fix cert validation feature
This commit is contained in:
parent
c85989b0dd
commit
bb9c7ce6cb
|
@ -10,6 +10,7 @@ class SiteCert
|
||||||
field :source_paths , type: Array ,default: []
|
field :source_paths , type: Array ,default: []
|
||||||
field :start_date , type: DateTime
|
field :start_date , type: DateTime
|
||||||
field :end_date , type: DateTime
|
field :end_date , type: DateTime
|
||||||
|
field :invalid_message, type: String
|
||||||
has_many :site_constructs, :autosave => true
|
has_many :site_constructs, :autosave => true
|
||||||
after_save :change_data
|
after_save :change_data
|
||||||
def upload_date
|
def upload_date
|
||||||
|
@ -35,6 +36,24 @@ class SiteCert
|
||||||
private_key_md5 = `openssl rsa -noout -modulus -in #{self.private_key.file.file} | openssl md5`
|
private_key_md5 = `openssl rsa -noout -modulus -in #{self.private_key.file.file} | openssl md5`
|
||||||
is_valid = (cert_file_md5 == private_key_md5)
|
is_valid = (cert_file_md5 == private_key_md5)
|
||||||
domain_names = `openssl x509 -text < #{self.cert_file.file.file} | grep 'DNS:' | sed 's/\s*DNS:\([a-z0-9.\-]*\)[,\s]\?/\1 /g'`.split('DNS:').map{|s| s.sub(',','').strip}.select{|s| s.present?} rescue []
|
domain_names = `openssl x509 -text < #{self.cert_file.file.file} | grep 'DNS:' | sed 's/\s*DNS:\([a-z0-9.\-]*\)[,\s]\?/\1 /g'`.split('DNS:').map{|s| s.sub(',','').strip}.select{|s| s.present?} rescue []
|
||||||
|
if domain_names.length == 0
|
||||||
|
domain_names = [`openssl x509 -text < #{self.cert_file.file.file} | grep 'Subject' | grep 'CN =' | grep 'Subject' | grep 'CN =' |sed 's/\s*Subject: //g'`[0...-1].split(/, | = /).each_slice(2).to_h['CN']] rescue []
|
||||||
|
end
|
||||||
|
sign_algo_valid = `openssl x509 -text < #{self.cert_file.file.file} | grep 'Signature Algorithm: sha1'`[0...-1].blank? rescue false
|
||||||
|
invalid_messages = []
|
||||||
|
if !is_valid
|
||||||
|
invalid_messages << 'cert and key not match'
|
||||||
|
end
|
||||||
|
if !sign_algo_valid
|
||||||
|
invalid_messages << 'Signature Algorithm cannot use sha1, please use sha256'
|
||||||
|
end
|
||||||
|
if domain_names.blank?
|
||||||
|
invalid_messages << 'Domain Names(alt_names) is empty.'
|
||||||
|
end
|
||||||
|
self.invalid_message = invalid_messages.join(', ')
|
||||||
|
if is_valid
|
||||||
|
is_valid = sign_algo_valid
|
||||||
|
end
|
||||||
if domain_names.blank?
|
if domain_names.blank?
|
||||||
self.is_valid = false
|
self.is_valid = false
|
||||||
@skip_callback = true
|
@skip_callback = true
|
||||||
|
|
|
@ -16,7 +16,10 @@
|
||||||
<% @site_certs.each do |site_cert| %>
|
<% @site_certs.each do |site_cert| %>
|
||||||
<tr>
|
<tr>
|
||||||
<td><%=site_cert.upload_date %></td>
|
<td><%=site_cert.upload_date %></td>
|
||||||
<td><span class="<%=site_cert.is_valid ? 'valid_icon' : 'invalid_icon' %>" aria-hidden="true"></span></td>
|
<td>
|
||||||
|
<span class="<%=site_cert.is_valid ? 'valid_icon' : 'invalid_icon' %>" aria-hidden="true"></span>
|
||||||
|
<%= site_cert.invalid_message %>
|
||||||
|
</td>
|
||||||
<td><%=site_cert.display_start_date %></td>
|
<td><%=site_cert.display_start_date %></td>
|
||||||
<td><%=site_cert.display_end_date %></td>
|
<td><%=site_cert.display_end_date %></td>
|
||||||
<td><%=site_cert.display_domain_names %></td>
|
<td><%=site_cert.display_domain_names %></td>
|
||||||
|
|
Loading…
Reference in New Issue