num # >> is months in the future operator
- Time.utc date.year, date.month, date.day
- end
-
-end
diff --git a/certs/app/views/.gitkeep b/certs/app/views/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/views/.gitkeep
+++ /dev/null
diff --git a/certs/config/locales/en.yml b/certs/config/locales/en.yml
deleted file mode 100644
index 18e4f47..0000000
--- a/certs/config/locales/en.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-en:
- cert_pool_empty: "Sorry the Cert pool is empty, please check back later."
diff --git a/certs/config/routes.rb b/certs/config/routes.rb
deleted file mode 100644
index cb97757..0000000
--- a/certs/config/routes.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-Rails.application.routes.draw do
- scope '/1' do
- resource :cert, :only => [:show]
- end
-end
diff --git a/certs/leap_web_certs.gemspec b/certs/leap_web_certs.gemspec
deleted file mode 100644
index 21be09d..0000000
--- a/certs/leap_web_certs.gemspec
+++ /dev/null
@@ -1,21 +0,0 @@
-$:.push File.expand_path("../lib", __FILE__)
-
-require File.expand_path('../../lib/leap_web/version.rb', __FILE__)
-
-# Describe your gem and declare its dependencies:
-Gem::Specification.new do |s|
- s.name = "leap_web_certs"
- s.version = LeapWeb::VERSION
- s.authors = ["Azul"]
- s.email = ["azul@leap.se"]
- s.homepage = "http://www.leap.se"
- s.summary = "Cert distribution for the leap platform"
- s.description = "This plugin for the leap platform distributes certs for the EIP client. It fetches the certs from a pool in CouchDB that is filled by leap-ca."
-
- s.files = Dir["{app,config,db,lib}/**/*"] + ["Rakefile", "Readme.md"]
- s.test_files = Dir["test/**/*"]
-
- s.add_dependency "leap_web_core", LeapWeb::VERSION
- s.add_dependency "certificate_authority", [">= 0.2.0"]
-
-end
diff --git a/certs/lib/leap_web_certs.rb b/certs/lib/leap_web_certs.rb
deleted file mode 100644
index beb683d..0000000
--- a/certs/lib/leap_web_certs.rb
+++ /dev/null
@@ -1,4 +0,0 @@
-require "leap_web_certs/engine"
-
-module LeapWebCerts
-end
diff --git a/certs/lib/leap_web_certs/engine.rb b/certs/lib/leap_web_certs/engine.rb
deleted file mode 100644
index 3c8948a..0000000
--- a/certs/lib/leap_web_certs/engine.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-require "leap_web_core"
-
-module LeapWebCerts
- class Engine < ::Rails::Engine
-
- end
-end
diff --git a/certs/lib/tasks/leap_web_certs_tasks.rake b/certs/lib/tasks/leap_web_certs_tasks.rake
deleted file mode 100644
index e8fb7ff..0000000
--- a/certs/lib/tasks/leap_web_certs_tasks.rake
+++ /dev/null
@@ -1,4 +0,0 @@
-# desc "Explaining what the task does"
-# task :leap_web_certs do
-# # Task goes here
-# end
diff --git a/certs/script/rails b/certs/script/rails
deleted file mode 100755
index 616d3c9..0000000
--- a/certs/script/rails
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env ruby1.8
-# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
-
-ENGINE_ROOT = File.expand_path('../..', __FILE__)
-ENGINE_PATH = File.expand_path('../../lib/leap_web_certs/engine', __FILE__)
-
-require 'rails/all'
-require 'rails/engine/commands'
diff --git a/certs/test/files/ca.crt b/certs/test/files/ca.crt
deleted file mode 100644
index 8393eee..0000000
--- a/certs/test/files/ca.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICYDCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA7MREwDwYDVQQKDAh0ZXN0
-IG9yZzESMBAGA1UECwwJdGVzdCB1bml0MRIwEAYDVQQDDAl0ZXN0IG5hbWUwIBcN
-MTMwMjA1MDAwMDAwWhgPMjExMzAyMDUwMDAwMDBaMDsxETAPBgNVBAoMCHRlc3Qg
-b3JnMRIwEAYDVQQLDAl0ZXN0IHVuaXQxEjAQBgNVBAMMCXRlc3QgbmFtZTCBqDAN
-BgkqhkiG9w0BAQEFAAOBlgAwgZICgYoAx076Dz8zswvCLuz0HP3Y3PWOgFDo9+8o
-H4uXRcTpd+yw+5B79xjtQ7ojQy2465Jq00nkzHI6V1otM2uvVVIOcNk0t1HEjmK0
-T/r96dDHc59YvVQ+XPrzuQ4t3iREy8IAPNbc3r29PVZkMdGpeSYxyY1mUKza4DcY
-My4SVko9pcP8zJBD4bHgEa0CAwEAAaNgMF4wHQYDVR0OBBYEFOQ+d2EUwBpi93TJ
-9AX4Okew5/UIMA4GA1UdDwEB/wQEAwICBDAMBgNVHRMEBTADAQH/MB8GA1UdIwQY
-MBaAFOQ+d2EUwBpi93TJ9AX4Okew5/UIMA0GCSqGSIb3DQEBDQUAA4GKAJW9/39P
-VbVjH9C7F0XMOpd9nWBe9NUoiw36ZFZw95dqfUm6j5f3nejWG4lEtyMFu5i5rAw6
-GdDSXmq4sUqWTaJmQmZyY+WggQR4UGWJ0I18HRDiPxuA++OfkGzA20Gmvk+CIw/J
-QLHlVjLyyUwaA+EO88rEcdc9VnGL/Xgjh8C/PYH2DpWw/kJa
------END CERTIFICATE-----
diff --git a/certs/test/files/ca.key b/certs/test/files/ca.key
deleted file mode 100644
index 125997f..0000000
--- a/certs/test/files/ca.key
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIChAIBAAKBigDHTvoPPzOzC8Iu7PQc/djc9Y6AUOj37ygfi5dFxOl37LD7kHv3
-GO1DuiNDLbjrkmrTSeTMcjpXWi0za69VUg5w2TS3UcSOYrRP+v3p0Mdzn1i9VD5c
-+vO5Di3eJETLwgA81tzevb09VmQx0al5JjHJjWZQrNrgNxgzLhJWSj2lw/zMkEPh
-seARrQIDAQABAoGJIvn0HircOsaMfEmvCUtu/E/HgzMvvxrkMqz/jgnhYt9Rq8QO
-TS29rY4D1C0473ZRcuTb1xkQrfWwSv7R1SpCSIGFo8obtGb0NjNaYGyQ0IrYDjk8
-H5kYFEY4X4oqFhgy3owewaZZLxLD336ARRj2HhsLzA+4nD/wF7Q+bggpuMdkM2Uj
-tn12rIECRQ/XqIGF8jLw9IDMkr9kkfT+n03p8sOd4g7iSw0sknlzaZZpIDvibkyN
-SDKM7VX4VQa7u58+sCF4ylwi0UQu7/VT7Smp4QJFDJSoEOKplBvaT9fTfdVKjE4P
-QyCAWEsb6Up8KKswhtDqiWeFtktIvx1Mkxn25erLms3cUEBde//rwNB+6ItBR/N8
-4RlNAkUPLsc3Gn+7gmFQ7r3U3zViboON0B/wiWcUjJsQzR6zdoBCvg0+VwsOIniG
-ubjbI1uZUGHHg/SYn4KQOm4DwlgF7aDkxQECRQjVZMEedlXxzLOdZvoHBuZHdT38
-F0Jn0rxXOaDQuy0eimBamS+r4vOWngr4Az3jRH15KMYMu9dyllX3z/R2uyrLVBc2
-TQJFBEHIjoMVgP2h+N6VUDgPOhnxnnLvowOtX23J1y2foKwfZrHH38LNcWmuaGUi
-fz6EYeUO20D174GfhqB0j6yR50ejPjYD
------END RSA PRIVATE KEY-----
diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb
deleted file mode 100644
index 503e74b..0000000
--- a/certs/test/functional/certs_controller_test.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-require 'test_helper'
-
-class CertsControllerTest < ActionController::TestCase
-
- test "send limited cert without login" do
- with_config allow_limited_certs: true, allow_anonymous_certs: true do
- cert = stub :to_s => "limited cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
- get :show
- assert_response :success
- assert_equal cert.to_s, @response.body
- end
- end
-
- test "send unlimited cert" do
- with_config allow_unlimited_certs: true do
- login
- cert = stub :to_s => "unlimited cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:unlimited_cert_prefix]).returns(cert)
- get :show
- assert_response :success
- assert_equal cert.to_s, @response.body
- end
- end
-
- test "login required if anonymous certs disabled" do
- with_config allow_anonymous_certs: false do
- get :show
- assert_response :redirect
- end
- end
-
- test "send limited cert" do
- with_config allow_limited_certs: true, allow_unlimited_certs: false do
- login
- cert = stub :to_s => "real cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
- get :show
- assert_response :success
- assert_equal cert.to_s, @response.body
- end
- end
-
-end
diff --git a/certs/test/integration/navigation_test.rb b/certs/test/integration/navigation_test.rb
deleted file mode 100644
index eec8c0e..0000000
--- a/certs/test/integration/navigation_test.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-require 'test_helper'
-
-class NavigationTest < ActionDispatch::IntegrationTest
-
- # test "the truth" do
- # assert true
- # end
-end
-
diff --git a/certs/test/leap_web_certs_test.rb b/certs/test/leap_web_certs_test.rb
deleted file mode 100644
index ee2058b..0000000
--- a/certs/test/leap_web_certs_test.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-require 'test_helper'
-
-class LeapWebCertsTest < ActiveSupport::TestCase
- test "truth" do
- assert_kind_of Module, LeapWebCerts
- end
-end
diff --git a/certs/test/test_helper.rb b/certs/test/test_helper.rb
deleted file mode 100644
index f6b4eb8..0000000
--- a/certs/test/test_helper.rb
+++ /dev/null
@@ -1,10 +0,0 @@
-ENV["RAILS_ENV"] = "test"
-require File.expand_path('../../../test/dummy/config/environment', __FILE__)
-require 'rails/test_help'
-require 'mocha/setup'
-
-Rails.backtrace_cleaner.remove_silencers!
-
-# Load support files
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
-
diff --git a/certs/test/unit/client_certificate_test.rb b/certs/test/unit/client_certificate_test.rb
deleted file mode 100644
index 036e724..0000000
--- a/certs/test/unit/client_certificate_test.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-require 'test_helper'
-
-class ClientCertificateTest < ActiveSupport::TestCase
-
- test "new cert has all we need" do
- sample = ClientCertificate.new
- assert sample.key
- assert sample.cert
- assert sample.to_s
- end
-
- test "cert has configured prefix" do
- prefix = "PREFIX"
- sample = ClientCertificate.new(:prefix => prefix)
- assert sample.cert.subject.common_name.starts_with?(prefix)
- end
-
- test "cert issuer matches ca subject" do
- sample = ClientCertificate.new
- cert = OpenSSL::X509::Certificate.new(sample.cert.to_pem)
- assert_equal ClientCertificate.root_ca.openssl_body.subject, cert.issuer
- end
-
-end