gitlab-org--gitlab-foss/app/controllers/projects/pages_controller.rb

class Projects::PagesController < Projects::ApplicationController
  layout 'project_settings'

  before_action :authorize_update_pages!, except: [:show]
  before_action :authorize_remove_pages!, only: :destroy

  helper_method :valid_certificate?, :valid_certificate_key?
  helper_method :valid_key_for_certificiate?, :valid_certificate_intermediates?
  helper_method :certificate, :certificate_key

  def show
  end

  def update
    if @project.update_attributes(pages_params)
      redirect_to namespace_project_pages_path(@project.namespace, @project)
    else
      render 'show'
    end
  end

  def certificate
    @project.remove_pages_certificate
  end

  def destroy
    @project.remove_pages

    respond_to do |format|
      format.html { redirect_to project_path(@project) }
    end
  end

  private

  def pages_params
    params.require(:project).permit(
                              :pages_custom_certificate,
                              :pages_custom_certificate_key,
                              :pages_custom_domain,
                              :pages_redirect_http,
    )
  end

  def valid_certificate?
    certificate.present?
  end

  def valid_certificate_key?
    certificate_key.present?
  end

  def valid_key_for_certificiate?
    return false unless certificate
    return false unless certificate_key

    # We compare the public key stored in certificate with public key from certificate key
    certificate.public_key.to_pem == certificate_key.public_key.to_pem
  rescue OpenSSL::X509::CertificateError, OpenSSL::PKey::PKeyError
    false
  end

  def valid_certificate_intermediates?
    return false unless certificate

    store = OpenSSL::X509::Store.new
    store.set_default_paths

    # This forces to load all intermediate certificates stored in `pages_custom_certificate`
    Tempfile.open('project_certificate') do |f|
      f.write(@project.pages_custom_certificate)
      f.flush
      store.add_file(f.path)
    end

    store.verify(certificate)
  rescue OpenSSL::X509::StoreError
    false
  end

  def certificate
    return unless @project.pages_custom_certificate

    @certificate ||= OpenSSL::X509::Certificate.new(@project.pages_custom_certificate)
  rescue OpenSSL::X509::CertificateError
    nil
  end

  def certificate_key
    return unless @project.pages_custom_certificate_key
    @certificate_key ||= OpenSSL::PKey::RSA.new(@project.pages_custom_certificate_key)
  rescue OpenSSL::PKey::PKeyError, OpenSSL::Cipher::CipherError
    nil
  end
end
Initial work on GitLab Pages update 2016-02-09 17:06:55 +00:00			`class Projects::PagesController < Projects::ApplicationController`
			`layout 'project_settings'`

			`before_action :authorize_update_pages!, except: [:show]`
			`before_action :authorize_remove_pages!, only: :destroy`

			`helper_method :valid_certificate?, :valid_certificate_key?`
			`helper_method :valid_key_for_certificiate?, :valid_certificate_intermediates?`
			`helper_method :certificate, :certificate_key`

			`def show`
			`end`

			`def update`
			`if @project.update_attributes(pages_params)`
			`redirect_to namespace_project_pages_path(@project.namespace, @project)`
			`else`
			`render 'show'`
			`end`
			`end`

			`def certificate`
			`@project.remove_pages_certificate`
			`end`

			`def destroy`
			`@project.remove_pages`

			`respond_to do \|format\|`
			`format.html { redirect_to project_path(@project) }`
			`end`
			`end`

			`private`

			`def pages_params`
			`params.require(:project).permit(`
			`:pages_custom_certificate,`
			`:pages_custom_certificate_key,`
			`:pages_custom_domain,`
			`:pages_redirect_http,`
			`)`
			`end`

			`def valid_certificate?`
			`certificate.present?`
			`end`

			`def valid_certificate_key?`
			`certificate_key.present?`
			`end`

			`def valid_key_for_certificiate?`
			`return false unless certificate`
			`return false unless certificate_key`

Implement proper verification of certificate's public_key against the private_key 2016-02-09 18:04:39 +00:00			`# We compare the public key stored in certificate with public key from certificate key`
			`certificate.public_key.to_pem == certificate_key.public_key.to_pem`
			`rescue OpenSSL::X509::CertificateError, OpenSSL::PKey::PKeyError`
Initial work on GitLab Pages update 2016-02-09 17:06:55 +00:00			`false`
			`end`

			`def valid_certificate_intermediates?`
			`return false unless certificate`

			`store = OpenSSL::X509::Store.new`
			`store.set_default_paths`

			# This forces to load all intermediate certificates stored in `pages_custom_certificate`
			`Tempfile.open('project_certificate') do \|f\|`
			`f.write(@project.pages_custom_certificate)`
			`f.flush`
			`store.add_file(f.path)`
			`end`

			`store.verify(certificate)`
			`rescue OpenSSL::X509::StoreError`
			`false`
			`end`

			`def certificate`
			`return unless @project.pages_custom_certificate`

			`@certificate \|\|= OpenSSL::X509::Certificate.new(@project.pages_custom_certificate)`
			`rescue OpenSSL::X509::CertificateError`
			`nil`
			`end`

			`def certificate_key`
			`return unless @project.pages_custom_certificate_key`
			`@certificate_key \|\|= OpenSSL::PKey::RSA.new(@project.pages_custom_certificate_key)`
WIP 2016-02-10 10:37:27 +00:00			`rescue OpenSSL::PKey::PKeyError, OpenSSL::Cipher::CipherError`
Initial work on GitLab Pages update 2016-02-09 17:06:55 +00:00			`nil`
			`end`
			`end`