debian-mirror-gitlab/lib/gitlab/email/smime/signer.rb

28 lines
810 B
Ruby
Raw Normal View History

2019-12-04 20:38:33 +05:30
# frozen_string_literal: true
require 'openssl'
module Gitlab
module Email
module Smime
# Tooling for signing and verifying data with SMIME
class Signer
def self.sign(cert:, key:, data:)
2020-03-09 13:42:32 +05:30
signed_data = OpenSSL::PKCS7.sign(cert, key, data, nil, OpenSSL::PKCS7::DETACHED)
OpenSSL::PKCS7.write_smime(signed_data)
2019-12-04 20:38:33 +05:30
end
# return nil if data cannot be verified, otherwise the signed content data
def self.verify_signature(cert:, ca_cert: nil, signed_data:)
2020-03-09 13:42:32 +05:30
store = OpenSSL::X509::Store.new
2019-12-04 20:38:33 +05:30
store.set_default_paths
store.add_cert(ca_cert) if ca_cert
2020-03-09 13:42:32 +05:30
signed_smime = OpenSSL::PKCS7.read_smime(signed_data)
2019-12-04 20:38:33 +05:30
signed_smime if signed_smime.verify([cert], store)
end
end
end
end
end