From 0e9c41a286b49b5ce52abcf0e014668d0167bbae Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 7 Jul 2014 10:05:37 +0200
Subject: store expiry with cert fingerprints

We used to store the creation date but this way it's easier to query for non expired certs
---
 app/models/client_certificate.rb | 6 +++++-
 app/models/identity.rb           | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index d5bb1e0..6b57985 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -25,7 +25,7 @@ class ClientCertificate
 
     # set expiration
     cert.not_before = last_month
-    cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+    cert.not_after = expiry
 
     # generate key
     cert.serial_number.number = cert_serial_number
@@ -47,6 +47,10 @@ class ClientCertificate
     OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':')
   end
 
+  def expiry
+    @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+  end
+
   private
 
   def openssl_cert
diff --git a/app/models/identity.rb b/app/models/identity.rb
index eb67b1b..1d69437 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -146,9 +146,9 @@ class Identity < CouchRest::Model::Base
   end
 
   def register_cert(cert)
-    today = DateTime.now.to_date.to_s
+    expiry = cert.expiry.to_data.to_s
     write_attribute 'cert_fingerprints',
-      cert_fingerprints.merge(cert.fingerprint => today)
+      cert_fingerprints.merge(cert.fingerprint => expiry)
   end
 
   # for LoginFormatValidation
-- 
cgit v1.2.3