Class: Berkshelf::SSLPolicy

Inherits:
Object
  • Object
show all
Defined in:
lib/berkshelf/ssl_policies.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeSSLPolicy

Returns a new instance of SSLPolicy.



10
11
12
13
14
 
# File 'lib/berkshelf/ssl_policies.rb', line 10

def initialize
  @store = OpenSSL::X509::Store.new.tap(&:set_default_paths)

  set_custom_certs if ::File.exist?(trusted_certs_dir)
end

Instance Attribute Details

#storeStore (readonly)

Returns Holds trusted CA certificates used to verify peer certificates.

Returns:

  • (Store)

    Holds trusted CA certificates used to verify peer certificates



8
9
10
 
# File 'lib/berkshelf/ssl_policies.rb', line 8

def store
  @store
end

Instance Method Details

#add_trusted_cert(cert) ⇒ Object 



16
17
18
19
20
 
# File 'lib/berkshelf/ssl_policies.rb', line 16

def add_trusted_cert(cert)
  @store.add_cert(cert)
rescue OpenSSL::X509::StoreError => e
  raise e unless e.message == "cert already in hash table"
end

#set_custom_certsObject 



31
32
33
34
35
36
37
38
 
# File 'lib/berkshelf/ssl_policies.rb', line 31

def set_custom_certs
  Dir.chdir(trusted_certs_dir) do
    ::Dir.glob("{*.crt,*.pem}").each do |cert|
      cert = OpenSSL::X509::Certificate.new(IO.read(cert))
      add_trusted_cert(cert)
    end
  end
end

#trusted_certs_dirObject 



22
23
24
25
26
27
28
29
 
# File 'lib/berkshelf/ssl_policies.rb', line 22

def trusted_certs_dir
  config_dir = Berkshelf.config.chef.trusted_certs_dir.to_s.tr('\\', "/")
  if config_dir.empty? || !::File.exist?(config_dir)
    File.join(ENV["HOME"], ".chef", "trusted_certs")
  else
    config_dir
  end
end