Class: Gitlab::SecretDetection::Utils::X509::Certificate

Inherits:

Object

• Object
• Gitlab::SecretDetection::Utils::X509::Certificate

Extended by:

StrongMemoize

Defined in:

lib/gitlab/secret_detection/utils/certificate.rb

Overview

Pulled from Gitlab.com source Link: gitlab.com/gitlab-org/gitlab/-/blob/4713a798f997389f04e442db3d1d8349a39d5d46/lib/gitlab/x509/certificate.rb

Constant Summary

CERT_REGEX =

/-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/

Instance Attribute Summary

• #ca_certs ⇒ Object readonly

  Returns the value of attribute ca_certs.

• #cert ⇒ Object readonly

  Returns the value of attribute cert.

• #key ⇒ Object readonly

  Returns the value of attribute key.

Class Method Summary

• .ca_certs_bundle ⇒ Object

  Returns a concatenated array of Strings, each being a PEM-coded CA certificate.

• .ca_certs_paths ⇒ Object

  Returns all top-level, readable files in the default CA cert directory.

• .default_cert_dir ⇒ Object
• .default_cert_file ⇒ Object
• .from_files(key_path, cert_path, ca_certs_path = nil) ⇒ Object
• .from_strings(key_string, cert_string, ca_certs_string = nil) ⇒ Object
• .load_ca_certs_bundle(ca_certs_string) ⇒ Object

  Returns an array of OpenSSL::X509::Certificate objects, empty array if none found.

• .reset_ca_certs_bundle ⇒ Object
• .reset_default_cert_paths ⇒ Object

Instance Method Summary

• #ca_certs_string ⇒ Object
• #cert_string ⇒ Object
• #initialize(key, cert, ca_certs = nil) ⇒ Certificate constructor

  A new instance of Certificate.

• #key_string ⇒ Object

Methods included from StrongMemoize

clear_memoization, included, normalize_key, strong_memoize, strong_memoize_with, strong_memoize_with_expiration, strong_memoized?

Constructor Details

#initialize(key, cert, ca_certs = nil) ⇒ Certificate

Returns a new instance of Certificate.

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 83

def initialize(key, cert, ca_certs = nil)
  @key = key
  @cert = cert
  @ca_certs = ca_certs
end

Instance Attribute Details

#ca_certs ⇒ Object (readonly)

Returns the value of attribute ca_certs.

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 15

def ca_certs
  @ca_certs
end

#cert ⇒ Object (readonly)

Returns the value of attribute cert.

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 15

def cert
  @cert
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 15

def key
  @key
end

Class Method Details

.ca_certs_bundle ⇒ Object

Returns a concatenated array of Strings, each being a PEM-coded CA certificate.

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 53

def self.ca_certs_bundle
  strong_memoize(:ca_certs_bundle) do
    ca_certs_paths.flat_map do |cert_file|
      load_ca_certs_bundle(File.read(cert_file))
    end.uniq.join("\n")
  end
end

.ca_certs_paths ⇒ Object

Returns all top-level, readable files in the default CA cert directory

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 44

def self.ca_certs_paths
  cert_paths = Dir["#{default_cert_dir}/*"].select do |path|
    !File.directory?(path) && File.readable?(path)
  end
  cert_paths << default_cert_file if File.exist? default_cert_file
  cert_paths
end

.default_cert_dir ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 17

def self.default_cert_dir
  strong_memoize(:default_cert_dir) do
    ENV.fetch('SSL_CERT_DIR', OpenSSL::X509::DEFAULT_CERT_DIR)
  end
end

.default_cert_file ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 23

def self.default_cert_file
  strong_memoize(:default_cert_file) do
    ENV.fetch('SSL_CERT_FILE', OpenSSL::X509::DEFAULT_CERT_FILE)
  end
end

.from_files(key_path, cert_path, ca_certs_path = nil) ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 37

def self.from_files(key_path, cert_path, ca_certs_path = nil)
  ca_certs_string = File.read(ca_certs_path) if ca_certs_path

  from_strings(File.read(key_path), File.read(cert_path), ca_certs_string)
end

.from_strings(key_string, cert_string, ca_certs_string = nil) ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 29

def self.from_strings(key_string, cert_string, ca_certs_string = nil)
  key = OpenSSL::PKey::RSA.new(key_string)
  cert = OpenSSL::X509::Certificate.new(cert_string)
  ca_certs = load_ca_certs_bundle(ca_certs_string)

  new(key, cert, ca_certs)
end

.load_ca_certs_bundle(ca_certs_string) ⇒ Object

Returns an array of OpenSSL::X509::Certificate objects, empty array if none found

Ruby OpenSSL::X509::Certificate.new will only load the first certificate if a bundle is presented, this allows to parse multiple certs in the same file

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 75

def self.load_ca_certs_bundle(ca_certs_string)
  return [] unless ca_certs_string

  ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
    OpenSSL::X509::Certificate.new(ca_cert_string)
  end
end

.reset_ca_certs_bundle ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 61

def self.reset_ca_certs_bundle
  clear_memoization(:ca_certs_bundle)
end

.reset_default_cert_paths ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 65

def self.reset_default_cert_paths
  clear_memoization(:default_cert_dir)
  clear_memoization(:default_cert_file)
end

Instance Method Details

#ca_certs_string ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 97

def ca_certs_string
  ca_certs&.map(&:to_pem)&.join('\n') unless ca_certs.blank?
end

#cert_string ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 93

def cert_string
  cert.to_pem
end

#key_string ⇒ Object

# File 'lib/gitlab/secret_detection/utils/certificate.rb', line 89

def key_string
  key.to_s
end