Commit 50aa5234 authored by Roger Meier's avatar Roger Meier

refactor(smime): do not include OpenSSL to avoid name conflicts within specs

parent fd74d775
......@@ -4,8 +4,6 @@ module Gitlab
module Email
module Smime
class Certificate
include OpenSSL
attr_reader :key, :cert
def key_string
......@@ -17,8 +15,8 @@ module Gitlab
end
def self.from_strings(key_string, cert_string)
key = PKey::RSA.new(key_string)
cert = X509::Certificate.new(cert_string)
key = OpenSSL::PKey::RSA.new(key_string)
cert = OpenSSL::X509::Certificate.new(cert_string)
new(key, cert)
end
......
......@@ -7,8 +7,6 @@ module Gitlab
module Smime
# Tooling for signing and verifying data with SMIME
class Signer
include OpenSSL
def self.sign(cert:, key:, data:)
signed_data = PKCS7.sign(cert, key, data, nil, PKCS7::DETACHED)
PKCS7.write_smime(signed_data)
......@@ -16,11 +14,11 @@ module Gitlab
# return nil if data cannot be verified, otherwise the signed content data
def self.verify_signature(cert:, ca_cert: nil, signed_data:)
store = X509::Store.new
store = OpenSSL::X509::Store.new
store.set_default_paths
store.add_cert(ca_cert) if ca_cert
signed_smime = PKCS7.read_smime(signed_data)
signed_smime = OpenSSL::PKCS7.read_smime(signed_data)
signed_smime if signed_smime.verify([cert], store)
end
end
......
# frozen_string_literal: true
module SmimeHelper
include OpenSSL
INFINITE_EXPIRY = 1000.years
SHORT_EXPIRY = 30.minutes
......@@ -20,12 +18,12 @@ module SmimeHelper
public_key = key.public_key
subject = if certificate_authority
X509::Name.parse("/CN=EU")
OpenSSL::X509::Name.parse("/CN=EU")
else
X509::Name.parse("/CN=#{email_address}")
OpenSSL::X509::Name.parse("/CN=#{email_address}")
end
cert = X509::Certificate.new
cert = OpenSSL::X509::Certificate.new
cert.subject = subject
cert.issuer = signed_by&.fetch(:cert, nil)&.subject || subject
......@@ -36,7 +34,7 @@ module SmimeHelper
cert.serial = 0x0
cert.version = 2
extension_factory = X509::ExtensionFactory.new
extension_factory = OpenSSL::X509::ExtensionFactory.new
if certificate_authority
extension_factory.subject_certificate = cert
extension_factory.issuer_certificate = cert
......@@ -50,7 +48,7 @@ module SmimeHelper
cert.add_extension(extension_factory.create_extension('extendedKeyUsage', 'clientAuth,emailProtection', false))
end
cert.sign(signed_by&.fetch(:key, nil) || key, Digest::SHA256.new)
cert.sign(signed_by&.fetch(:key, nil) || key, OpenSSL::Digest::SHA256.new)
{ key: key, cert: cert }
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment