class Chef::HTTP::DefaultSSLPolicy
Chef::HTTP::DefaultSSLPolicy
¶ ↑
Configures SSL behavior on an HTTP
object via visitor pattern.
Attributes
http_client[R]
Public Class Methods
apply_to(http_client)
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 34 def self.apply_to(http_client) new(http_client).apply http_client end
new(http_client)
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 41 def initialize(http_client) @http_client = http_client end
Public Instance Methods
apply()
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 45 def apply set_verify_mode set_ca_store set_custom_certs set_client_credentials end
config()
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 126 def config Chef::Config end
set_ca_store()
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 60 def set_ca_store if config[:ssl_ca_path] unless ::File.exist?(config[:ssl_ca_path]) raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_path #{config[:ssl_ca_path]} does not exist" end http_client.ca_path = config[:ssl_ca_path] elsif config[:ssl_ca_file] unless ::File.exist?(config[:ssl_ca_file]) raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{config[:ssl_ca_file]} does not exist" end http_client.ca_file = config[:ssl_ca_file] elsif ENV["SSL_CERT_FILE"] unless ::File.exist?(ENV["SSL_CERT_FILE"]) raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{ENV["SSL_CERT_FILE"]} does not exist" end http_client.ca_file = ENV["SSL_CERT_FILE"] end end
set_client_credentials()
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 100 def set_client_credentials return unless config[:ssl_client_cert] || config[:ssl_client_key] unless config[:ssl_client_cert] && config[:ssl_client_key] raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together" end unless ::File.exists?(config[:ssl_client_cert]) raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist" end unless ::File.exists?(config[:ssl_client_key]) raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist" end begin http_client.cert = OpenSSL::X509::Certificate.new(::File.binread(config[:ssl_client_cert])) rescue OpenSSL::X509::CertificateError => e raise Chef::Exceptions::ConfigurationError, "Error reading cert file '#{config[:ssl_client_cert]}', original error '#{e.class}: #{e.message}'" end begin http_client.key = OpenSSL::PKey::RSA.new(::File.binread(config[:ssl_client_key])) rescue OpenSSL::PKey::RSAError => e raise Chef::Exceptions::ConfigurationError, "Error reading key file '#{config[:ssl_client_key]}', original error '#{e.class}: #{e.message}'" end end
set_custom_certs()
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 82 def set_custom_certs unless http_client.cert_store http_client.cert_store = OpenSSL::X509::Store.new http_client.cert_store.set_default_paths end if config.trusted_certs_dir certs = Dir.glob(::File.join(Chef::Util::PathHelper.escape_glob_dir(config.trusted_certs_dir), "*.{crt,pem}")) certs.each do |cert_file| cert = begin OpenSSL::X509::Certificate.new(::File.binread(cert_file)) rescue OpenSSL::X509::CertificateError => e raise Chef::Exceptions::ConfigurationError, "Error reading cert file '#{cert_file}', original error '#{e.class}: #{e.message}'" end add_trusted_cert(cert) end end end
set_verify_mode()
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 52 def set_verify_mode if config[:ssl_verify_mode] == :verify_none http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE elsif config[:ssl_verify_mode] == :verify_peer http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER end end
Private Instance Methods
add_trusted_cert(cert)
click to toggle source
# File lib/chef/http/ssl_policies.rb, line 132 def add_trusted_cert(cert) http_client.cert_store.add_cert(cert) rescue OpenSSL::X509::StoreError => e raise e unless e.message == "cert already in hash table" end