ghaymah_dev/postal
1
0
نسخ 0
مراية لـ https://github.com/postalserver/postal.git تم المزامنة 2025-12-01 05:43:04 +00:00
الشفرة المشكلات Packages المشاريع الإصدارات الويكي النشاط
الملفات
cc04a57cf74265f4ff03c08d0c5c4d7bad57de21
postal/app/models/track_certificate.rb
Adam Cooke 2fdba0ceb5 initial commit from appmail
2017-04-19 13:07:25 +01:00

96 أسطر
2.5 KiB
Ruby
خام اللوم التاريخ

# == Schema Information
#
# Table name: track_certificates
#
# id :integer not null, primary key
# domain :string(255)
# certificate :text(65535)
# intermediaries :text(65535)
# key :text(65535)
# expires_at :datetime
# renew_after :datetime
# verification_path :string(255)
# verification_string :string(255)
# created_at :datetime not null
# updated_at :datetime not null
#
# Indexes
#
# index_track_certificates_on_domain (domain)
#
class TrackCertificate < ApplicationRecord
validates :domain, :presence => true, :uniqueness => true
default_value :key, -> { OpenSSL::PKey::RSA.new(2048).to_s }
scope :active, -> { where("certificate IS NOT NULL AND expires_at > ?", Time.now) }
def active?
certificate.present?
end
def get
verify && issue
end
def verify
authorization = Postal::LetsEncrypt.client.authorize(:domain => self.domain)
challenge = authorization.http01
self.verification_path = challenge.filename
self.verification_string = challenge.file_content
self.save!
challenge.request_verification
checks = 0
until challenge.verify_status != "pending"
checks += 1
return false if checks > 30
sleep 1
end
unless challenge.verify_status == "valid"
return false
end
return true
rescue Acme::Client::Error => e
@retries = 0
if e.is_a?(Acme::Client::Error::BadNonce) && @retries < 5
@retries += 1
sleep 1
verify
else
return false
end
end
def issue
csr = OpenSSL::X509::Request.new
csr.subject = OpenSSL::X509::Name.new([['CN', self.domain, OpenSSL::ASN1::UTF8STRING]])
private_key = OpenSSL::PKey::RSA.new(self.key)
csr.public_key = private_key.public_key
csr.sign(private_key, OpenSSL::Digest::SHA256.new)
https_cert = Postal::LetsEncrypt.client.new_certificate(csr)
self.certificate = https_cert.to_pem
self.intermediaries = https_cert.chain_to_pem
self.expires_at = https_cert.x509.not_after
self.renew_after = (self.expires_at - 1.month) + rand(10).days
self.save!
return true
end
def certificate_object
@certificate_object ||= OpenSSL::X509::Certificate.new(self.certificate)
end
def intermediaries_array
@intermediaries_array ||= self.intermediaries.to_s.scan(/-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----/m).map{|c| OpenSSL::X509::Certificate.new(c)}
end
def key_object
@key_object ||= OpenSSL::PKey::RSA.new(self.key)
end
end
المرجع في مشكلة جديدة عرض لوم Git نسخ الرابط الدائم