Generate cert fingerprints and store in DB

When a client SMTP certificate is created, it needs:

• the common name set to the email address that it corresponds to. (to make it easy to identify a spammer)
• the sha1 fingerprint stored in the db, in a manner such that we can delete the entry if we know the address (so that we can disable the account of a spammer).

Here is some ruby code to generate a cert fingerprint:

require 'openssl'
require 'certificate_authority'
require 'digest'
require 'digest/md5'
require 'digest/sha1'

module LeapCli; module X509
  extend self

  #
  # returns a fingerprint of a x509 certificate
  #
  def fingerprint(digest, cert_file)
    if cert_file.is_a? String
      cert = OpenSSL::X509::Certificate.new(Util.read_file!(cert_file))
    elsif cert_file.is_a? OpenSSL::X509::Certificate
      cert = cert_file
    elsif cert_file.is_a? CertificateAuthority::Certificate
      cert = cert_file.openssl_body
    end
    digester = case digest
      when "MD5" then Digest::MD5.new
      when "SHA1" then Digest::SHA1.new
      when "SHA256" then Digest::SHA256.new
      when "SHA384" then Digest::SHA384.new
      when "SHA512" then Digest::SHA512.new
    end
    digester.hexdigest(cert.to_der)
  end


end; end

(from redmine: created on 2013-10-24, closed on 2014-05-29)

• Relations:
  • relates #5647 (closed)
  • parent #4282 (closed)