blob: db03e383ecf3dfde472f73e6630b6db68ede30d1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# frozen_string_literal: true
require 'openssl'
module Gitlab
module Email
module Smime
# Tooling for signing and verifying data with SMIME
class Signer
def self.sign(cert:, key:, data:)
signed_data = OpenSSL::PKCS7.sign(cert, key, data, nil, OpenSSL::PKCS7::DETACHED)
OpenSSL::PKCS7.write_smime(signed_data)
end
# return nil if data cannot be verified, otherwise the signed content data
def self.verify_signature(cert:, ca_cert: nil, signed_data:)
store = OpenSSL::X509::Store.new
store.set_default_paths
store.add_cert(ca_cert) if ca_cert
signed_smime = OpenSSL::PKCS7.read_smime(signed_data)
signed_smime if signed_smime.verify([cert], store)
end
end
end
end
end
|