Module: OneviewSDK::SSLHelper

Defined in:
lib/oneview-sdk/ssl_helper.rb

Overview

SSL certificate helper

Constant Summary collapse

CERT_STORE =
File.join(Dir.home, '/.oneview-sdk-ruby/trusted_certs.cer')

Class Method Summary collapse

Class Method Details

.check_cert(url) ⇒ Boolean

Check to see if the OneView instance's certificate is trusted

Parameters:

  • url (String)

    URL for the OneView Instance to be added

Returns:

  • (Boolean)

    Whether or not certificate is trusted

Raises:


43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/oneview-sdk/ssl_helper.rb', line 43

def self.check_cert(url)
  uri = URI.parse(URI.escape(url))
  raise InvalidURL, "Invalid url '#{url}'" unless uri.host
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true if uri.scheme == 'https'
  trusted_certs = load_trusted_certs
  http.cert_store = trusted_certs if trusted_certs
  http.request(Net::HTTP::Get.new(uri.request_uri))
  true
rescue OpenSSL::SSL::SSLError
  false
end

.install_cert(url) ⇒ Object

Fetch and add the SSL certificate for the OneView instance to the trusted certs store.

Creates/modifies file at ~/.oneview-sdk-ruby/trusted_certs.cer

Parameters:

  • url (String)

    URL for the OneView Instance to be added

Raises:


60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/oneview-sdk/ssl_helper.rb', line 60

def self.install_cert(url)
  uri = URI.parse(URI.escape(url))
  raise InvalidURL, "Invalid url '#{url}'" unless uri.host
  options = { use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_NONE }
  pem = Net::HTTP.start(uri.host, uri.port, options) do |http|
    http.peer_cert.to_pem
  end
  raise "Could not download cert from #{url}. You may have to do it manually, and append it to '#{CERT_STORE}'" if pem.nil?

  name = "OneView at #{url}"
  content = "\n#{name}\n"
  content << "#{'=' * name.length}\n"
  content << pem

  cert_dir = File.dirname(CERT_STORE)
  Dir.mkdir(cert_dir) unless File.directory?(cert_dir)
  if File.file?(CERT_STORE) && File.read(CERT_STORE).include?(pem)
    puts 'Cert store already contains this certificate. Skipped!'
    false
  else
    File.open(CERT_STORE, 'a') { |f| f.write content }
    puts "Cert added to '#{CERT_STORE}'. Cert Info: #{content}"
    true
  end
end

.load_trusted_certsX509::Store

Load any trusted certs and add them to the default SSL cert store.

Looks for a file at ~/.oneview-sdk-ruby/trusted_certs.cer
Note: File must be readable and parseable by X509::Store.add_file method

Returns:

  • (X509::Store)

    cert_store


25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/oneview-sdk/ssl_helper.rb', line 25

def self.load_trusted_certs
  store = OpenSSL::X509::Store.new
  store.set_default_paths
  begin
    store.add_file(CERT_STORE) if File.file?(CERT_STORE)
  rescue StandardError => e
    puts "WARNING: Failed to load certificate store file at #{CERT_STORE} \n  Message: #{e.message}"
  end
  store
rescue StandardError => e
  puts "WARNING: Failure in #{self}##{__method__} \n  Message: #{e.message}"
  nil
end