fix cert validation feature

2023-03-20 23:17:04 +08:00 · 2023-03-20 23:17:04 +08:00 · bb9c7ce6cb
parent c85989b0dd
commit bb9c7ce6cb
2 changed files with 25 additions and 3 deletions
--- a/app/models/site_cert.rb
+++ b/app/models/site_cert.rb
@ -10,6 +10,7 @@ class SiteCert
  field :source_paths , type: Array ,default: []
  field :start_date , type: DateTime
  field :end_date , type: DateTime
+  field :invalid_message, type: String
  has_many :site_constructs, :autosave => true
  after_save :change_data
  def upload_date
@ -34,8 +35,26 @@ class SiteCert
    	cert_file_md5 = `openssl x509 -noout -modulus -in #{self.cert_file.file.file} | openssl md5`
    	private_key_md5 = `openssl rsa -noout -modulus -in #{self.private_key.file.file} | openssl md5`
    	is_valid = (cert_file_md5 == private_key_md5)
-    	domain_names = `openssl x509 -text <  #{self.cert_file.file.file} | grep 'DNS:' | sed 's/\s*DNS:\([a-z0-9.\-]*\)[,\s]\?/\1 /g'`.split('DNS:').map{|s| s.sub(',','').strip}.select{|s| s.present?} rescue []
-    	if domain_names.blank?
+      domain_names = `openssl x509 -text <  #{self.cert_file.file.file} | grep 'DNS:' | sed 's/\s*DNS:\([a-z0-9.\-]*\)[,\s]\?/\1 /g'`.split('DNS:').map{|s| s.sub(',','').strip}.select{|s| s.present?} rescue []
+    	if domain_names.length == 0
+        domain_names = [`openssl x509 -text <  #{self.cert_file.file.file} | grep 'Subject' | grep 'CN =' | grep 'Subject' | grep 'CN =' |sed 's/\s*Subject: //g'`[0...-1].split(/, | = /).each_slice(2).to_h['CN']] rescue []
+    	end
+      sign_algo_valid = `openssl x509 -text <  #{self.cert_file.file.file} | grep 'Signature Algorithm: sha1'`[0...-1].blank? rescue false
+      invalid_messages = []
+      if !is_valid
+        invalid_messages << 'cert and key not match'
+      end
+      if !sign_algo_valid
+        invalid_messages << 'Signature Algorithm cannot use sha1, please use sha256'
+      end
+      if domain_names.blank?
+        invalid_messages << 'Domain Names(alt_names) is empty.'
+      end
+      self.invalid_message = invalid_messages.join(', ')
+      if is_valid
+        is_valid = sign_algo_valid
+      end
+      if domain_names.blank?
        self.is_valid = false
        @skip_callback = true
        self.save(:validate=>false)
--- a/app/views/admin/site_panel/_certs_table.html.erb
+++ b/app/views/admin/site_panel/_certs_table.html.erb
@ -16,7 +16,10 @@
    <% @site_certs.each do |site_cert| %>
      <tr>
        <td><%=site_cert.upload_date %></td>
-        <td><span class="<%=site_cert.is_valid ? 'valid_icon' : 'invalid_icon' %>" aria-hidden="true"></span></td>
+        <td>
+          <span class="<%=site_cert.is_valid ? 'valid_icon' : 'invalid_icon' %>" aria-hidden="true"></span>
+          <%= site_cert.invalid_message %>
+        </td>
        <td><%=site_cert.display_start_date %></td>
        <td><%=site_cert.display_end_date %></td>
        <td><%=site_cert.display_domain_names %></td>