From eebe08aba43302b080c7b534a746f0f30359f370 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 28 Jan 2015 12:32:15 -0800
Subject: client certificates: allow for time units to be specified in
 client_cert_lifespan config option.

---
 app/models/client_certificate.rb       | 8 +++++---
 config/defaults.yml                    | 2 +-
 test/integration/api/smtp_cert_test.rb | 3 ++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 815801e..688d5c0 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -48,7 +48,7 @@ class ClientCertificate
   end
 
   def expiry
-    @expiry ||= lifespan.months.from_now.utc.at_midnight
+    @expiry ||= lifespan
   end
 
   private
@@ -109,12 +109,14 @@ class ClientCertificate
   # We normalize timestamps at utc and midnight
   # to reduce the fingerprinting possibilities.
   #
-
   def last_month
     1.month.ago.utc.at_midnight
   end
 
   def lifespan
-    APP_CONFIG[:client_cert_lifespan]
+    number, unit = APP_CONFIG[:client_cert_lifespan].split(' ')
+    unit ||= :months
+    Time.now.utc.at_midnight.advance(unit.to_sym => number.to_i)
   end
+
 end
diff --git a/config/defaults.yml b/config/defaults.yml
index 9eccb5e..9ffdf6a 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -4,7 +4,7 @@ dev_ca: &dev_ca
   ca_key_password: nil
 
 cert_options: &cert_options
-  client_cert_lifespan: 2
+  client_cert_lifespan: "2 months"
   client_cert_bit_size: 2024
   client_cert_hash: "SHA256"
   allow_limited_certs: false
diff --git a/test/integration/api/smtp_cert_test.rb b/test/integration/api/smtp_cert_test.rb
index b1bfd43..2f50ef3 100644
--- a/test/integration/api/smtp_cert_test.rb
+++ b/test/integration/api/smtp_cert_test.rb
@@ -33,7 +33,8 @@ class SmtpCertTest < ApiIntegrationTest
     assert_text_response
     cert = OpenSSL::X509::Certificate.new(get_response.body)
     fingerprint = OpenSSL::Digest::SHA1.hexdigest(cert.to_der).scan(/../).join(':')
-    expiry = APP_CONFIG[:client_cert_lifespan].months.from_now.utc.midnight
+    number, unit = APP_CONFIG[:client_cert_lifespan].split(' ')
+    expiry = Time.now.utc.at_midnight.advance(unit.to_sym => number.to_i)
     expiry_string = expiry.to_date.to_s
     fingerprints = {fingerprint => expiry_string}
     assert_equal fingerprints, @user.reload.identity.cert_fingerprints
-- 
cgit v1.2.3