From 883b2eadb7b28756978c4009cb9f92e7177a9dba Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Fri, 7 Aug 2015 20:17:10 -0700
Subject: do not include random cruft in the common name of smtp client
 certificates

---
 app/controllers/v1/smtp_certs_controller.rb      |  2 +-
 app/models/client_certificate.rb                 | 10 ++++++++--
 test/functional/v1/smtp_certs_controller_test.rb |  6 +++---
 test/unit/client_certificate_test.rb             |  4 ++--
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
index fa53b26..75f524c 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -6,7 +6,7 @@ class V1::SmtpCertsController < ApiController
 
   # POST /1/smtp_cert
   def create
-    @cert = ClientCertificate.new prefix: current_user.email_address
+    @cert = ClientCertificate.new common_name: current_user.email_address
     @identity.register_cert(@cert)
     @identity.save
     render text: @cert.to_s, content_type: 'text/plain'
diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 688d5c0..1716365 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -21,7 +21,13 @@ class ClientCertificate
     cert = CertificateAuthority::Certificate.new
 
     # set subject
-    cert.subject.common_name = common_name(options[:prefix])
+    if options[:prefix]
+      cert.subject.common_name = common_name_with_prefix(options[:prefix])
+    elsif options[:common_name]
+      cert.subject.common_name = options[:common_name]
+    else
+      raise ArgumentError.new
+    end
 
     # set expiration
     cert.not_before = last_month
@@ -77,7 +83,7 @@ class ClientCertificate
     Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16)
   end
 
-  def common_name(prefix = nil)
+  def common_name_with_prefix(prefix = nil)
     [prefix, random_common_name].join
   end
 
diff --git a/test/functional/v1/smtp_certs_controller_test.rb b/test/functional/v1/smtp_certs_controller_test.rb
index 3427e2d..ba70410 100644
--- a/test/functional/v1/smtp_certs_controller_test.rb
+++ b/test/functional/v1/smtp_certs_controller_test.rb
@@ -26,11 +26,11 @@ class V1::SmtpCertsControllerTest < ActionController::TestCase
 
   protected
 
-  def expect_cert(prefix)
-    cert = stub to_s: "#{prefix.downcase} cert",
+  def expect_cert(email)
+    cert = stub to_s: "#{email.downcase} cert",
       expiry: 1.month.from_now.utc.at_midnight
     ClientCertificate.expects(:new).
-      with(:prefix => prefix).
+      with(:common_name => email).
       returns(cert)
     return cert
   end
diff --git a/test/unit/client_certificate_test.rb b/test/unit/client_certificate_test.rb
index 036e724..7f7e14b 100644
--- a/test/unit/client_certificate_test.rb
+++ b/test/unit/client_certificate_test.rb
@@ -3,7 +3,7 @@ require 'test_helper'
 class ClientCertificateTest < ActiveSupport::TestCase
 
   test "new cert has all we need" do
-    sample = ClientCertificate.new
+    sample = ClientCertificate.new(:common_name => 'test')
     assert sample.key
     assert sample.cert
     assert sample.to_s
@@ -16,7 +16,7 @@ class ClientCertificateTest < ActiveSupport::TestCase
   end
 
   test "cert issuer matches ca subject" do
-    sample = ClientCertificate.new
+    sample = ClientCertificate.new(:prefix => 'test')
     cert = OpenSSL::X509::Certificate.new(sample.cert.to_pem)
     assert_equal ClientCertificate.root_ca.openssl_body.subject, cert.issuer
   end
-- 
cgit v1.2.3