Class: ForemanCfssl::CertsController

Inherits:
ApplicationController
  • Object
show all
Defined in:
app/controllers/foreman_cfssl/certs_controller.rb

Instance Method Summary collapse

Instance Method Details

#createObject 



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 51

def create
  # Added several attr_accessors in model to ease form processing
  @cert = Cert.new(params[:foreman_cfssl_cert].permit(:owner_email, :common_name, :profile, :hosts))

  # Read ini configurations
  configs = SETTINGS[:foreman_cfssl]
  ca = configs[:ca]
  ca_key = configs[:ca_key]
  ca_config = configs[:config]
  csr_template = configs[:csr_template]

  # fill in details to create certificate signing request config
  csr = JSON.parse(File.read(csr_template))
  csr['CN'] = @cert.common_name
  csr['hosts'] = @cert.hosts.strip.split(%r{\s+})

  # generate certificates
  stdin, stdout, stderr = Open3.popen3("cfssl gencert -config=#{ca_config} -ca=#{ca} -ca-key=#{ca_key} -profile=#{@cert.profile} -")
  stdin.puts JSON.dump(csr)
  stdin.close

  result = JSON.parse(stdout.gets(sep=nil))
  @cert.pem = result['cert']
  @cert.key = result['key']
  @cert.user = User.current

  self.expand_pem

  if @cert.save
    flash[:notice] = "Successfully issued certificate for #{@cert.common_name}"
    redirect_to @cert
  else
    render 'new'
  end
end

#destroyObject 



91
92
93
94
95
96
97
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 91

def destroy
  @cert = Cert.find(params[:id])
  @cert.destroy

  flash[:notice] = "Certificate deleted"
  redirect_to certs_path
end

#expand_pemObject 



99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 99

def expand_pem
  cert_info = self.extract_cert_info(@cert.pem)

  @cert.subject = JSON.dump(cert_info['subject'])
  @cert.issuer = JSON.dump(cert_info['issuer'])
  @cert.serial_number = cert_info['serial_number']
  @cert.sans = cert_info.has_key?('sans') ? JSON.dump(cert_info['sans']) : '[]'
  @cert.not_before = DateTime.parse(cert_info['not_before'])
  @cert.not_after = DateTime.parse(cert_info['not_after'])
  @cert.sigalg = cert_info['sigalg']
  @cert.authority_key_id = cert_info['authority_key_id']
  @cert.subject_key_id = cert_info['subject_key_id']
end

#extract_cert_info(pem) ⇒ Object 



113
114
115
116
117
118
119
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 113

def extract_cert_info(pem)
  stdin, stdout, stderr = Open3.popen3('cfssl certinfo -cert=-')
  stdin.puts pem
  stdin.close

  return JSON.parse(stdout.gets(sep=nil))
end

#importObject 



11
12
13
14
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 11

def import
  @cert = Cert.new
  @allow_key_import = ['allow', 'true'].include?(SETTINGS[:foreman_cfssl][:private_key_import])
end

#import_saveObject 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 16

def import_save
  @cert = Cert.new(params[:foreman_cfssl_cert].permit(:owner_email, :pem, :key))

  allow_key_import = ['allow', 'true'].include?(SETTINGS[:foreman_cfssl][:private_key_import])
  if @cert.key.include?('PRIVATE') && !allow_key_import
    @cert.errors.add(:key, "Don't upload an unencrypted private key. Consider encrypting it.")
    render 'import' and return
  end

  @cert.user = User.current
  @cert.imported_at = Time.now

  self.expand_pem

  if @cert.save
    flash[:notice] = "Successfully imported certificate"
    redirect_to @cert
  else
    render 'import'
  end
end

#indexObject 



6
7
8
9
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 6

def index
  order = params[:order] || 'not_after DESC'
  @certs = Cert.all.paginate(:page => params[:page]).order(order)
end

#newObject 



38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 38

def new
  @cert = Cert.new

  # profiles for select
  config_path = SETTINGS[:foreman_cfssl][:config]
  config = JSON.parse(File.read(config_path))
  @profiles = config['signing']['profiles'].keys

  # CA information
  ca_pem = File.read(SETTINGS[:foreman_cfssl][:ca])
  @ca_info = JSON.pretty_generate(extract_cert_info(ca_pem))
end

#showObject 



87
88
89
 
# File 'app/controllers/foreman_cfssl/certs_controller.rb', line 87

def show
  @cert = Cert.find(params[:id])
end