harrybomrah
/
client_management
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refine code.

This commit is contained in:
邱博亞 2024-05-09 21:21:18 +08:00
parent 783927c59b
commit 52312d0525
1 changed files with 32 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
app/models/site_cert.rb
View File

@ -33,6 +33,8 @@ class SiteCert
end end
def change_data def change_data
if !@skip_callback if !@skip_callback
invalid_messages = []
if self.cert_file.present?
org_cert_file_name = self.cert_file.file.file.to_s org_cert_file_name = self.cert_file.file.file.to_s
cert_file_name = org_cert_file_name.sub(/.cer$/, '.crt') cert_file_name = org_cert_file_name.sub(/.cer$/, '.crt')
if org_cert_file_name != cert_file_name if org_cert_file_name != cert_file_name
@ -41,29 +43,32 @@ class SiteCert
else else
`openssl x509 --inform DER -in #{org_cert_file_name} --out #{cert_file_name}` `openssl x509 --inform DER -in #{org_cert_file_name} --out #{cert_file_name}`
end end
self["cert_file"] = File.basename(cert_file_name)
self.cert_file.retrieve_from_store!(File.basename(cert_file_name)) self.cert_file.retrieve_from_store!(File.basename(cert_file_name))
end end
cert_file_md5 = `openssl x509 -noout -modulus -in #{cert_file_name} | openssl md5` cert_file_md5 = `openssl x509 -noout -modulus -in #{cert_file_name} | openssl md5`
private_key_md5 = `openssl rsa -noout -modulus -in #{self.private_key.file.file} | openssl md5`
is_valid = (cert_file_md5 == private_key_md5)
domain_names = `openssl x509 -text < #{cert_file_name} | grep 'DNS:' | sed 's/\s*DNS:\([a-z0-9.\-]*\)[,\s]\?/\1 /g'`.split('DNS:').map{|s| s.sub(',','').strip}.select{|s| s.present?} rescue [] domain_names = `openssl x509 -text < #{cert_file_name} | grep 'DNS:' | sed 's/\s*DNS:\([a-z0-9.\-]*\)[,\s]\?/\1 /g'`.split('DNS:').map{|s| s.sub(',','').strip}.select{|s| s.present?} rescue []
if domain_names.length == 0 if domain_names.length == 0
domain_names = [`openssl x509 -text < #{cert_file_name} | grep 'Subject' | grep 'CN =' | grep 'Subject' | grep 'CN =' |sed 's/\s*Subject: //g'`[0...-1].split(/, | = /).each_slice(2).to_h['CN']] rescue [] domain_names = [`openssl x509 -text < #{cert_file_name} | grep 'Subject' | grep 'CN =' | grep 'Subject' | grep 'CN =' |sed 's/\s*Subject: //g'`[0...-1].split(/, | = /).each_slice(2).to_h['CN']] rescue []
end end
sign_algo_valid = `openssl x509 -text < #{cert_file_name} | grep 'Signature Algorithm: sha1'`[0...-1].blank? rescue false sign_algo_valid = `openssl x509 -text < #{cert_file_name} | grep 'Signature Algorithm: sha1'`[0...-1].blank? rescue false
invalid_messages = []
if !is_valid
invalid_messages << 'cert and key not match'
end
if !sign_algo_valid if !sign_algo_valid
invalid_messages << 'Signature Algorithm cannot use sha1, please use sha256' invalid_messages << 'Signature Algorithm cannot use sha1, please use sha256'
end end
if domain_names.blank? if domain_names.blank?
invalid_messages << 'Domain Names(alt_names) is empty.' invalid_messages << 'Domain Names(alt_names) is empty.'
end end
end
if self.private_key.present?
private_key_md5 = `openssl rsa -noout -modulus -in #{self.private_key.file.file} | openssl md5`
end
self.is_valid = (cert_file_md5 ? (cert_file_md5 == private_key_md5) : false)
unless self.is_valid
invalid_messages << 'cert and key not match'
end
self.invalid_message = invalid_messages.join(', ') self.invalid_message = invalid_messages.join(', ')
if is_valid if self.is_valid
is_valid = sign_algo_valid self.is_valid = sign_algo_valid
end end
if domain_names.blank? if domain_names.blank?
self.is_valid = false self.is_valid = false
@ -72,7 +77,6 @@ class SiteCert
end_date_text = `openssl x509 -text < #{cert_file_name} -enddate -noout`.split('=').last.strip end_date_text = `openssl x509 -text < #{cert_file_name} -enddate -noout`.split('=').last.strip
self.start_date = DateTime.parse(start_date_text) rescue nil self.start_date = DateTime.parse(start_date_text) rescue nil
self.end_date = DateTime.parse(end_date_text) rescue nil self.end_date = DateTime.parse(end_date_text) rescue nil
self.is_valid = is_valid
self.domain_names = domain_names self.domain_names = domain_names
end end
@skip_callback = true @skip_callback = true