Class: Chef::HTTP::DefaultSSLPolicy

Inherits:

Object

• Object
• Chef::HTTP::DefaultSSLPolicy

Defined in:

lib/chef/http/ssl_policies.rb

Overview

Chef::HTTP::DefaultSSLPolicy

Configures SSL behavior on an HTTP object via visitor pattern.

Direct Known Subclasses

APISSLPolicy

Instance Attribute Summary

• #http_client ⇒ Object readonly

  Returns the value of attribute http_client.

Class Method Summary

• .apply_to(http_client) ⇒ Object

Instance Method Summary

• #apply ⇒ Object
• #config ⇒ Object
• #initialize(http_client) ⇒ DefaultSSLPolicy constructor

  A new instance of DefaultSSLPolicy.

• #set_ca_store ⇒ Object
• #set_client_credentials ⇒ Object
• #set_custom_certs ⇒ Object
• #set_verify_mode ⇒ Object

Constructor Details

#initialize(http_client) ⇒ DefaultSSLPolicy

Returns a new instance of DefaultSSLPolicy.

# File 'lib/chef/http/ssl_policies.rb', line 41

def initialize(http_client)
  @http_client = http_client
end

Instance Attribute Details

#http_client ⇒ Object (readonly)

Returns the value of attribute http_client.

# File 'lib/chef/http/ssl_policies.rb', line 39

def http_client
  @http_client
end

Class Method Details

.apply_to(http_client) ⇒ Object

# File 'lib/chef/http/ssl_policies.rb', line 34

def self.apply_to(http_client)
  new(http_client).apply
  http_client
end

Instance Method Details

#apply ⇒ Object

# File 'lib/chef/http/ssl_policies.rb', line 45

def apply
  set_verify_mode
  set_ca_store
  set_custom_certs
  set_client_credentials
end

#config ⇒ Object

# File 'lib/chef/http/ssl_policies.rb', line 107

def config
  Chef::Config
end

#set_ca_store ⇒ Object

# File 'lib/chef/http/ssl_policies.rb', line 60

def set_ca_store
  if config[:ssl_ca_path]
    unless ::File.exist?(config[:ssl_ca_path])
      raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_path #{config[:ssl_ca_path]} does not exist"
    end

    http_client.ca_path = config[:ssl_ca_path]
  elsif config[:ssl_ca_file]
    unless ::File.exist?(config[:ssl_ca_file])
      raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{config[:ssl_ca_file]} does not exist"
    end

    http_client.ca_file = config[:ssl_ca_file]
  end
end

#set_client_credentials ⇒ Object

# File 'lib/chef/http/ssl_policies.rb', line 90

def set_client_credentials
  if config[:ssl_client_cert] || config[:ssl_client_key]
    unless config[:ssl_client_cert] && config[:ssl_client_key]
      raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together"
    end
    unless ::File.exists?(config[:ssl_client_cert])
      raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist"
    end
    unless ::File.exists?(config[:ssl_client_key])
      raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
    end

    http_client.cert = OpenSSL::X509::Certificate.new(::File.read(config[:ssl_client_cert]))
    http_client.key = OpenSSL::PKey::RSA.new(::File.read(config[:ssl_client_key]))
  end
end

#set_custom_certs ⇒ Object

# File 'lib/chef/http/ssl_policies.rb', line 76

def set_custom_certs
  unless http_client.cert_store
    http_client.cert_store = OpenSSL::X509::Store.new
    http_client.cert_store.set_default_paths
  end
  if config.trusted_certs_dir
    certs = Dir.glob(File.join(Chef::Util::PathHelper.escape_glob_dir(config.trusted_certs_dir), "*.{crt,pem}"))
    certs.each do |cert_file|
      cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
      add_trusted_cert(cert)
    end
  end
end

#set_verify_mode ⇒ Object

# File 'lib/chef/http/ssl_policies.rb', line 52

def set_verify_mode
  if config[:ssl_verify_mode] == :verify_none
    http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
  elsif config[:ssl_verify_mode] == :verify_peer
    http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
  end
end