summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/v1/certs_controller.rb8
-rw-r--r--app/controllers/v1/smtp_certs_controller.rb37
-rw-r--r--app/models/client_certificate.rb8
-rw-r--r--app/models/email.rb5
-rw-r--r--app/models/identity.rb11
5 files changed, 69 insertions, 0 deletions
diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index 73409ef..b6d1d0b 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -3,7 +3,15 @@ class V1::CertsController < ApplicationController
before_filter :require_login, :unless => :anonymous_certs_allowed?
# GET /cert
+ # deprecated - we actually create a new cert and that can
+ # be reflected in the action. GET /cert will eventually go
+ # away and be replaced by POST /cert
def show
+ create
+ end
+
+ # POST /cert
+ def create
@cert = ClientCertificate.new(:prefix => service_level.cert_prefix)
render text: @cert.to_s, content_type: 'text/plain'
end
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
new file mode 100644
index 0000000..377a49c
--- /dev/null
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -0,0 +1,37 @@
+class V1::SmtpCertsController < ApplicationController
+
+ before_filter :require_login
+ before_filter :require_email_account
+ before_filter :fetch_identity
+
+ # POST /1/smtp_cert
+ def create
+ @cert = ClientCertificate.new prefix: current_user.email_address
+ @identity.register_cert(@cert)
+ @identity.save
+ render text: @cert.to_s, content_type: 'text/plain'
+ end
+
+ protected
+
+ #
+ # Filters
+ #
+
+ def require_email_account
+ access_denied unless service_level.provides? 'email'
+ end
+
+ def fetch_identity
+ @identity = current_user.identity
+ end
+
+ #
+ # Helper methods
+ #
+
+ def service_level
+ current_user.effective_service_level
+ end
+
+end
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 76b07a2..63de9e1 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -43,8 +43,16 @@ class ClientCertificate
self.key.to_pem + self.cert.to_pem
end
+ def fingerprint
+ OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':')
+ end
+
private
+ def openssl_cert
+ cert.openssl_body
+ end
+
def self.root_ca
@root_ca ||= begin
crt = File.read(APP_CONFIG[:client_ca_cert])
diff --git a/app/models/email.rb b/app/models/email.rb
index a9a503f..4090275 100644
--- a/app/models/email.rb
+++ b/app/models/email.rb
@@ -7,6 +7,11 @@ class Email < String
:message => "needs to be a valid email address"
}
+ # Make sure we can call Email.new(nil) and get an invalid email address
+ def initialize(s)
+ super(s.to_s)
+ end
+
def to_partial_path
"emails/email"
end
diff --git a/app/models/identity.rb b/app/models/identity.rb
index ad8c01e..a4225e7 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -8,6 +8,7 @@ class Identity < CouchRest::Model::Base
property :address, LocalEmail
property :destination, Email
property :keys, HashWithIndifferentAccess
+ property :cert_fingerprints, Hash
validate :unique_forward
validate :alias_available
@@ -107,6 +108,16 @@ class Identity < CouchRest::Model::Base
write_attribute('keys', keys.merge(type => key.to_s))
end
+ def cert_fingerprints
+ read_attribute('cert_fingerprints') || Hash.new
+ end
+
+ def register_cert(cert)
+ today = DateTime.now.to_date.to_s
+ write_attribute 'cert_fingerprints',
+ cert_fingerprints.merge(cert.fingerprint => today)
+ end
+
# for LoginFormatValidation
def login
self.address.handle