Skip to content
Snippets Groups Projects

feat: smime signed notification emails

Compare and Show latest version
5 files
+ 131
82
Compare changes
  • Side-by-side
  • Inline
Files
5
# frozen_string_literal: true
module Gitlab
module Email
module Smime
class Certificate
include OpenSSL
INFINITE_EXPIRY = 1000.years
SHORT_EXPIRY = 30.minutes
attr_reader :key, :cert
def key_string
@@ -28,56 +26,6 @@ def self.from_files(key_path, cert_path)
from_strings(File.read(key_path), File.read(cert_path))
end
def self.generate_root
_issue(signed_by: nil, expires_in: INFINITE_EXPIRY, certificate_authority: true)
end
def issue(expires_in: SHORT_EXPIRY)
self.class._issue(signed_by: self, expires_in: expires_in, certificate_authority: false)
end
private
def self._issue(email_address: 'test@example.com', signed_by:, expires_in:, certificate_authority:)
key = OpenSSL::PKey::RSA.new(4096)
public_key = key.public_key
subject = if certificate_authority
OpenSSL::X509::Name.parse("/CN=EU")
else
OpenSSL::X509::Name.parse("/CN=#{email_address}")
end
cert = OpenSSL::X509::Certificate.new
cert.subject = subject
cert.issuer = signed_by&.cert&.subject || subject
cert.not_before = Time.now
cert.not_after = expires_in.from_now
cert.public_key = public_key
cert.serial = 0x0
cert.version = 2
extension_factory = OpenSSL::X509::ExtensionFactory.new
if certificate_authority
extension_factory.subject_certificate = cert
extension_factory.issuer_certificate = cert
cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash'))
cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:TRUE', true))
cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true))
else
cert.add_extension(extension_factory.create_extension('subjectAltName', "email:#{email_address}", false))
cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:FALSE', true))
cert.add_extension(extension_factory.create_extension('keyUsage', 'digitalSignature,keyEncipherment', true))
cert.add_extension(extension_factory.create_extension('extendedKeyUsage', 'clientAuth,emailProtection', false))
end
cert.sign(signed_by&.key || key, OpenSSL::Digest::SHA256.new)
new(key, cert)
end
def initialize(key, cert)
@key = key
@cert = cert
Loading