Commit f0904eb4 authored by Stan Hu's avatar Stan Hu

Rename Gitlab::Email::Smime::Certificate

Nothing about this class is specific to e-mail or SMIME,
so rename this to Gitlab::X509::Certificate.
parent b3a7e0d5
...@@ -135,7 +135,7 @@ class PagesDomain < ApplicationRecord ...@@ -135,7 +135,7 @@ class PagesDomain < ApplicationRecord
end end
def untrusted_ca_certs_bundle def untrusted_ca_certs_bundle
::Gitlab::Email::Smime::Certificate.load_ca_certs_bundle(certificate) ::Gitlab::X509::Certificate.load_ca_certs_bundle(certificate)
end end
def expired? def expired?
......
...@@ -22,7 +22,7 @@ module Gitlab ...@@ -22,7 +22,7 @@ module Gitlab
private private
def certificate def certificate
@certificate ||= Gitlab::Email::Smime::Certificate.from_files(key_path, cert_path, ca_certs_path) @certificate ||= Gitlab::X509::Certificate.from_files(key_path, cert_path, ca_certs_path)
end end
def key_path def key_path
......
# frozen_string_literal: true
module Gitlab
module Email
module Smime
class Certificate
CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
attr_reader :key, :cert, :ca_certs
def key_string
key.to_s
end
def cert_string
cert.to_pem
end
def ca_certs_string
ca_certs.map(&:to_pem).join('\n') unless ca_certs.blank?
end
def self.from_strings(key_string, cert_string, ca_certs_string = nil)
key = OpenSSL::PKey::RSA.new(key_string)
cert = OpenSSL::X509::Certificate.new(cert_string)
ca_certs = load_ca_certs_bundle(ca_certs_string)
new(key, cert, ca_certs)
end
def self.from_files(key_path, cert_path, ca_certs_path = nil)
ca_certs_string = File.read(ca_certs_path) if ca_certs_path
from_strings(File.read(key_path), File.read(cert_path), ca_certs_string)
end
# Returns an array of OpenSSL::X509::Certificate objects, empty array if none found
#
# Ruby OpenSSL::X509::Certificate.new will only load the first
# certificate if a bundle is presented, this allows to parse multiple certs
# in the same file
def self.load_ca_certs_bundle(ca_certs_string)
return [] unless ca_certs_string
ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
OpenSSL::X509::Certificate.new(ca_cert_string)
end
end
def initialize(key, cert, ca_certs = nil)
@key = key
@cert = cert
@ca_certs = ca_certs
end
end
end
end
end
# frozen_string_literal: true
module Gitlab
module X509
class Certificate
CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
attr_reader :key, :cert, :ca_certs
def key_string
key.to_s
end
def cert_string
cert.to_pem
end
def ca_certs_string
ca_certs.map(&:to_pem).join('\n') unless ca_certs.blank?
end
def self.from_strings(key_string, cert_string, ca_certs_string = nil)
key = OpenSSL::PKey::RSA.new(key_string)
cert = OpenSSL::X509::Certificate.new(cert_string)
ca_certs = load_ca_certs_bundle(ca_certs_string)
new(key, cert, ca_certs)
end
def self.from_files(key_path, cert_path, ca_certs_path = nil)
ca_certs_string = File.read(ca_certs_path) if ca_certs_path
from_strings(File.read(key_path), File.read(cert_path), ca_certs_string)
end
# Returns an array of OpenSSL::X509::Certificate objects, empty array if none found
#
# Ruby OpenSSL::X509::Certificate.new will only load the first
# certificate if a bundle is presented, this allows to parse multiple certs
# in the same file
def self.load_ca_certs_bundle(ca_certs_string)
return [] unless ca_certs_string
ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
OpenSSL::X509::Certificate.new(ca_cert_string)
end
end
def initialize(key, cert, ca_certs = nil)
@key = key
@cert = cert
@ca_certs = ca_certs
end
end
end
end
...@@ -14,15 +14,15 @@ RSpec.describe Gitlab::Email::Hook::SmimeSignatureInterceptor do ...@@ -14,15 +14,15 @@ RSpec.describe Gitlab::Email::Hook::SmimeSignatureInterceptor do
end end
let(:root_certificate) do let(:root_certificate) do
Gitlab::Email::Smime::Certificate.new(@root_ca[:key], @root_ca[:cert]) Gitlab::X509::Certificate.new(@root_ca[:key], @root_ca[:cert])
end end
let(:intermediate_certificate) do let(:intermediate_certificate) do
Gitlab::Email::Smime::Certificate.new(@intermediate_ca[:key], @intermediate_ca[:cert]) Gitlab::X509::Certificate.new(@intermediate_ca[:key], @intermediate_ca[:cert])
end end
let(:certificate) do let(:certificate) do
Gitlab::Email::Smime::Certificate.new(@cert[:key], @cert[:cert], [intermediate_certificate.cert]) Gitlab::X509::Certificate.new(@cert[:key], @cert[:cert], [intermediate_certificate.cert])
end end
let(:mail_body) { "signed hello with Unicode €áø and\r\n newlines\r\n" } let(:mail_body) { "signed hello with Unicode €áø and\r\n newlines\r\n" }
...@@ -36,7 +36,7 @@ RSpec.describe Gitlab::Email::Hook::SmimeSignatureInterceptor do ...@@ -36,7 +36,7 @@ RSpec.describe Gitlab::Email::Hook::SmimeSignatureInterceptor do
end end
before do before do
allow(Gitlab::Email::Smime::Certificate).to receive_messages(from_files: certificate) allow(Gitlab::X509::Certificate).to receive_messages(from_files: certificate)
Mail.register_interceptor(described_class) Mail.register_interceptor(described_class)
mail.deliver_now mail.deliver_now
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe Gitlab::Email::Smime::Certificate do RSpec.describe Gitlab::X509::Certificate do
include SmimeHelper include SmimeHelper
# cert generation is an expensive operation and they are used read-only, # cert generation is an expensive operation and they are used read-only,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment