From e94b9471c0bc30cd6a1a5bf5b6b22b746d242e31 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 9 May 2014 16:11:20 +0200
Subject: calculate cert fingerprints to store for leap_mx

stelfox.net/blog/2014/04/calculating-rsa-key-fingerprints-in-ruby/
---
 app/models/client_certificate.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'app/models')

diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 76b07a2..63de9e1 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -43,8 +43,16 @@ class ClientCertificate
     self.key.to_pem + self.cert.to_pem
   end
 
+  def fingerprint
+    OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':')
+  end
+
   private
 
+  def openssl_cert
+    cert.openssl_body
+  end
+
   def self.root_ca
     @root_ca ||= begin
                    crt = File.read(APP_CONFIG[:client_ca_cert])
-- 
cgit v1.2.3


From 5dd6c1529f8f4fc5089c71b0a44e360acaea900d Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 15 May 2014 11:04:56 +0200
Subject: fix Email so User.new.valid? does not crash

Email.new(nil) now returns an invalid email rather than crashing.
---
 app/models/email.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/models')

diff --git a/app/models/email.rb b/app/models/email.rb
index a9a503f..4090275 100644
--- a/app/models/email.rb
+++ b/app/models/email.rb
@@ -7,6 +7,11 @@ class Email < String
       :message => "needs to be a valid email address"
     }
 
+  # Make sure we can call Email.new(nil) and get an invalid email address
+  def initialize(s)
+    super(s.to_s)
+  end
+
   def to_partial_path
     "emails/email"
   end
-- 
cgit v1.2.3


From 17b67aeda81dee2273ce1161ac7292a328c3efaa Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 15 May 2014 16:29:49 +0200
Subject: store cert fingerprint with main user identity

---
 app/models/identity.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/models')

diff --git a/app/models/identity.rb b/app/models/identity.rb
index ad8c01e..2f8d4eb 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -8,6 +8,7 @@ class Identity < CouchRest::Model::Base
   property :address, LocalEmail
   property :destination, Email
   property :keys, HashWithIndifferentAccess
+  property :cert_fingerprints, [String]
 
   validate :unique_forward
   validate :alias_available
-- 
cgit v1.2.3


From 3a84578cf33685800c9216cfb4da12ea1fb0032f Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 19 May 2014 15:07:02 +0200
Subject: store fingerprints with timestamp

Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
---
 app/models/identity.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app/models')

diff --git a/app/models/identity.rb b/app/models/identity.rb
index 2f8d4eb..a4225e7 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -8,7 +8,7 @@ class Identity < CouchRest::Model::Base
   property :address, LocalEmail
   property :destination, Email
   property :keys, HashWithIndifferentAccess
-  property :cert_fingerprints, [String]
+  property :cert_fingerprints, Hash
 
   validate :unique_forward
   validate :alias_available
@@ -108,6 +108,16 @@ class Identity < CouchRest::Model::Base
     write_attribute('keys', keys.merge(type => key.to_s))
   end
 
+  def cert_fingerprints
+    read_attribute('cert_fingerprints') || Hash.new
+  end
+
+  def register_cert(cert)
+    today = DateTime.now.to_date.to_s
+    write_attribute 'cert_fingerprints',
+      cert_fingerprints.merge(cert.fingerprint => today)
+  end
+
   # for LoginFormatValidation
   def login
     self.address.handle
-- 
cgit v1.2.3