refactor(smime): do not include OpenSSL to avoid name conflicts within specs

50aa5234 · Roger Meier · fd74d775 · 50aa5234 · 50aa5234 · 50aa5234
Commit 50aa5234 authored Oct 22, 2019 by Roger Meier
3 changed files
--- a/lib/gitlab/email/smime/certificate.rb
+++ b/lib/gitlab/email/smime/certificate.rb
@@ -4,8 +4,6 @@ module Gitlab
  module Email
    module Smime
      class Certificate
-        include OpenSSL
-
        attr_reader :key, :cert

        def key_string
@@ -17,8 +15,8 @@ module Gitlab
        end

        def self.from_strings(key_string, cert_string)
-          key = PKey::RSA.new(key_string)
-          cert = X509::Certificate.new(cert_string)
+          key = OpenSSL::PKey::RSA.new(key_string)
+          cert = OpenSSL::X509::Certificate.new(cert_string)
          new(key, cert)
        end


--- a/lib/gitlab/email/smime/signer.rb
+++ b/lib/gitlab/email/smime/signer.rb
@@ -7,8 +7,6 @@ module Gitlab
    module Smime
      # Tooling for signing and verifying data with SMIME
      class Signer
-        include OpenSSL
-
        def self.sign(cert:, key:, data:)
          signed_data = PKCS7.sign(cert, key, data, nil, PKCS7::DETACHED)
          PKCS7.write_smime(signed_data)
@@ -16,11 +14,11 @@ module Gitlab

        # return nil if data cannot be verified, otherwise the signed content data
        def self.verify_signature(cert:, ca_cert: nil, signed_data:)
-          store = X509::Store.new
+          store = OpenSSL::X509::Store.new
          store.set_default_paths
          store.add_cert(ca_cert) if ca_cert

-          signed_smime = PKCS7.read_smime(signed_data)
+          signed_smime = OpenSSL::PKCS7.read_smime(signed_data)
          signed_smime if signed_smime.verify([cert], store)
        end
      end

--- a/spec/support/helpers/smime_helper.rb
+++ b/spec/support/helpers/smime_helper.rb
 # frozen_string_literal: true

 module SmimeHelper
-  include OpenSSL
-
  INFINITE_EXPIRY = 1000.years
  SHORT_EXPIRY = 30.minutes

@@ -20,12 +18,12 @@ module SmimeHelper
    public_key = key.public_key

    subject = if certificate_authority
-                X509::Name.parse("/CN=EU")
+                OpenSSL::X509::Name.parse("/CN=EU")
              else
-                X509::Name.parse("/CN=#{email_address}")
+                OpenSSL::X509::Name.parse("/CN=#{email_address}")
              end

-    cert = X509::Certificate.new
+    cert = OpenSSL::X509::Certificate.new
    cert.subject = subject

    cert.issuer = signed_by&.fetch(:cert, nil)&.subject || subject
@@ -36,7 +34,7 @@ module SmimeHelper
    cert.serial = 0x0
    cert.version = 2

-    extension_factory = X509::ExtensionFactory.new
+    extension_factory = OpenSSL::X509::ExtensionFactory.new
    if certificate_authority
      extension_factory.subject_certificate = cert
      extension_factory.issuer_certificate = cert
@@ -50,7 +48,7 @@ module SmimeHelper
      cert.add_extension(extension_factory.create_extension('extendedKeyUsage', 'clientAuth,emailProtection', false))
    end

-    cert.sign(signed_by&.fetch(:key, nil) || key, Digest::SHA256.new)
+    cert.sign(signed_by&.fetch(:key, nil) || key, OpenSSL::Digest::SHA256.new)

    { key: key, cert: cert }
  end