change free cert postfix to be a prefix (this is required for how openvpn does common name matching)

2 files changed, 7 insertions, 8 deletions

diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
index 1bc34c6..13e0318 100644
--- a/certs/app/models/client_certificate.rb
+++ b/certs/app/models/client_certificate.rb
@@ -66,8 +66,7 @@ class ClientCertificate
   end
 
   def common_name(for_free_cert = false)
-    random_common_name +
-      (for_free_cert ? APP_CONFIG[:free_cert_postfix] : '')
+    (for_free_cert ? APP_CONFIG[:free_cert_prefix] : '') + random_common_name
   end
 
   #
diff --git a/certs/test/unit/client_certificate_test.rb b/certs/test/unit/client_certificate_test.rb
index bcc61cc..abb5560 100644
--- a/certs/test/unit/client_certificate_test.rb
+++ b/certs/test/unit/client_certificate_test.rb
@@ -9,16 +9,16 @@ class ClientCertificateTest < ActiveSupport::TestCase
     assert sample.to_s
   end
 
-  test "free cert has configured postfix" do
+  test "free cert has configured prefix" do
     sample = ClientCertificate.new(free: true)
-    postfix = APP_CONFIG[:free_cert_postfix]
-    assert sample.cert.subject.common_name.include?(postfix)
+    prefix = APP_CONFIG[:free_cert_prefix]
+    assert sample.cert.subject.common_name.starts_with?(prefix)
   end
 
-  test "real cert has no free cert postfix" do
+  test "real cert has no free cert prefix" do
     sample = ClientCertificate.new
-    postfix = APP_CONFIG[:free_cert_postfix]
-    assert !sample.cert.subject.common_name.include?(postfix)
+    prefix = APP_CONFIG[:free_cert_prefix]
+    assert !sample.cert.subject.common_name.starts_with?(prefix)
   end
 
   test "cert issuer matches ca subject" do