diff options
Diffstat (limited to 'lib/gitlab/x509')
| -rw-r--r-- | lib/gitlab/x509/certificate.rb | 21 | ||||
| -rw-r--r-- | lib/gitlab/x509/commit.rb | 32 | ||||
| -rw-r--r-- | lib/gitlab/x509/signature.rb | 2 |
3 files changed, 22 insertions, 33 deletions
diff --git a/lib/gitlab/x509/certificate.rb b/lib/gitlab/x509/certificate.rb index 752f3c6b004..98688f504eb 100644 --- a/lib/gitlab/x509/certificate.rb +++ b/lib/gitlab/x509/certificate.rb @@ -23,6 +23,18 @@ module Gitlab include ::Gitlab::Utils::StrongMemoize end + def self.default_cert_dir + strong_memoize(:default_cert_dir) do + ENV.fetch('SSL_CERT_DIR', OpenSSL::X509::DEFAULT_CERT_DIR) + end + end + + def self.default_cert_file + strong_memoize(:default_cert_file) do + ENV.fetch('SSL_CERT_FILE', OpenSSL::X509::DEFAULT_CERT_FILE) + end + end + def self.from_strings(key_string, cert_string, ca_certs_string = nil) key = OpenSSL::PKey::RSA.new(key_string) cert = OpenSSL::X509::Certificate.new(cert_string) @@ -39,10 +51,10 @@ module Gitlab # Returns all top-level, readable files in the default CA cert directory def self.ca_certs_paths - cert_paths = Dir["#{OpenSSL::X509::DEFAULT_CERT_DIR}/*"].select do |path| + cert_paths = Dir["#{default_cert_dir}/*"].select do |path| !File.directory?(path) && File.readable?(path) end - cert_paths << OpenSSL::X509::DEFAULT_CERT_FILE if File.exist? OpenSSL::X509::DEFAULT_CERT_FILE + cert_paths << default_cert_file if File.exist? default_cert_file cert_paths end @@ -61,6 +73,11 @@ module Gitlab clear_memoization(:ca_certs_bundle) end + def self.reset_default_cert_paths + clear_memoization(:default_cert_dir) + clear_memoization(:default_cert_file) + end + # Returns an array of OpenSSL::X509::Certificate objects, empty array if none found # # Ruby OpenSSL::X509::Certificate.new will only load the first diff --git a/lib/gitlab/x509/commit.rb b/lib/gitlab/x509/commit.rb index c7f4b7cbdf5..3636e776a44 100644 --- a/lib/gitlab/x509/commit.rb +++ b/lib/gitlab/x509/commit.rb @@ -5,30 +5,10 @@ require 'digest' module Gitlab module X509 class Commit < Gitlab::SignedCommit - def signature - super - - return @signature if @signature - - cached_signature = lazy_signature&.itself - return @signature = cached_signature if cached_signature.present? - - @signature = create_cached_signature! - end - - def update_signature!(cached_signature) - cached_signature.update!(attributes) - @signature = cached_signature - end - private - def lazy_signature - BatchLoader.for(@commit.sha).batch do |shas, loader| - CommitSignatures::X509CommitSignature.by_commit_sha(shas).each do |signature| - loader.call(signature.commit_sha, signature) - end - end + def signature_class + CommitSignatures::X509CommitSignature end def attributes @@ -45,14 +25,6 @@ module Gitlab verification_status: signature.verification_status } end - - def create_cached_signature! - return if attributes.nil? - - return CommitSignatures::X509CommitSignature.new(attributes) if Gitlab::Database.read_only? - - CommitSignatures::X509CommitSignature.safe_create!(attributes) - end end end end diff --git a/lib/gitlab/x509/signature.rb b/lib/gitlab/x509/signature.rb index a6761e211fa..8acbfc144e9 100644 --- a/lib/gitlab/x509/signature.rb +++ b/lib/gitlab/x509/signature.rb @@ -59,7 +59,7 @@ module Gitlab if Feature.enabled?(:x509_forced_cert_loading, type: :ops) # Forcibly load the default cert file because the OpenSSL library seemingly ignores it - store.add_file(OpenSSL::X509::DEFAULT_CERT_FILE) if File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) + store.add_file(Gitlab::X509::Certificate.default_cert_file) if File.exist?(Gitlab::X509::Certificate.default_cert_file) # rubocop:disable Layout/LineLength end # valid_signing_time? checks the time attributes already |