From 461239db5d87ac584b07b394f894384853e875af Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 17 Aug 2022 23:06:48 +0200
Subject: [PATCH] Fix backend compatibility with OpenSSL 3.0 (#18449)

* Update webpush to fork with OpenSSL 3 compatibility

* Fix tests with OpenSSL 3.0

* Update webauthn gem to latest release and update dependencies
---
 Gemfile                                       |  4 +-
 Gemfile.lock                                  | 44 +++++++++++--------
 .../webauthn_credential_fabricator.rb         |  2 +-
 3 files changed, 28 insertions(+), 22 deletions(-)

diff --git a/Gemfile b/Gemfile
index d21459fcc..cd519111f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -91,8 +91,8 @@ gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2022'
 gem 'webpacker', '~> 5.4'
-gem 'webpush', '~> 0.3'
-gem 'webauthn', '~> 3.0.0.alpha1'
+gem 'webpush', git: 'https://github.com/ClearlyClaire/webpush.git', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
+gem 'webauthn', '~> 2.5'
 
 gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index b08a7ce2e..72c58848e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,3 +1,12 @@
+GIT
+  remote: https://github.com/ClearlyClaire/webpush.git
+  revision: f14a4d52e201128b1b00245d11b6de80d6cfdcd9
+  ref: f14a4d52e201128b1b00245d11b6de80d6cfdcd9
+  specs:
+    webpush (0.3.8)
+      hkdf (~> 0.2)
+      jwt (~> 2.0)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -79,7 +88,7 @@ GEM
     attr_encrypted (3.1.0)
       encryptor (~> 3.0.0)
     attr_required (1.0.1)
-    awrence (1.1.1)
+    awrence (1.2.1)
     aws-eventstream (1.2.0)
     aws-partitions (1.587.0)
     aws-sdk-core (3.130.2)
@@ -168,9 +177,9 @@ GEM
     color_diff (0.1)
     concurrent-ruby (1.1.10)
     connection_pool (2.2.5)
-    cose (1.0.0)
+    cose (1.2.1)
       cbor (~> 0.5.9)
-      openssl-signature_algorithm (~> 0.4.0)
+      openssl-signature_algorithm (~> 1.0)
     crack (0.4.5)
       rexml
     crass (1.0.6)
@@ -338,7 +347,7 @@ GEM
       json-ld (~> 3.2)
       rdf (~> 3.2)
     jsonapi-renderer (0.2.2)
-    jwt (2.2.2)
+    jwt (2.4.1)
     kaminari (1.2.2)
       activesupport (>= 4.1.0)
       kaminari-actionview (= 1.2.2)
@@ -437,8 +446,9 @@ GEM
       validate_email
       validate_url
       webfinger (>= 1.0.1)
-    openssl (2.2.0)
-    openssl-signature_algorithm (0.4.0)
+    openssl (3.0.0)
+    openssl-signature_algorithm (1.2.1)
+      openssl (> 2.0, < 3.1)
     orm_adapter (0.5.0)
     ox (2.14.11)
     parallel (1.22.1)
@@ -599,7 +609,6 @@ GEM
     scenic (1.6.0)
       activerecord (>= 4.0.0)
       railties (>= 4.0.0)
-    securecompare (1.0.0)
     semantic_range (3.0.0)
     sidekiq (6.5.3)
       connection_pool (>= 2.2.2)
@@ -655,9 +664,10 @@ GEM
       climate_control (>= 0.0.3, < 1.0)
     thor (1.2.1)
     tilt (2.0.10)
-    tpm-key_attestation (0.9.0)
+    tpm-key_attestation (0.11.0)
       bindata (~> 2.4)
-      openssl-signature_algorithm (~> 0.4.0)
+      openssl (> 2.0, < 3.1)
+      openssl-signature_algorithm (~> 1.0)
     tty-color (0.6.0)
     tty-cursor (0.7.1)
     tty-prompt (0.23.1)
@@ -688,16 +698,15 @@ GEM
       public_suffix
     warden (1.2.9)
       rack (>= 2.0.9)
-    webauthn (3.0.0.alpha1)
+    webauthn (2.5.2)
       android_key_attestation (~> 0.3.0)
       awrence (~> 1.1)
       bindata (~> 2.4)
       cbor (~> 0.5.9)
-      cose (~> 1.0)
-      openssl (~> 2.0)
+      cose (~> 1.1)
+      openssl (>= 2.2, < 3.1)
       safety_net_attestation (~> 0.4.0)
-      securecompare (~> 1.0)
-      tpm-key_attestation (~> 0.9.0)
+      tpm-key_attestation (~> 0.11.0)
     webfinger (1.2.0)
       activesupport
       httpclient (>= 2.4)
@@ -710,9 +719,6 @@ GEM
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
       semantic_range (>= 2.3.0)
-    webpush (0.3.8)
-      hkdf (~> 0.2)
-      jwt (~> 2.0)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -843,8 +849,8 @@ DEPENDENCIES
   tty-prompt (~> 0.23)
   twitter-text (~> 3.1.0)
   tzinfo-data (~> 1.2022)
-  webauthn (~> 3.0.0.alpha1)
+  webauthn (~> 2.5)
   webmock (~> 3.17)
   webpacker (~> 5.4)
-  webpush (~> 0.3)
+  webpush!
   xorcist (~> 1.1)
diff --git a/spec/fabricators/webauthn_credential_fabricator.rb b/spec/fabricators/webauthn_credential_fabricator.rb
index 496a7a735..ba59ce967 100644
--- a/spec/fabricators/webauthn_credential_fabricator.rb
+++ b/spec/fabricators/webauthn_credential_fabricator.rb
@@ -1,7 +1,7 @@
 Fabricator(:webauthn_credential) do
   user_id { Fabricate(:user).id }
   external_id { Base64.urlsafe_encode64(SecureRandom.random_bytes(16)) }
-  public_key { OpenSSL::PKey::EC.new("prime256v1").generate_key.public_key }
+  public_key { OpenSSL::PKey::EC.generate('prime256v1').public_key }
   nickname 'USB key'
   sign_count 0
 end