Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
50aa5234
Commit
50aa5234
authored
Oct 22, 2019
by
Roger Meier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
refactor(smime): do not include OpenSSL to avoid name conflicts within specs
parent
fd74d775
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
9 additions
and
15 deletions
+9
-15
lib/gitlab/email/smime/certificate.rb
lib/gitlab/email/smime/certificate.rb
+2
-4
lib/gitlab/email/smime/signer.rb
lib/gitlab/email/smime/signer.rb
+2
-4
spec/support/helpers/smime_helper.rb
spec/support/helpers/smime_helper.rb
+5
-7
No files found.
lib/gitlab/email/smime/certificate.rb
View file @
50aa5234
...
...
@@ -4,8 +4,6 @@ module Gitlab
module
Email
module
Smime
class
Certificate
include
OpenSSL
attr_reader
:key
,
:cert
def
key_string
...
...
@@ -17,8 +15,8 @@ module Gitlab
end
def
self
.
from_strings
(
key_string
,
cert_string
)
key
=
PKey
::
RSA
.
new
(
key_string
)
cert
=
X509
::
Certificate
.
new
(
cert_string
)
key
=
OpenSSL
::
PKey
::
RSA
.
new
(
key_string
)
cert
=
OpenSSL
::
X509
::
Certificate
.
new
(
cert_string
)
new
(
key
,
cert
)
end
...
...
lib/gitlab/email/smime/signer.rb
View file @
50aa5234
...
...
@@ -7,8 +7,6 @@ module Gitlab
module
Smime
# Tooling for signing and verifying data with SMIME
class
Signer
include
OpenSSL
def
self
.
sign
(
cert
:,
key
:,
data
:)
signed_data
=
PKCS7
.
sign
(
cert
,
key
,
data
,
nil
,
PKCS7
::
DETACHED
)
PKCS7
.
write_smime
(
signed_data
)
...
...
@@ -16,11 +14,11 @@ module Gitlab
# return nil if data cannot be verified, otherwise the signed content data
def
self
.
verify_signature
(
cert
:,
ca_cert:
nil
,
signed_data
:)
store
=
X509
::
Store
.
new
store
=
OpenSSL
::
X509
::
Store
.
new
store
.
set_default_paths
store
.
add_cert
(
ca_cert
)
if
ca_cert
signed_smime
=
PKCS7
.
read_smime
(
signed_data
)
signed_smime
=
OpenSSL
::
PKCS7
.
read_smime
(
signed_data
)
signed_smime
if
signed_smime
.
verify
([
cert
],
store
)
end
end
...
...
spec/support/helpers/smime_helper.rb
View file @
50aa5234
# frozen_string_literal: true
module
SmimeHelper
include
OpenSSL
INFINITE_EXPIRY
=
1000
.
years
SHORT_EXPIRY
=
30
.
minutes
...
...
@@ -20,12 +18,12 @@ module SmimeHelper
public_key
=
key
.
public_key
subject
=
if
certificate_authority
X509
::
Name
.
parse
(
"/CN=EU"
)
OpenSSL
::
X509
::
Name
.
parse
(
"/CN=EU"
)
else
X509
::
Name
.
parse
(
"/CN=
#{
email_address
}
"
)
OpenSSL
::
X509
::
Name
.
parse
(
"/CN=
#{
email_address
}
"
)
end
cert
=
X509
::
Certificate
.
new
cert
=
OpenSSL
::
X509
::
Certificate
.
new
cert
.
subject
=
subject
cert
.
issuer
=
signed_by
&
.
fetch
(
:cert
,
nil
)
&
.
subject
||
subject
...
...
@@ -36,7 +34,7 @@ module SmimeHelper
cert
.
serial
=
0x0
cert
.
version
=
2
extension_factory
=
X509
::
ExtensionFactory
.
new
extension_factory
=
OpenSSL
::
X509
::
ExtensionFactory
.
new
if
certificate_authority
extension_factory
.
subject_certificate
=
cert
extension_factory
.
issuer_certificate
=
cert
...
...
@@ -50,7 +48,7 @@ module SmimeHelper
cert
.
add_extension
(
extension_factory
.
create_extension
(
'extendedKeyUsage'
,
'clientAuth,emailProtection'
,
false
))
end
cert
.
sign
(
signed_by
&
.
fetch
(
:key
,
nil
)
||
key
,
Digest
::
SHA256
.
new
)
cert
.
sign
(
signed_by
&
.
fetch
(
:key
,
nil
)
||
key
,
OpenSSL
::
Digest
::
SHA256
.
new
)
{
key:
key
,
cert:
cert
}
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment