Class: Berkshelf::SSLPolicy

Inherits:

Object

• Object
• Berkshelf::SSLPolicy

Defined in:

lib/berkshelf/ssl_policies.rb

Instance Attribute Summary

• #store ⇒ Store readonly

  Holds trusted CA certificates used to verify peer certificates.

Instance Method Summary

• #add_trusted_cert(cert) ⇒ Object
• #initialize ⇒ SSLPolicy constructor

  A new instance of SSLPolicy.

• #set_custom_certs ⇒ Object
• #trusted_certs_dir ⇒ Object

Constructor Details

#initialize ⇒ SSLPolicy

Returns a new instance of SSLPolicy.

# File 'lib/berkshelf/ssl_policies.rb', line 10

def initialize
  @store = OpenSSL::X509::Store.new.tap(&:set_default_paths)

  set_custom_certs if ::File.exist?(trusted_certs_dir)
end

Instance Attribute Details

#store ⇒ Store (readonly)

Returns Holds trusted CA certificates used to verify peer certificates.

Returns:

• (Store) —

  Holds trusted CA certificates used to verify peer certificates

# File 'lib/berkshelf/ssl_policies.rb', line 8

def store
  @store
end

Instance Method Details

#add_trusted_cert(cert) ⇒ Object

# File 'lib/berkshelf/ssl_policies.rb', line 16

def add_trusted_cert(cert)
  @store.add_cert(cert)
rescue OpenSSL::X509::StoreError => e
  raise e unless e.message.match(/cert already in hash table/)
end

#set_custom_certs ⇒ Object

# File 'lib/berkshelf/ssl_policies.rb', line 31

def set_custom_certs
  ::Dir.glob("#{trusted_certs_dir}/{*.crt,*.pem}").each do |cert|
    cert = OpenSSL::X509::Certificate.new(IO.read(cert))
    add_trusted_cert(cert)
  end
end

#trusted_certs_dir ⇒ Object

# File 'lib/berkshelf/ssl_policies.rb', line 22

def trusted_certs_dir
  config_dir = Berkshelf.config.chef.trusted_certs_dir.to_s.tr("\\", "/")
  if config_dir.empty? || !::File.exist?(config_dir)
    File.join(ENV["HOME"], ".chef", "trusted_certs")
  else
    config_dir
  end
end