refactor: bump min supported openssl-ruby from v2.0 to v2.1

cedarcode · Oct 17, 2020 · 2cbdaad · 2cbdaad
1 parent c2c9556
commit 2cbdaad
Show file tree

Hide file tree

Showing 9 changed files with 29 additions and 93 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -14,7 +14,6 @@ gemfile:
  - gemfiles/openssl_head.gemfile
  - gemfiles/openssl_2_2.gemfile
  - gemfiles/openssl_2_1.gemfile
- - gemfiles/openssl_2_0.gemfile
 
 matrix:
  fast_finish: true

diff --git a/Appraisals b/Appraisals
@@ -15,7 +15,3 @@ end
 appraise "openssl_2_1" do
  gem "openssl", "~> 2.1.0"
 end
-
-appraise "openssl_2_0" do
- gem "openssl", "~> 2.0.0"
-end
diff --git a/gemfiles/openssl_2_0.gemfile b/gemfiles/openssl_2_0.gemfile
diff --git a/lib/webauthn/relying_party.rb b/lib/webauthn/relying_party.rb
@@ -9,11 +9,7 @@ module WebAuthn
  class RootCertificateFinderNotSupportedError < Error; end
 
  class RelyingParty
- def self.if_pss_supported(algorithm)
- OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss) ? algorithm : nil
- end
-
- DEFAULT_ALGORITHMS = ["ES256", if_pss_supported("PS256"), "RS256"].compact.freeze
+ DEFAULT_ALGORITHMS = ["ES256", "PS256", "RS256"].compact.freeze
 
  def initialize(
  algorithms: DEFAULT_ALGORITHMS.dup,

diff --git a/spec/webauthn/attestation_statement/tpm_spec.rb b/spec/webauthn/attestation_statement/tpm_spec.rb
@@ -265,12 +265,6 @@
  end
 
  context "when RSA PSS algorithm" do
- before do
- unless OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss)
- skip "Ruby OpenSSL gem #{OpenSSL::VERSION} do not support RSASSA-PSS"
- end
- end
-
  let(:algorithm) { -37 }
  let(:signature) do
  aik.sign_pss("SHA256", cert_info, salt_length: :max, mgf1_hash: "SHA256")

diff --git a/spec/webauthn/credential_creation_options_spec.rb b/spec/webauthn/credential_creation_options_spec.rb
@@ -18,19 +18,11 @@
  it "has default public key params" do
  params = creation_options.pub_key_cred_params
 
- array =
- if OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss)
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -37 },
- { type: "public-key", alg: -257 },
- ]
- else
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -257 },
- ]
- end
+ array = [
+ { type: "public-key", alg: -7 },
+ { type: "public-key", alg: -37 },
+ { type: "public-key", alg: -257 },
+ ]
 
  expect(params).to match_array(array)
  end
@@ -43,21 +35,12 @@
  it "is added to public key params" do
  params = creation_options.pub_key_cred_params
 
- array =
- if OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss)
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -37 },
- { type: "public-key", alg: -257 },
- { type: "public-key", alg: -65535 },
- ]
- else
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -257 },
- { type: "public-key", alg: -65535 },
- ]
- end
+ array = [
+ { type: "public-key", alg: -7 },
+ { type: "public-key", alg: -37 },
+ { type: "public-key", alg: -257 },
+ { type: "public-key", alg: -65535 },
+ ]
 
  expect(params).to match_array(array)
  end

diff --git a/spec/webauthn/public_key_credential/creation_options_spec.rb b/spec/webauthn/public_key_credential/creation_options_spec.rb
@@ -21,19 +21,11 @@
  it "has default public key params" do
  params = creation_options.pub_key_cred_params
 
- array =
- if OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss)
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -37 },
- { type: "public-key", alg: -257 },
- ]
- else
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -257 },
- ]
- end
+ array = [
+ { type: "public-key", alg: -7 },
+ { type: "public-key", alg: -37 },
+ { type: "public-key", alg: -257 },
+ ]
 
  expect(params).to match_array(array)
  end
@@ -46,21 +38,12 @@
  it "is added to public key params" do
  params = creation_options.pub_key_cred_params
 
- array =
- if OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss)
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -37 },
- { type: "public-key", alg: -257 },
- { type: "public-key", alg: -65535 },
- ]
- else
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -257 },
- { type: "public-key", alg: -65535 },
- ]
- end
+ array = [
+ { type: "public-key", alg: -7 },
+ { type: "public-key", alg: -37 },
+ { type: "public-key", alg: -257 },
+ { type: "public-key", alg: -65535 },
+ ]
 
  expect(params).to match_array(array)
  end

diff --git a/spec/webauthn_spec.rb b/spec/webauthn_spec.rb
@@ -19,19 +19,11 @@
  it "has public key params" do
  params = @credential_creation_options[:pubKeyCredParams]
 
- array =
- if OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss)
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -37 },
- { type: "public-key", alg: -257 },
- ]
- else
- [
- { type: "public-key", alg: -7 },
- { type: "public-key", alg: -257 },
- ]
- end
+ array = [
+ { type: "public-key", alg: -7 },
+ { type: "public-key", alg: -37 },
+ { type: "public-key", alg: -257 },
+ ]
 
  expect(params).to match_array(array)
  end

diff --git a/webauthn.gemspec b/webauthn.gemspec
@@ -38,7 +38,7 @@ Gem::Specification.new do |spec|
  spec.add_dependency "bindata", "~> 2.4"
  spec.add_dependency "cbor", "~> 0.5.9"
  spec.add_dependency "cose", "~> 1.1"
- spec.add_dependency "openssl", "~> 2.0"
+ spec.add_dependency "openssl", "~> 2.1"
  spec.add_dependency "safety_net_attestation", "~> 0.4.0"
  spec.add_dependency "securecompare", "~> 1.0"
  spec.add_dependency "tpm-key_attestation", "~> 0.10.0"