From 0e9c41a286b49b5ce52abcf0e014668d0167bbae Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 7 Jul 2014 10:05:37 +0200 Subject: store expiry with cert fingerprints We used to store the creation date but this way it's easier to query for non expired certs --- app/models/client_certificate.rb | 6 +++++- app/models/identity.rb | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'app') diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb index d5bb1e0..6b57985 100644 --- a/app/models/client_certificate.rb +++ b/app/models/client_certificate.rb @@ -25,7 +25,7 @@ class ClientCertificate # set expiration cert.not_before = last_month - cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan]) + cert.not_after = expiry # generate key cert.serial_number.number = cert_serial_number @@ -47,6 +47,10 @@ class ClientCertificate OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':') end + def expiry + @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan]) + end + private def openssl_cert diff --git a/app/models/identity.rb b/app/models/identity.rb index eb67b1b..1d69437 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -146,9 +146,9 @@ class Identity < CouchRest::Model::Base end def register_cert(cert) - today = DateTime.now.to_date.to_s + expiry = cert.expiry.to_data.to_s write_attribute 'cert_fingerprints', - cert_fingerprints.merge(cert.fingerprint => today) + cert_fingerprints.merge(cert.fingerprint => expiry) end # for LoginFormatValidation -- cgit v1.2.3