From 883b2eadb7b28756978c4009cb9f92e7177a9dba Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 7 Aug 2015 20:17:10 -0700 Subject: do not include random cruft in the common name of smtp client certificates --- app/controllers/v1/smtp_certs_controller.rb | 2 +- app/models/client_certificate.rb | 10 ++++++++-- test/functional/v1/smtp_certs_controller_test.rb | 6 +++--- test/unit/client_certificate_test.rb | 4 ++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb index fa53b26..75f524c 100644 --- a/app/controllers/v1/smtp_certs_controller.rb +++ b/app/controllers/v1/smtp_certs_controller.rb @@ -6,7 +6,7 @@ class V1::SmtpCertsController < ApiController # POST /1/smtp_cert def create - @cert = ClientCertificate.new prefix: current_user.email_address + @cert = ClientCertificate.new common_name: current_user.email_address @identity.register_cert(@cert) @identity.save render text: @cert.to_s, content_type: 'text/plain' diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb index 688d5c0..1716365 100644 --- a/app/models/client_certificate.rb +++ b/app/models/client_certificate.rb @@ -21,7 +21,13 @@ class ClientCertificate cert = CertificateAuthority::Certificate.new # set subject - cert.subject.common_name = common_name(options[:prefix]) + if options[:prefix] + cert.subject.common_name = common_name_with_prefix(options[:prefix]) + elsif options[:common_name] + cert.subject.common_name = options[:common_name] + else + raise ArgumentError.new + end # set expiration cert.not_before = last_month @@ -77,7 +83,7 @@ class ClientCertificate Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16) end - def common_name(prefix = nil) + def common_name_with_prefix(prefix = nil) [prefix, random_common_name].join end diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb index 3427e2d..ba70410 100644 --- a/test/functional/v1/smtp_certs_controller_test.rb +++ b/test/functional/v1/smtp_certs_controller_test.rb @@ -26,11 +26,11 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase protected - def expect_cert(prefix) - cert = stub to_s: "#{prefix.downcase} cert", + def expect_cert(email) + cert = stub to_s: "#{email.downcase} cert", expiry: 1.month.from_now.utc.at_midnight ClientCertificate.expects(:new). - with(:prefix => prefix). + with(:common_name => email). returns(cert) return cert end diff --git a/test/unit/client_certificate_test.rb b/test/unit/client_certificate_test.rb index 036e724..7f7e14b 100644 --- a/test/unit/client_certificate_test.rb +++ b/test/unit/client_certificate_test.rb @@ -3,7 +3,7 @@ require 'test_helper' class ClientCertificateTest < ActiveSupport::TestCase test "new cert has all we need" do - sample = ClientCertificate.new + sample = ClientCertificate.new(:common_name => 'test') assert sample.key assert sample.cert assert sample.to_s @@ -16,7 +16,7 @@ class ClientCertificateTest < ActiveSupport::TestCase end test "cert issuer matches ca subject" do - sample = ClientCertificate.new + sample = ClientCertificate.new(:prefix => 'test') cert = OpenSSL::X509::Certificate.new(sample.cert.to_pem) assert_equal ClientCertificate.root_ca.openssl_body.subject, cert.issuer end -- cgit v1.2.3