Commit dbd0c9dd authored by Girish Ramakrishnan's avatar Girish Ramakrishnan

Use _ as the separator for the CN

Fixes #26
parent 4d784d8d
......@@ -18,6 +18,7 @@ const stat = promisify(fs.stat)
const rm = promisify(fs.unlink)
const readFile = promisify(fs.readFile)
const writeFile = promisify(fs.writeFile)
const rename = promisify(fs.rename)
const wait = t => new Promise(resolve => setTimeout(() => resolve(), t))
const RUN_DIR = process.env.CLOUDRON ? '/run/' : path.join(__dirname, '../.dev/run/')
......@@ -25,8 +26,9 @@ const DATA_DIR = process.env.CLOUDRON ? '/app/data/' : path.join(__dirname, '../
const ADMIN_TOKEN = fs.readFileSync(path.join(RUN_DIR, 'admin-token'), 'utf8')
// legacy keys had username:devicename. new keys have username/devicename
const CN_REGEXP = /^([A-Za-z0-9.]+)(?:\/|:)([A-Za-z0-9\-_]+)$/
// legacy keys had username:devicename and username/devicename. The former has issues with linux commands thinking : is some hostname and
// the latter has issues with ccd (see #26). We use _ since cloudron does not allow _ in usernames
const CN_REGEXP = /^([A-Za-z0-9.]+)(?:\/|:|_)([A-Za-z0-9\-_]+)$/
const baseDir = '/app/code/easyrsa'
const keyDir = path.join(DATA_DIR, 'keys')
......@@ -169,13 +171,19 @@ const createKey = (req, res, next) => {
.then(list => {
if (list.map(e => e.name).includes(deviceName)) return next(new HttpError(409, 'Device already exists'))
safe.fs.mkdirSync(path.join(keyDir, cleanUserName(req.session.user.username))) // ensure directory
const userDir = cleanUserName(req.session.user.username)
safe.fs.mkdirSync(path.join(keyDir, userDir)) // ensure directory
const cn = `${userDir}_${deviceName}`
return spawnFile({
tag: 'createUserKey',
file: path.join(baseDir, 'pkitool'),
args: [ `${cleanUserName(req.session.user.username)}/${deviceName}` ]
args: [ cn ]
})
.then(() => rename(`${keyDir}/${cn}.crt`, `${keyDir}/${userDir}/${deviceName}.crt`))
.then(() => rename(`${keyDir}/${cn}.key`, `${keyDir}/${userDir}/${deviceName}.key`))
.then(() => rename(`${keyDir}/${cn}.csr`, `${keyDir}/${userDir}/${deviceName}.csr`))
.then(() => res.status(201).send({created: deviceName}))
})
.catch(error => next(new HttpError(500, error)))
......@@ -263,13 +271,16 @@ const revokeKey = (req, res, next) => {
.then(list => {
if (!list.map(e => e.name).includes(deviceName)) return next(new HttpError(404, 'Not Found'))
const userDir = cleanUserName(req.session.user.username)
const certNameBase = `${userDir}/${deviceName}` // the script looks for keydir/certNameBase.crt
return spawnFile({
tag: 'revokeUserKey',
file: path.join(baseDir, 'revoke-full'),
args: [ `${cleanUserName(req.session.user.username)}/${deviceName}` ],
args: [ certNameBase ],
wantedCode: 2
})
.then(() => rm(path.join(keyDir, `${cleanUserName(req.session.user.username)}/${deviceName}.key`)))
.then(() => rm(path.join(keyDir, userDir, `${deviceName}.key`)))
.then(() => res.status(200).send({revoked: deviceName}))
})
.catch(error => next(new HttpError(500, error)))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment