summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--certs/app/models/client_certificate.rb15
-rw-r--r--certs/test/files/ca.crt14
-rw-r--r--certs/test/files/ca.key18
-rw-r--r--config/defaults.yml16
4 files changed, 55 insertions, 8 deletions
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
index 23b66a2..0b1e43f 100644
--- a/certs/app/models/client_certificate.rb
+++ b/certs/app/models/client_certificate.rb
@@ -11,7 +11,6 @@ require 'date'
class ClientCertificate < CouchRest::Model::Base
- # No config yet. use_database LeapCA::Config.db_name
use_database 'client_certificates'
timestamps!
@@ -62,16 +61,16 @@ class ClientCertificate < CouchRest::Model::Base
cert.subject.common_name = random_common_name
# set expiration
- self.valid_until = months_from_yesterday(Config.client_cert_lifespan)
+ self.valid_until = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
cert.not_before = yesterday
cert.not_after = self.valid_until
# generate key
cert.serial_number.number = cert_serial_number
- cert.key_material.generate_key(Config.client_cert_bit_size)
+ cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size])
# sign
- cert.parent = Cert.root_ca
+ cert.parent = ClientCertificate.root_ca
cert.sign! client_signing_profile
self.key = cert.key_material.private_key.to_pem
@@ -86,11 +85,11 @@ class ClientCertificate < CouchRest::Model::Base
def self.root_ca
@root_ca ||= begin
- crt = File.read(Config.ca_cert_path)
- key = File.read(Config.ca_key_path)
+ crt = File.read(APP_CONFIG[:ca_cert_path])
+ key = File.read(APP_CONFIG[:ca_key_path])
openssl_cert = OpenSSL::X509::Certificate.new(crt)
cert = CertificateAuthority::Certificate.from_openssl(openssl_cert)
- cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, Config.ca_key_password)
+ cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password])
cert
end
end
@@ -114,7 +113,7 @@ class ClientCertificate < CouchRest::Model::Base
def client_signing_profile
{
- "digest" => Config.client_cert_hash,
+ "digest" => APP_CONFIG[:client_cert_hash],
"extensions" => {
"keyUsage" => {
"usage" => ["digitalSignature"]
diff --git a/certs/test/files/ca.crt b/certs/test/files/ca.crt
new file mode 100644
index 0000000..cade598
--- /dev/null
+++ b/certs/test/files/ca.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICPDCCAYmgAwIBAgIEUKCI4DANBgkqhkiG9w0BAQsFADAkMSIwIAYDVQQDExlS
+b290IENBIGZvciBydW5uaW5nIHRlc3RzMB4XDTEyMTExMjA1MjgwMFoXDTEzMTEx
+MjA1MjgwMFowJDEiMCAGA1UEAxMZUm9vdCBDQSBmb3IgcnVubmluZyB0ZXN0czCB
+uzANBgkqhkiG9w0BAQEFAAOBqQAwgaUCgZ0ApeqCGQOmiHxCFxsfUKmBV6ruOYar
+EsepFAycTmmakXBjNj4B9Pd3gE3Cc56rvkq0uxluRvqspzpEOQpCg8M5fkft/fxS
+acw+ackj3ys7r0MrXgL66QeLnNGe8+RjBO8UHb3OPx547hqUHVg+3HqSCdn9cGQX
+9//EJrnSJsLuZw9ktkN4Ytyd1deZo6AkiIeCyz0HxKQBIhdJAPRlAgMBAAGjQzBB
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUBe1l
+BbuGErEkHLffGvkY5dDOH1YwDQYJKoZIhvcNAQELBQADgZ0ADpudncToYPS183w8
+c68dObCCvNfv/FTBg4ihCLW6PapADYuvXmCvXgHflylET+rFdcrnUfl+XjNT5IjF
+ImUyyOnCiy7scRgY+9qrEb7neH4CopGZKkWBTadZLu0QZqMcsWyAZBzaI8tBwL+G
++ylSgw3xTSf/HFjmTJAlDzUieV4DufrPqz7Yx0GrTswdJOcccc/PWUvQIU1GXvto
+-----END CERTIFICATE-----
diff --git a/certs/test/files/ca.key b/certs/test/files/ca.key
new file mode 100644
index 0000000..d266ef7
--- /dev/null
+++ b/certs/test/files/ca.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIC2gIBAAKBnQCl6oIZA6aIfEIXGx9QqYFXqu45hqsSx6kUDJxOaZqRcGM2PgH0
+93eATcJznqu+SrS7GW5G+qynOkQ5CkKDwzl+R+39/FJpzD5pySPfKzuvQyteAvrp
+B4uc0Z7z5GME7xQdvc4/HnjuGpQdWD7cepIJ2f1wZBf3/8QmudImwu5nD2S2Q3hi
+3J3V15mjoCSIh4LLPQfEpAEiF0kA9GUCAwEAAQKBnAKz9FSgqO42Sq6tBBtAolkh
+nBSXK2L4mmTiOQr/UMOnzLtN0qMBWRK1Bu2dRcz+0zztEs0t45wsfdS0DxYDGy+s
+elBrSOhs/w34IeZ5LM6xY0u4HZDmhn0pQNo6QZcFICr0GkkYdmWDlkLvIeJ/u6+q
+nmyqAQXvj3R4nA7hrKUXzJjfvN3RYrhLN+/T41zLybeJ5vLZQK3jJSiIjQJPAMhS
+HTIbYTUi2pxYVSwJDY4S2klTdroNGvTCkqcTRcB4Ms70FGLPZ6+ZumrkbSohHUsj
+gDRRy3e4fjA9qMSQynVr2gkUobsR0tAdQGVOKwJPANQIUPaTc2ouNYNLAiHoAXoL
+qAcF5g7/vtlMOwr+16EYoG7bLbiEie7nBfg9zz/VUnvOEy6pZ89YvsZOMlGicsRs
++tfUM1g/u0ZFEoQPrwJOC6bbE+ML0G9qj9WDfsA4DZ+DGujD6yZ//uSiax1v3TYg
+nnEMDoNJ4KjscvM+dkjez1QNTP3E+/27OUsc2fIiFJplYEnW7m6m+Hv7FulpAk8A
+tiASk0oiV/ErLARw53jmU9PRV378lqOcZgAxswclZo3FuJLxmc3WwOuV2B4Xd+gf
+epKPLYR708GR1Lp0RGS6GfjWGi9+ju3nSbuo5OCnAk5yun/UvDdtnZ6fXo9aF22/
+yoiztru7yhJdVrMx3PbbndfN2y9ctqcd6CD5fIQdyZ4K8eTr686RjH8C0XP095Ib
+an3AO/TQG1c4yE2hSvQ=
+-----END RSA PRIVATE KEY-----
diff --git a/config/defaults.yml b/config/defaults.yml
index 4ffa2c9..f5a7c07 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -1,11 +1,27 @@
+dev_ca: &dev_ca
+ ca_key_path: "./certs/test/files/ca.key"
+ ca_key_password: nil
+ ca_cert_path: "./certs/test/files/ca.crt"
+
+cert_options: &cert_options
+ client_cert_lifespan: 2
+ client_cert_bit_size: 2024
+ client_cert_hash: "SHA256"
+
development:
+ <<: *dev_ca
+ <<: *cert_options
admins: [admin, admin2]
domain: develop.me
test:
+ <<: *dev_ca
+ <<: *cert_options
admins: [admin, admin2]
domain: test.me
+
production:
+ <<: *cert_options
admins: []
domain: deploy.me