Merge branch 'Lint/DeprecatedOpenSSLConstant' into 'master'

Replace OpenSSL constants with strings (CE)

See merge request gitlab-org/gitlab!52432

.rubocop_todo.yml

@@ -155,20 +155,6 @@ Lint/BinaryOperatorWithIdenticalOperands:
 Lint/ConstantDefinitionInBlock:
   Enabled: false
 
-# Offense count: 9
-# Cop supports --auto-correct.
-Lint/DeprecatedOpenSSLConstant:
-  Exclude:
-    - 'app/services/clusters/kubernetes/configure_istio_ingress_service.rb'
-    - 'ee/lib/gitlab/geo/oauth/logout_state.rb'
-    - 'lib/gitlab/conan_token.rb'
-    - 'lib/gitlab/gitaly_client.rb'
-    - 'lib/gitlab/kubernetes/helm/v2/certificate.rb'
-    - 'spec/lib/gitlab/conan_token_spec.rb'
-    - 'spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb'
-    - 'spec/support/helpers/smime_helper.rb'
-    - 'spec/support/shared_contexts/requests/api/conan_packages_shared_context.rb'
-
 # Offense count: 1
 Lint/DuplicateRequire:
   Exclude:

app/services/clusters/kubernetes/configure_istio_ingress_service.rb

@@ -60,7 +60,7 @@ module Clusters
         cert.public_key = key.public_key
         cert.subject = name
         cert.issuer = name
-        cert.sign(key, OpenSSL::Digest::SHA256.new)
+        cert.sign(key, OpenSSL::Digest.new('SHA256'))
 
         serverless_domain_cluster.update!(
           key: key.to_pem,

changelogs/unreleased/Lint-DeprecatedOpenSSLConstant.yml

+---
+title: Replace OpenSSL constants with strings
+merge_request: 52432
+author: Takuya Noguchi
+type: other

lib/gitlab/conan_token.rb

@@ -35,7 +35,7 @@ module Gitlab
 
       def secret
         OpenSSL::HMAC.hexdigest(
-          OpenSSL::Digest::SHA256.new,
+          OpenSSL::Digest.new('SHA256'),
           ::Settings.attr_encrypted_db_key_base,
           HMAC_KEY
         )

lib/gitlab/gitaly_client.rb

@@ -203,7 +203,7 @@ module Gitlab
     def self.authorization_token(storage)
       token = token(storage).to_s
       issued_at = real_time.to_i.to_s
-      hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, token, issued_at)
+      hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('SHA256'), token, issued_at)
 
       "v2.#{hmac}.#{issued_at}"
     end

lib/gitlab/kubernetes/helm/v2/certificate.rb

@@ -59,7 +59,7 @@ module Gitlab
               cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true))
             end
 
-            cert.sign(signed_by&.key || key, OpenSSL::Digest::SHA256.new)
+            cert.sign(signed_by&.key || key, OpenSSL::Digest.new('SHA256'))
 
             new(key, cert)
           end

spec/lib/gitlab/conan_token_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe Gitlab::ConanToken do
 
   let(:jwt_secret) do
     OpenSSL::HMAC.hexdigest(
-      OpenSSL::Digest::SHA256.new,
+      OpenSSL::Digest.new('SHA256'),
       base_secret,
       described_class::HMAC_KEY
     )

spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb

@@ -135,7 +135,7 @@ RSpec.describe PagesDomains::ObtainLetsEncryptCertificateService do
       cert.add_extension ef.create_extension("authorityKeyIdentifier",
                                              "keyid:always,issuer:always")
 
-      cert.sign key, OpenSSL::Digest::SHA1.new
+      cert.sign key, OpenSSL::Digest.new('SHA1')
 
       cert.to_pem
     end

spec/support/helpers/smime_helper.rb

@@ -52,7 +52,7 @@ module SmimeHelper
       cert.add_extension(extension_factory.create_extension('extendedKeyUsage', 'clientAuth,emailProtection', false))
     end
 
-    cert.sign(signed_by&.fetch(:key, nil) || key, OpenSSL::Digest::SHA256.new)
+    cert.sign(signed_by&.fetch(:key, nil) || key, OpenSSL::Digest.new('SHA256'))
 
     { key: key, cert: cert }
   end

spec/support/shared_contexts/requests/api/conan_packages_shared_context.rb

@@ -22,7 +22,7 @@ RSpec.shared_context 'conan api setup' do
 
   let(:jwt_secret) do
     OpenSSL::HMAC.hexdigest(
-      OpenSSL::Digest::SHA256.new,
+      OpenSSL::Digest.new('SHA256'),
       base_secret,
       Gitlab::ConanToken::HMAC_KEY
     )