debian-mirror-gitlab/lib/gitlab/email/smime/signer.rb

# frozen_string_literal: true

require 'openssl'

module Gitlab
  module Email
    module Smime
      # Tooling for signing and verifying data with SMIME
      class Signer
        def self.sign(cert:, key:, data:)
          signed_data = OpenSSL::PKCS7.sign(cert, key, data, nil, OpenSSL::PKCS7::DETACHED)
          OpenSSL::PKCS7.write_smime(signed_data)
        end

        # return nil if data cannot be verified, otherwise the signed content data
        def self.verify_signature(cert:, ca_cert: nil, signed_data:)
          store = OpenSSL::X509::Store.new
          store.set_default_paths
          store.add_cert(ca_cert) if ca_cert

          signed_smime = OpenSSL::PKCS7.read_smime(signed_data)
          signed_smime if signed_smime.verify([cert], store)
        end
      end
    end
  end
end
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# frozen_string_literal: true`

			`require 'openssl'`

			`module Gitlab`
			`module Email`
			`module Smime`
			`# Tooling for signing and verifying data with SMIME`
			`class Signer`
			`def self.sign(cert:, key:, data:)`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`signed_data = OpenSSL::PKCS7.sign(cert, key, data, nil, OpenSSL::PKCS7::DETACHED)`
			`OpenSSL::PKCS7.write_smime(signed_data)`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`end`

			`# return nil if data cannot be verified, otherwise the signed content data`
			`def self.verify_signature(cert:, ca_cert: nil, signed_data:)`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`store = OpenSSL::X509::Store.new`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`store.set_default_paths`
			`store.add_cert(ca_cert) if ca_cert`

New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`signed_smime = OpenSSL::PKCS7.read_smime(signed_data)`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`signed_smime if signed_smime.verify([cert], store)`
			`end`
			`end`
			`end`
			`end`
			`end`