summaryrefslogtreecommitdiff
path: root/certs/app
diff options
context:
space:
mode:
Diffstat (limited to 'certs/app')
-rw-r--r--certs/app/assets/images/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/javascripts/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/assets/stylesheets/leap_web_certs/.gitkeep0
-rw-r--r--certs/app/controllers/.gitkeep0
-rw-r--r--certs/app/controllers/certs_controller.rb51
-rw-r--r--certs/app/helpers/.gitkeep0
-rw-r--r--certs/app/helpers/certs_helper.rb2
-rw-r--r--certs/app/mailers/.gitkeep0
-rw-r--r--certs/app/models/.gitkeep0
-rw-r--r--certs/app/models/client_certificate.rb113
-rw-r--r--certs/app/views/.gitkeep0
11 files changed, 0 insertions, 166 deletions
diff --git a/certs/app/assets/images/leap_web_certs/.gitkeep b/certs/app/assets/images/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/images/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/javascripts/leap_web_certs/.gitkeep b/certs/app/assets/javascripts/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/javascripts/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep b/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/.gitkeep b/certs/app/controllers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/controllers/.gitkeep
+++ /dev/null
diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
deleted file mode 100644
index 62ef3fd..0000000
--- a/certs/app/controllers/certs_controller.rb
+++ /dev/null
@@ -1,51 +0,0 @@
-class CertsController < ApplicationController
-
- before_filter :login_if_required
-
- # GET /cert
- def show
- @cert = ClientCertificate.new(:prefix => certificate_prefix)
- render text: @cert.to_s, content_type: 'text/plain'
- end
-
- protected
-
- def login_if_required
- authorize unless APP_CONFIG[:allow_anonymous_certs]
- end
-
- #
- # this is some temporary logic until we store the service level in the user db.
- #
- # better logic might look like this:
- #
- # if logged_in?
- # service_level = user.service_level
- # elsif allow_anonymous?
- # service_level = service_levels[:anonymous]
- # else
- # service_level = nil
- # end
- #
- # if service_level.bandwidth == 'limited' && allow_limited?
- # prefix = limited
- # elsif allow_unlimited?
- # prefix = unlimited
- # else
- # prefix = nil
- # end
- #
- def certificate_prefix
- if logged_in?
- if APP_CONFIG[:allow_unlimited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- elsif APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:limited_cert_prefix]
- end
- elsif !APP_CONFIG[:allow_limited_certs]
- APP_CONFIG[:unlimited_cert_prefix]
- else
- APP_CONFIG[:limited_cert_prefix]
- end
- end
-end
diff --git a/certs/app/helpers/.gitkeep b/certs/app/helpers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/helpers/.gitkeep
+++ /dev/null
diff --git a/certs/app/helpers/certs_helper.rb b/certs/app/helpers/certs_helper.rb
deleted file mode 100644
index 94e76b8..0000000
--- a/certs/app/helpers/certs_helper.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-module CertsHelper
-end
diff --git a/certs/app/mailers/.gitkeep b/certs/app/mailers/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/mailers/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/.gitkeep b/certs/app/models/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/models/.gitkeep
+++ /dev/null
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
deleted file mode 100644
index 76b07a2..0000000
--- a/certs/app/models/client_certificate.rb
+++ /dev/null
@@ -1,113 +0,0 @@
-#
-# Model for certificates
-#
-# This file must be loaded after Config has been loaded.
-#
-require 'base64'
-require 'digest/md5'
-require 'openssl'
-require 'certificate_authority'
-require 'date'
-
-class ClientCertificate
-
- attr_accessor :key # the client private RSA key
- attr_accessor :cert # the client x509 certificate, signed by the CA
-
- #
- # generate the private key and client certificate
- #
- def initialize(options = {})
- cert = CertificateAuthority::Certificate.new
-
- # set subject
- cert.subject.common_name = common_name(options[:prefix])
-
- # set expiration
- cert.not_before = yesterday
- cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
-
- # generate key
- cert.serial_number.number = cert_serial_number
- cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size])
-
- # sign
- cert.parent = ClientCertificate.root_ca
- cert.sign! client_signing_profile
-
- self.key = cert.key_material.private_key
- self.cert = cert
- end
-
- def to_s
- self.key.to_pem + self.cert.to_pem
- end
-
- private
-
- def self.root_ca
- @root_ca ||= begin
- crt = File.read(APP_CONFIG[:client_ca_cert])
- key = File.read(APP_CONFIG[:client_ca_key])
- openssl_cert = OpenSSL::X509::Certificate.new(crt)
- cert = CertificateAuthority::Certificate.from_openssl(openssl_cert)
- cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password])
- cert
- end
- end
-
- #
- # For cert serial numbers, we need a non-colliding number less than 160 bits.
- # md5 will do nicely, since there is no need for a secure hash, just a short one.
- # (md5 is 128 bits)
- #
- def cert_serial_number
- Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16)
- end
-
- def common_name(prefix = nil)
- [prefix, random_common_name].join
- end
-
- #
- # for the random common name, we need a text string that will be unique across all certs.
- # ruby 1.8 doesn't have a built-in uuid generator, or we would use SecureRandom.uuid
- #
- def random_common_name
- cert_serial_number.to_s(36)
- end
-
- def client_signing_profile
- {
- "digest" => APP_CONFIG[:client_cert_hash],
- "extensions" => {
- "keyUsage" => {
- "usage" => ["digitalSignature"]
- },
- "extendedKeyUsage" => {
- "usage" => ["clientAuth"]
- }
- }
- }
- end
-
- ##
- ## TIME HELPERS
- ##
- ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet
- ## are behind UTC.
- ##
-
- def yesterday
- t = Time.now - 24*60*60
- Time.utc t.year, t.month, t.day
- end
-
- def months_from_yesterday(num)
- t = yesterday
- date = Date.new t.year, t.month, t.day
- date = date >> num # >> is months in the future operator
- Time.utc date.year, date.month, date.day
- end
-
-end
diff --git a/certs/app/views/.gitkeep b/certs/app/views/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/certs/app/views/.gitkeep
+++ /dev/null