Sha256: 0ebac0f363b2e1d404ab3e0bdda1eb3e40ee867e7cc35019485513a55dca48b9

Contents?: true

Size: 1.02 KB

Versions: 14

Compression:

Stored size: 1.02 KB

Contents

require "openssl"

module Berkshelf
  class SSLPolicy

    # @return [Store]
    #   Holds trusted CA certificates used to verify peer certificates
    attr_reader :store

    def initialize
      @store = OpenSSL::X509::Store.new.tap do |store|
        store.set_default_paths
      end

      set_custom_certs if ::File.exist?(trusted_certs_dir)
    end

    def add_trusted_cert(cert)
      @store.add_cert(cert)
    rescue OpenSSL::X509::StoreError => e
      raise e unless e.message == "cert already in hash table"
    end

    def trusted_certs_dir
      config_dir = Berkshelf.config.chef.trusted_certs_dir.to_s.tr('\\', "/")
      if config_dir.empty? || !::File.exist?(config_dir)
        File.join(ENV["HOME"], ".chef", "trusted_certs")
      else
        config_dir
      end
    end

    def set_custom_certs
      Dir.chdir(trusted_certs_dir) do
        ::Dir.glob("{*.crt,*.pem}").each do |cert|
          cert = OpenSSL::X509::Certificate.new(IO.read(cert))
          add_trusted_cert(cert)
        end
      end
    end
  end
end

Version data entries

14 entries across 14 versions & 1 rubygems

Version Path
berkshelf-7.0.8 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.7 lib/berkshelf/ssl_policies.rb
berkshelf-6.3.4 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.6 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.5 lib/berkshelf/ssl_policies.rb
berkshelf-6.3.3 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.4 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.3 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.2 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.1 lib/berkshelf/ssl_policies.rb
berkshelf-7.0.0 lib/berkshelf/ssl_policies.rb
berkshelf-6.3.2 lib/berkshelf/ssl_policies.rb
berkshelf-6.3.1 lib/berkshelf/ssl_policies.rb
berkshelf-6.3.0 lib/berkshelf/ssl_policies.rb