pages_controller.rb 2.45 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
class Projects::PagesController < Projects::ApplicationController
  layout 'project_settings'

  before_action :authorize_update_pages!, except: [:show]
  before_action :authorize_remove_pages!, only: :destroy

  helper_method :valid_certificate?, :valid_certificate_key?
  helper_method :valid_key_for_certificiate?, :valid_certificate_intermediates?
  helper_method :certificate, :certificate_key

  def show
  end

  def update
    if @project.update_attributes(pages_params)
      redirect_to namespace_project_pages_path(@project.namespace, @project)
    else
      render 'show'
    end
  end

  def certificate
    @project.remove_pages_certificate
  end

  def destroy
    @project.remove_pages

    respond_to do |format|
      format.html { redirect_to project_path(@project) }
    end
  end

  private

  def pages_params
    params.require(:project).permit(
                              :pages_custom_certificate,
                              :pages_custom_certificate_key,
                              :pages_custom_domain,
                              :pages_redirect_http,
    )
  end

  def valid_certificate?
    certificate.present?
  end

  def valid_certificate_key?
    certificate_key.present?
  end

  def valid_key_for_certificiate?
    return false unless certificate
    return false unless certificate_key

57 58 59
    # We compare the public key stored in certificate with public key from certificate key
    certificate.public_key.to_pem == certificate_key.public_key.to_pem
  rescue OpenSSL::X509::CertificateError, OpenSSL::PKey::PKeyError
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
    false
  end

  def valid_certificate_intermediates?
    return false unless certificate

    store = OpenSSL::X509::Store.new
    store.set_default_paths

    # This forces to load all intermediate certificates stored in `pages_custom_certificate`
    Tempfile.open('project_certificate') do |f|
      f.write(@project.pages_custom_certificate)
      f.flush
      store.add_file(f.path)
    end

    store.verify(certificate)
  rescue OpenSSL::X509::StoreError
    false
  end

  def certificate
    return unless @project.pages_custom_certificate

    @certificate ||= OpenSSL::X509::Certificate.new(@project.pages_custom_certificate)
  rescue OpenSSL::X509::CertificateError
    nil
  end

  def certificate_key
    return unless @project.pages_custom_certificate_key
    @certificate_key ||= OpenSSL::PKey::RSA.new(@project.pages_custom_certificate_key)
Kamil Trzcinski's avatar
WIP  
Kamil Trzcinski committed
92
  rescue OpenSSL::PKey::PKeyError, OpenSSL::Cipher::CipherError
93 94 95
    nil
  end
end