summaryrefslogtreecommitdiff
path: root/certs
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-04-10 12:45:21 +0200
committerAzul <azul@leap.se>2014-04-10 12:54:36 +0200
commitc1486cb9688d53c5ae266ff22ab279ead12eaa36 (patch)
tree18244bfab76e0786d16b8c97d4fb17358d95e57e /certs
parent20197129459d90642c50c27e601ef13ece4a873b (diff)
move certs into toplevel
cleaned up all the engine stuff that was never really used. Afterwards there is not that much left that makes it into the toplevel.
Diffstat (limited to 'certs')
-rw-r--r--certs/Gemfile14
-rw-r--r--certs/Rakefile44
-rw-r--r--certs/Readme.md9
-rw-r--r--certs/app/assets/images/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/javascripts/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/stylesheets/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/controllers/.gitkeep0
-rw-r--r--certs/app/controllers/certs_controller.rb50
-rw-r--r--certs/app/helpers/.gitkeep0
-rw-r--r--certs/app/helpers/certs_helper.rb2
-rw-r--r--certs/app/mailers/.gitkeep0
-rw-r--r--certs/app/models/.gitkeep0
-rw-r--r--certs/app/models/client_certificate.rb113
-rw-r--r--certs/app/views/.gitkeep0
-rw-r--r--certs/config/locales/en.yml2
-rw-r--r--certs/config/routes.rb5
-rw-r--r--certs/leap_web_certs.gemspec20
-rw-r--r--certs/lib/leap_web_certs.rb4
-rw-r--r--certs/lib/leap_web_certs/engine.rb5
-rw-r--r--certs/lib/tasks/leap_web_certs_tasks.rake4
-rwxr-xr-xcerts/script/rails8
-rw-r--r--certs/test/files/ca.crt15
-rw-r--r--certs/test/files/ca.key16
-rw-r--r--certs/test/functional/certs_controller_test.rb44
-rw-r--r--certs/test/integration/navigation_test.rb9
-rw-r--r--certs/test/leap_web_certs_test.rb7
-rw-r--r--certs/test/test_helper.rb10
-rw-r--r--certs/test/unit/client_certificate_test.rb24
28 files changed, 0 insertions, 405 deletions
diff --git a/certs/Gemfile b/certs/Gemfile
deleted file mode 100644
index 992f236..0000000
--- a/certs/Gemfile
+++ /dev/null
@@ -1,14 +0,0 @@
-source "https://rubygems.org"
-
-eval(File.read(File.dirname(__FILE__) + '/../common_dependencies.rb'))
-
-# We require leap_web_core from here so we can use the path option.
-gem "leap_web_core", :path => '../core'
-
-# Declare your gem's dependencies in leap_web_users.gemspec.
-# Bundler will treat runtime dependencies like base dependencies, and
-# development dependencies will be added by default to the :development group.
-gemspec
-
-# To use debugger
-# gem 'ruby-debug'
diff --git a/certs/Rakefile b/certs/Rakefile
deleted file mode 100644
index 54ed86d..0000000
--- a/certs/Rakefile
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/usr/bin/env rake
-
-require 'rake/packagetask'
-require 'rubygems/package_task'
-
-begin
- require 'bundler/setup'
-rescue LoadError
- puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
-begin
- require 'rdoc/task'
-rescue LoadError
- require 'rdoc/rdoc'
- require 'rake/rdoctask'
- RDoc::Task = Rake::RDocTask
-end
-
-RDoc::Task.new(:rdoc) do |rdoc|
- rdoc.rdoc_dir = 'rdoc'
- rdoc.title = 'LeapWebCerts'
- rdoc.options << '--line-numbers'
- rdoc.rdoc_files.include('README.rdoc')
- rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-spec = eval(File.read('leap_web_certs.gemspec'))
-Gem::PackageTask.new(spec) do |p|
- p.gem_spec = spec
-end
-
-Bundler::GemHelper.install_tasks
-
-require 'rake/testtask'
-
-Rake::TestTask.new(:test) do |t|
- t.libs << 'lib'
- t.libs << 'test'
- t.pattern = 'test/**/*_test.rb'
- t.verbose = false
-end
-
-
-task :default => :test
diff --git a/certs/Readme.md b/certs/Readme.md
deleted file mode 100644
index 4ea8d9d..0000000
--- a/certs/Readme.md
+++ /dev/null
@@ -1,9 +0,0 @@
-LeapWebCerts
-=========
-
-
-Configuration
--------------
-
-
-Currently LeapWebCerts falls back to handing out a cert in /config/cert if the cert pool is empty. You need to add that file in the application that includes this engine.
diff --git a/certs/app/assets/images/leap_web_certs/.gitkeep b/certs/app/assets/images/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/images/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/javascripts/leap_web_certs/.gitkeep b/certs/app/assets/javascripts/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/javascripts/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep b/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/.gitkeep b/certs/app/controllers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/controllers/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
deleted file mode 100644
index 82cbc44..0000000
--- a/certs/app/controllers/certs_controller.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-class CertsController < ApplicationController
-
- before_filter :require_login, :unless => :anonymous_certs_allowed?
-
- # GET /cert
- def show
- @cert = ClientCertificate.new(:prefix => certificate_prefix)
- render text: @cert.to_s, content_type: 'text/plain'
- end
-
- protected
-
- def anonymous_certs_allowed?
- APP_CONFIG[:allow_anonymous_certs]
- end
- #
- # this is some temporary logic until we store the service level in the user db.
- #
- # better logic might look like this:
- #
- # if logged_in?
- # service_level = user.service_level
- # elsif allow_anonymous?
- # service_level = service_levels[:anonymous]
- # else
- # service_level = nil
- # end
- #
- # if service_level.bandwidth == 'limited' && allow_limited?
- # prefix = limited
- # elsif allow_unlimited?
- # prefix = unlimited
- # else
- # prefix = nil
- # end
- #
- def certificate_prefix
- if logged_in?
- if APP_CONFIG[:allow_unlimited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- elsif APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:limited_cert_prefix]
- end
- elsif !APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- else
- APP_CONFIG[:limited_cert_prefix]
- end
- end
-end
diff --git a/certs/app/helpers/.gitkeep b/certs/app/helpers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/helpers/.gitkeep
+++ /dev/null
diff --git a/certs/app/helpers/certs_helper.rb b/certs/app/helpers/certs_helper.rb
deleted file mode 100644
index 94e76b8..0000000
--- a/certs/app/helpers/certs_helper.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-module CertsHelper
-end
diff --git a/certs/app/mailers/.gitkeep b/certs/app/mailers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/mailers/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/.gitkeep b/certs/app/models/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/models/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
deleted file mode 100644
index 76b07a2..0000000
--- a/certs/app/models/client_certificate.rb
+++ /dev/null
@@ -1,113 +0,0 @@
-#
-# Model for certificates
-#
-# This file must be loaded after Config has been loaded.
-#
-require 'base64'
-require 'digest/md5'
-require 'openssl'
-require 'certificate_authority'
-require 'date'
-
-class ClientCertificate
-
- attr_accessor :key # the client private RSA key
- attr_accessor :cert # the client x509 certificate, signed by the CA
-
- #
- # generate the private key and client certificate
- #
- def initialize(options = {})
- cert = CertificateAuthority::Certificate.new
-
- # set subject
- cert.subject.common_name = common_name(options[:prefix])
-
- # set expiration
- cert.not_before = yesterday
- cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
-
- # generate key
- cert.serial_number.number = cert_serial_number
- cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size])
-
- # sign
- cert.parent = ClientCertificate.root_ca
- cert.sign! client_signing_profile
-
- self.key = cert.key_material.private_key
- self.cert = cert
- end
-
- def to_s
- self.key.to_pem + self.cert.to_pem
- end
-
- private
-
- def self.root_ca
- @root_ca ||= begin
- crt = File.read(APP_CONFIG[:client_ca_cert])
- key = File.read(APP_CONFIG[:client_ca_key])
- openssl_cert = OpenSSL::X509::Certificate.new(crt)
- cert = CertificateAuthority::Certificate.from_openssl(openssl_cert)
- cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password])
- cert
- end
- end
-
- #
- # For cert serial numbers, we need a non-colliding number less than 160 bits.
- # md5 will do nicely, since there is no need for a secure hash, just a short one.
- # (md5 is 128 bits)
- #
- def cert_serial_number
- Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16)
- end
-
- def common_name(prefix = nil)
- [prefix, random_common_name].join
- end
-
- #
- # for the random common name, we need a text string that will be unique across all certs.
- # ruby 1.8 doesn't have a built-in uuid generator, or we would use SecureRandom.uuid
- #
- def random_common_name
- cert_serial_number.to_s(36)
- end
-
- def client_signing_profile
- {
- "digest" => APP_CONFIG[:client_cert_hash],
- "extensions" => {
- "keyUsage" => {
- "usage" => ["digitalSignature"]
- },
- "extendedKeyUsage" => {
- "usage" => ["clientAuth"]
- }
- }
- }
- end
-
- ##
- ## TIME HELPERS
- ##
- ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet
- ## are behind UTC.
- ##
-
- def yesterday
- t = Time.now - 24*60*60
- Time.utc t.year, t.month, t.day
- end
-
- def months_from_yesterday(num)
- t = yesterday
- date = Date.new t.year, t.month, t.day
- date = date >> num # >> is months in the future operator
- Time.utc date.year, date.month, date.day
- end
-
-end
diff --git a/certs/app/views/.gitkeep b/certs/app/views/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/views/.gitkeep
+++ /dev/null
diff --git a/certs/config/locales/en.yml b/certs/config/locales/en.yml
deleted file mode 100644
index 18e4f47..0000000
--- a/certs/config/locales/en.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-en:
- cert_pool_empty: "Sorry the Cert pool is empty, please check back later."
diff --git a/certs/config/routes.rb b/certs/config/routes.rb
deleted file mode 100644
index cb97757..0000000
--- a/certs/config/routes.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-Rails.application.routes.draw do
- scope '/1' do
- resource :cert, :only => [:show]
- end
-end
diff --git a/certs/leap_web_certs.gemspec b/certs/leap_web_certs.gemspec
deleted file mode 100644
index 87b5be4..0000000
--- a/certs/leap_web_certs.gemspec
+++ /dev/null
@@ -1,20 +0,0 @@
-$:.push File.expand_path("../lib", __FILE__)
-
-require File.expand_path('../../lib/leap_web/version.rb', __FILE__)
-
-# Describe your gem and declare its dependencies:
-Gem::Specification.new do |s|
- s.name = "leap_web_certs"
- s.version = LeapWeb::VERSION
- s.authors = ["Azul"]
- s.email = ["azul@leap.se"]
- s.homepage = "http://www.leap.se"
- s.summary = "Cert distribution for the leap platform"
- s.description = "This plugin for the leap platform distributes certs for the EIP client. It fetches the certs from a pool in CouchDB that is filled by leap-ca."
-
- s.files = Dir["{app,config,db,lib}/**/*"] + ["Rakefile", "Readme.md"]
- s.test_files = Dir["test/**/*"]
-
- s.add_dependency "certificate_authority", [">= 0.2.0"]
-
-end
diff --git a/certs/lib/leap_web_certs.rb b/certs/lib/leap_web_certs.rb
deleted file mode 100644
index beb683d..0000000
--- a/certs/lib/leap_web_certs.rb
+++ /dev/null
@@ -1,4 +0,0 @@
-require "leap_web_certs/engine"
-
-module LeapWebCerts
-end
diff --git a/certs/lib/leap_web_certs/engine.rb b/certs/lib/leap_web_certs/engine.rb
deleted file mode 100644
index 33a446e..0000000
--- a/certs/lib/leap_web_certs/engine.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-module LeapWebCerts
- class Engine < ::Rails::Engine
-
- end
-end
diff --git a/certs/lib/tasks/leap_web_certs_tasks.rake b/certs/lib/tasks/leap_web_certs_tasks.rake
deleted file mode 100644
index e8fb7ff..0000000
--- a/certs/lib/tasks/leap_web_certs_tasks.rake
+++ /dev/null
@@ -1,4 +0,0 @@
-# desc "Explaining what the task does"
-# task :leap_web_certs do
-# # Task goes here
-# end
diff --git a/certs/script/rails b/certs/script/rails
deleted file mode 100755
index 616d3c9..0000000
--- a/certs/script/rails
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env ruby1.8
-# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
-
-ENGINE_ROOT = File.expand_path('../..', __FILE__)
-ENGINE_PATH = File.expand_path('../../lib/leap_web_certs/engine', __FILE__)
-
-require 'rails/all'
-require 'rails/engine/commands'
diff --git a/certs/test/files/ca.crt b/certs/test/files/ca.crt
deleted file mode 100644
index 8393eee..0000000
--- a/certs/test/files/ca.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICYDCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA7MREwDwYDVQQKDAh0ZXN0
-IG9yZzESMBAGA1UECwwJdGVzdCB1bml0MRIwEAYDVQQDDAl0ZXN0IG5hbWUwIBcN
-MTMwMjA1MDAwMDAwWhgPMjExMzAyMDUwMDAwMDBaMDsxETAPBgNVBAoMCHRlc3Qg
-b3JnMRIwEAYDVQQLDAl0ZXN0IHVuaXQxEjAQBgNVBAMMCXRlc3QgbmFtZTCBqDAN
-BgkqhkiG9w0BAQEFAAOBlgAwgZICgYoAx076Dz8zswvCLuz0HP3Y3PWOgFDo9+8o
-H4uXRcTpd+yw+5B79xjtQ7ojQy2465Jq00nkzHI6V1otM2uvVVIOcNk0t1HEjmK0
-T/r96dDHc59YvVQ+XPrzuQ4t3iREy8IAPNbc3r29PVZkMdGpeSYxyY1mUKza4DcY
-My4SVko9pcP8zJBD4bHgEa0CAwEAAaNgMF4wHQYDVR0OBBYEFOQ+d2EUwBpi93TJ
-9AX4Okew5/UIMA4GA1UdDwEB/wQEAwICBDAMBgNVHRMEBTADAQH/MB8GA1UdIwQY
-MBaAFOQ+d2EUwBpi93TJ9AX4Okew5/UIMA0GCSqGSIb3DQEBDQUAA4GKAJW9/39P
-VbVjH9C7F0XMOpd9nWBe9NUoiw36ZFZw95dqfUm6j5f3nejWG4lEtyMFu5i5rAw6
-GdDSXmq4sUqWTaJmQmZyY+WggQR4UGWJ0I18HRDiPxuA++OfkGzA20Gmvk+CIw/J
-QLHlVjLyyUwaA+EO88rEcdc9VnGL/Xgjh8C/PYH2DpWw/kJa
------END CERTIFICATE-----
diff --git a/certs/test/files/ca.key b/certs/test/files/ca.key
deleted file mode 100644
index 125997f..0000000
--- a/certs/test/files/ca.key
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIChAIBAAKBigDHTvoPPzOzC8Iu7PQc/djc9Y6AUOj37ygfi5dFxOl37LD7kHv3
-GO1DuiNDLbjrkmrTSeTMcjpXWi0za69VUg5w2TS3UcSOYrRP+v3p0Mdzn1i9VD5c
-+vO5Di3eJETLwgA81tzevb09VmQx0al5JjHJjWZQrNrgNxgzLhJWSj2lw/zMkEPh
-seARrQIDAQABAoGJIvn0HircOsaMfEmvCUtu/E/HgzMvvxrkMqz/jgnhYt9Rq8QO
-TS29rY4D1C0473ZRcuTb1xkQrfWwSv7R1SpCSIGFo8obtGb0NjNaYGyQ0IrYDjk8
-H5kYFEY4X4oqFhgy3owewaZZLxLD336ARRj2HhsLzA+4nD/wF7Q+bggpuMdkM2Uj
-tn12rIECRQ/XqIGF8jLw9IDMkr9kkfT+n03p8sOd4g7iSw0sknlzaZZpIDvibkyN
-SDKM7VX4VQa7u58+sCF4ylwi0UQu7/VT7Smp4QJFDJSoEOKplBvaT9fTfdVKjE4P
-QyCAWEsb6Up8KKswhtDqiWeFtktIvx1Mkxn25erLms3cUEBde//rwNB+6ItBR/N8
-4RlNAkUPLsc3Gn+7gmFQ7r3U3zViboON0B/wiWcUjJsQzR6zdoBCvg0+VwsOIniG
-ubjbI1uZUGHHg/SYn4KQOm4DwlgF7aDkxQECRQjVZMEedlXxzLOdZvoHBuZHdT38
-F0Jn0rxXOaDQuy0eimBamS+r4vOWngr4Az3jRH15KMYMu9dyllX3z/R2uyrLVBc2
-TQJFBEHIjoMVgP2h+N6VUDgPOhnxnnLvowOtX23J1y2foKwfZrHH38LNcWmuaGUi
-fz6EYeUO20D174GfhqB0j6yR50ejPjYD
------END RSA PRIVATE KEY-----
diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb
deleted file mode 100644
index 503e74b..0000000
--- a/certs/test/functional/certs_controller_test.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-require 'test_helper'
-
-class CertsControllerTest < ActionController::TestCase
-
- test "send limited cert without login" do
- with_config allow_limited_certs: true, allow_anonymous_certs: true do
- cert = stub :to_s => "limited cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
- get :show
- assert_response :success
- assert_equal cert.to_s, @response.body
- end
- end
-
- test "send unlimited cert" do
- with_config allow_unlimited_certs: true do
- login
- cert = stub :to_s => "unlimited cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:unlimited_cert_prefix]).returns(cert)
- get :show
- assert_response :success
- assert_equal cert.to_s, @response.body
- end
- end
-
- test "login required if anonymous certs disabled" do
- with_config allow_anonymous_certs: false do
- get :show
- assert_response :redirect
- end
- end
-
- test "send limited cert" do
- with_config allow_limited_certs: true, allow_unlimited_certs: false do
- login
- cert = stub :to_s => "real cert"
- ClientCertificate.expects(:new).with(:prefix => APP_CONFIG[:limited_cert_prefix]).returns(cert)
- get :show
- assert_response :success
- assert_equal cert.to_s, @response.body
- end
- end
-
-end
diff --git a/certs/test/integration/navigation_test.rb b/certs/test/integration/navigation_test.rb
deleted file mode 100644
index eec8c0e..0000000
--- a/certs/test/integration/navigation_test.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-require 'test_helper'
-
-class NavigationTest < ActionDispatch::IntegrationTest
-
- # test "the truth" do
- # assert true
- # end
-end
-
diff --git a/certs/test/leap_web_certs_test.rb b/certs/test/leap_web_certs_test.rb
deleted file mode 100644
index ee2058b..0000000
--- a/certs/test/leap_web_certs_test.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-require 'test_helper'
-
-class LeapWebCertsTest < ActiveSupport::TestCase
- test "truth" do
- assert_kind_of Module, LeapWebCerts
- end
-end
diff --git a/certs/test/test_helper.rb b/certs/test/test_helper.rb
deleted file mode 100644
index f6b4eb8..0000000
--- a/certs/test/test_helper.rb
+++ /dev/null
@@ -1,10 +0,0 @@
-ENV["RAILS_ENV"] = "test"
-require File.expand_path('../../../test/dummy/config/environment', __FILE__)
-require 'rails/test_help'
-require 'mocha/setup'
-
-Rails.backtrace_cleaner.remove_silencers!
-
-# Load support files
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
-
diff --git a/certs/test/unit/client_certificate_test.rb b/certs/test/unit/client_certificate_test.rb
deleted file mode 100644
index 036e724..0000000
--- a/certs/test/unit/client_certificate_test.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-require 'test_helper'
-
-class ClientCertificateTest < ActiveSupport::TestCase
-
- test "new cert has all we need" do
- sample = ClientCertificate.new
- assert sample.key
- assert sample.cert
- assert sample.to_s
- end
-
- test "cert has configured prefix" do
- prefix = "PREFIX"
- sample = ClientCertificate.new(:prefix => prefix)
- assert sample.cert.subject.common_name.starts_with?(prefix)
- end
-
- test "cert issuer matches ca subject" do
- sample = ClientCertificate.new
- cert = OpenSSL::X509::Certificate.new(sample.cert.to_pem)
- assert_equal ClientCertificate.root_ca.openssl_body.subject, cert.issuer
- end
-
-end