From c1486cb9688d53c5ae266ff22ab279ead12eaa36 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Thu, 10 Apr 2014 12:45:21 +0200
Subject: move certs into toplevel

cleaned up all the engine stuff that was never really used.
Afterwards there is not that much left that makes it into the toplevel.
---
 certs/app/assets/images/leap_web_certs/.gitkeep    |   0
 .../app/assets/javascripts/leap_web_certs/.gitkeep |   0
 .../app/assets/stylesheets/leap_web_certs/.gitkeep |   0
 certs/app/controllers/.gitkeep                     |   0
 certs/app/controllers/certs_controller.rb          |  50 ---------
 certs/app/helpers/.gitkeep                         |   0
 certs/app/helpers/certs_helper.rb                  |   2 -
 certs/app/mailers/.gitkeep                         |   0
 certs/app/models/.gitkeep                          |   0
 certs/app/models/client_certificate.rb             | 113 ---------------------
 certs/app/views/.gitkeep                           |   0
 11 files changed, 165 deletions(-)
 delete mode 100644 certs/app/assets/images/leap_web_certs/.gitkeep
 delete mode 100644 certs/app/assets/javascripts/leap_web_certs/.gitkeep
 delete mode 100644 certs/app/assets/stylesheets/leap_web_certs/.gitkeep
 delete mode 100644 certs/app/controllers/.gitkeep
 delete mode 100644 certs/app/controllers/certs_controller.rb
 delete mode 100644 certs/app/helpers/.gitkeep
 delete mode 100644 certs/app/helpers/certs_helper.rb
 delete mode 100644 certs/app/mailers/.gitkeep
 delete mode 100644 certs/app/models/.gitkeep
 delete mode 100644 certs/app/models/client_certificate.rb
 delete mode 100644 certs/app/views/.gitkeep

(limited to 'certs/app')

diff --git a/certs/app/assets/images/leap_web_certs/.gitkeep b/certs/app/assets/images/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/certs/app/assets/javascripts/leap_web_certs/.gitkeep b/certs/app/assets/javascripts/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/certs/app/assets/stylesheets/leap_web_certs/.gitkeep b/certs/app/assets/stylesheets/leap_web_certs/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/certs/app/controllers/.gitkeep b/certs/app/controllers/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
deleted file mode 100644
index 82cbc44..0000000
--- a/certs/app/controllers/certs_controller.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-class CertsController < ApplicationController
-
-  before_filter :require_login, :unless => :anonymous_certs_allowed?
-
-  # GET /cert
-  def show
-    @cert = ClientCertificate.new(:prefix => certificate_prefix)
-    render text: @cert.to_s, content_type: 'text/plain'
-  end
-
-  protected
-
-  def anonymous_certs_allowed?
-    APP_CONFIG[:allow_anonymous_certs]
-  end
-  #
-  # this is some temporary logic until we store the service level in the user db.
-  #
-  # better logic might look like this:
-  #
-  # if logged_in?
-  #   service_level = user.service_level
-  # elsif allow_anonymous?
-  #   service_level = service_levels[:anonymous]
-  # else
-  #   service_level = nil
-  # end
-  #
-  # if service_level.bandwidth == 'limited' && allow_limited?
-  #   prefix = limited
-  # elsif allow_unlimited?
-  #   prefix = unlimited
-  # else
-  #   prefix = nil
-  # end
-  #
-  def certificate_prefix
-    if logged_in?
-      if APP_CONFIG[:allow_unlimited_certs]
-        APP_CONFIG[:unlimited_cert_prefix]
-      elsif APP_CONFIG[:allow_limited_certs]
-        APP_CONFIG[:limited_cert_prefix]
-      end
-    elsif !APP_CONFIG[:allow_limited_certs]
-      APP_CONFIG[:unlimited_cert_prefix]
-    else
-      APP_CONFIG[:limited_cert_prefix]
-    end
-  end
-end
diff --git a/certs/app/helpers/.gitkeep b/certs/app/helpers/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/certs/app/helpers/certs_helper.rb b/certs/app/helpers/certs_helper.rb
deleted file mode 100644
index 94e76b8..0000000
--- a/certs/app/helpers/certs_helper.rb
+++ /dev/null
@@ -1,2 +0,0 @@
-module CertsHelper
-end
diff --git a/certs/app/mailers/.gitkeep b/certs/app/mailers/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/certs/app/models/.gitkeep b/certs/app/models/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/certs/app/models/client_certificate.rb b/certs/app/models/client_certificate.rb
deleted file mode 100644
index 76b07a2..0000000
--- a/certs/app/models/client_certificate.rb
+++ /dev/null
@@ -1,113 +0,0 @@
-#
-# Model for certificates
-#
-# This file must be loaded after Config has been loaded.
-#
-require 'base64'
-require 'digest/md5'
-require 'openssl'
-require 'certificate_authority'
-require 'date'
-
-class ClientCertificate
-
-  attr_accessor :key                          # the client private RSA key
-  attr_accessor :cert                         # the client x509 certificate, signed by the CA
-
-  #
-  # generate the private key and client certificate
-  #
-  def initialize(options = {})
-    cert = CertificateAuthority::Certificate.new
-
-    # set subject
-    cert.subject.common_name = common_name(options[:prefix])
-
-    # set expiration
-    cert.not_before = yesterday
-    cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
-
-    # generate key
-    cert.serial_number.number = cert_serial_number
-    cert.key_material.generate_key(APP_CONFIG[:client_cert_bit_size])
-
-    # sign
-    cert.parent = ClientCertificate.root_ca
-    cert.sign! client_signing_profile
-
-    self.key = cert.key_material.private_key
-    self.cert = cert
-  end
-
-  def to_s
-    self.key.to_pem + self.cert.to_pem
-  end
-
-  private
-
-  def self.root_ca
-    @root_ca ||= begin
-                   crt = File.read(APP_CONFIG[:client_ca_cert])
-                   key = File.read(APP_CONFIG[:client_ca_key])
-                   openssl_cert = OpenSSL::X509::Certificate.new(crt)
-                   cert = CertificateAuthority::Certificate.from_openssl(openssl_cert)
-                   cert.key_material.private_key = OpenSSL::PKey::RSA.new(key, APP_CONFIG[:ca_key_password])
-                   cert
-                 end
-  end
-
-  #
-  # For cert serial numbers, we need a non-colliding number less than 160 bits.
-  # md5 will do nicely, since there is no need for a secure hash, just a short one.
-  # (md5 is 128 bits)
-  #
-  def cert_serial_number
-    Digest::MD5.hexdigest("#{rand(10**10)} -- #{Time.now}").to_i(16)
-  end
-
-  def common_name(prefix = nil)
-    [prefix, random_common_name].join
-  end
-
-  #
-  # for the random common name, we need a text string that will be unique across all certs.
-  # ruby 1.8 doesn't have a built-in uuid generator, or we would use SecureRandom.uuid
-  #
-  def random_common_name
-    cert_serial_number.to_s(36)
-  end
-
-  def client_signing_profile
-    {
-      "digest" => APP_CONFIG[:client_cert_hash],
-      "extensions" => {
-        "keyUsage" => {
-          "usage" => ["digitalSignature"]
-        },
-        "extendedKeyUsage" => {
-          "usage" => ["clientAuth"]
-        }
-      }
-    }
-  end
-
-  ##
-  ## TIME HELPERS
-  ##
-  ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet
-  ## are behind UTC.
-  ##
-
-  def yesterday
-    t = Time.now - 24*60*60
-    Time.utc t.year, t.month, t.day
-  end
-
-  def months_from_yesterday(num)
-    t = yesterday
-    date = Date.new t.year, t.month, t.day
-    date = date >> num # >> is months in the future operator
-    Time.utc date.year, date.month, date.day
-  end
-
-end
diff --git a/certs/app/views/.gitkeep b/certs/app/views/.gitkeep
deleted file mode 100644
index e69de29..0000000
-- 
cgit v1.2.3