./lib/ews/transporter.rb in exact4r-1.2 vs ./lib/ews/transporter.rb in exact4r-1.4
- old
+ new
@@ -1,6 +1,7 @@
require 'net/https'
+require File.dirname(__FILE__) + '/certificate_helper'
module EWS # :nodoc:
# A Transporter is responsible for communicating with the E-xact Web Service in
# whichever dialect is chosen by the user. The available options are:
@@ -13,28 +14,30 @@
# service.
#
# Once configured to connect to a particular service, it can be used repeatedly
# to send as many transactions as required.
class Transporter
+ include CertificateHelper
# Initialize a Transporter.
#
# You can specify the URL you would like the Transporter to connect to, although it defaults
# to https://api.e-xact.com, the location of our transaction processing web service.
#
# You can also specify a hash of options as follows:
# :transport_type the transport_type for this transporter (defaults to :rest)
+ # :server_cert the path to the server's certificate file (defaults to E-xact's Server Cert)
+ # :issuer_cert the path to the issuer's certificate file (defaults to E-xact's Issuer's Cert)
#
# The default certificates are those required to connect to https://api.e-xact.com and the
# default <tt>transport_type</tt> is <tt>:rest</tt>. The default <tt>transport_type</tt> can be overridden on a per-transaction
# basis, if you choose to do so, by specifying it as a parameter to the <tt>submit</tt> method.
def initialize(url = "https://api.e-xact.com", options = {})
@url = URI.parse(url.gsub(/\/$/,''))
@transport_type = options[:transport_type] || :rest
- @@issuer_cert ||= File.dirname(__FILE__)+"/../../certs/valicert_class2_root.crt"
- @@server_cert ||= File.new(File.dirname(__FILE__)+"/../../certs/e-xact.com.crt").read
+ configure_certificates(options)
end
# Submit a transaction request to the server
#
# <tt>transaction</tt>:: the Request object to encode for transmission to the server
@@ -50,11 +53,11 @@
transport_details = @@transport_types[transport_type]
request = build_http_request(transaction, transport_type, transport_details[:suffix])
request.basic_auth(transaction.gateway_id, transaction.password)
request.add_field "Accept", transport_details[:content_type]
- request.add_field "User-Agent", "exact4r v1.2"
+ request.add_field "User-Agent", "exact4r v1.4"
request.add_field "Content-type", "#{transport_details[:content_type]}; charset=UTF-8"
response = get_connection.request(request)
case response
@@ -104,57 +107,12 @@
@connection.set_debug_output $stdout if $DEBUG
if @url.scheme == 'https'
@connection.use_ssl = true
@connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
@connection.verify_callback = method(:validate_certificate)
- @connection.ca_file = @@issuer_cert
+ @connection.ca_file = self.issuer_cert_file
end
@connection
- end
-
- def validate_certificate(is_ok, ctx)
- cert = ctx.current_cert
- return false if cert.nil?
-
- # preverify failed?
- return false unless is_ok
-
- self_signed = false
- ca = false
- pathlen = nil
- server_auth = true
- self_signed = (cert.subject.cmp(cert.issuer) == 0)
-
- # Check extensions for the certificate purpose according to http://www.openssl.org/docs/apps/x509.html (Certificate Extensions) and
- # http://www.ietf.org/rfc/rfc3280.txt.
- cert.extensions.each do |ex|
- case ex.oid
- when 'basicConstraints'
- /CA:(TRUE|FALSE)(?:, pathlen:)*(\d*)/ =~ ex.value
- ca ||= ($1 == 'TRUE')
- pathlen = $2.to_i
- when 'keyUsage'
- usage = ex.value.split(/\s*,\s*/)
- # a CA must have
- ca &&= !usage.grep(/Certificate Sign/i).empty?
- # Server Cert Must have
- server_auth &&= !usage.grep(/Key Encipherment/i).empty?
- when 'extendedKeyUsage'
- usage = ex.value.split(/\s*,\s*/)
- # Server Cert Must have
- server_auth &&= !usage.grep(/TLS Web Server Authentication/i).empty?
- when 'nsCertType'
- usage = ex.value.split(/\s*,\s*/)
- ca ||= !usage.grep(/SSL CA/i).empty?
- server_auth ||= !usage.grep(/SSL Server/i).empty?
- end
- end
-
- # We're looking for the server cert, so accept all CAs (which have already passed pre-verification)
- return true if self_signed || ca
-
- # ensure the server cert is the one we're expecting
- return server_auth && @@server_cert == cert.to_pem
end
# what transport types we support, and their corresponding suffixes
@@transport_types = {
:rest => {:suffix => "xml", :content_type => "application/xml"},