Module: OneviewSDK::SSLHelper
- Defined in:
- lib/oneview-sdk/ssl_helper.rb
Overview
SSL Certificate helper
Constant Summary collapse
- CERT_STORE =
File.join(Dir.home, '/.oneview-sdk-ruby/trusted_certs.cer')
Class Method Summary collapse
-
.check_cert(url) ⇒ Boolean
Check to see if a OneView instance’s certificate is trusted.
-
.install_cert(url) ⇒ Object
Fetch and add the ssl certificate of a OneView instance to the trusted certs store.
-
.load_trusted_certs ⇒ X509::Store
Load any trusted certs and add them to the default SSL cert store.
Class Method Details
.check_cert(url) ⇒ Boolean
Check to see if a OneView instance’s certificate is trusted
32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/oneview-sdk/ssl_helper.rb', line 32 def self.check_cert(url) uri = URI.parse(URI.escape(url)) fail "Invalid url '#{url}'" unless uri.host http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true if uri.scheme == 'https' trusted_certs = load_trusted_certs http.cert_store = trusted_certs if trusted_certs http.request(Net::HTTP::Get.new(uri.request_uri)) true rescue OpenSSL::SSL::SSLError false end |
.install_cert(url) ⇒ Object
Fetch and add the ssl certificate of a OneView instance to the trusted certs store.
Creates/modifies file at ~/.oneview-sdk-ruby/trusted_certs.cer
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/oneview-sdk/ssl_helper.rb', line 49 def self.install_cert(url) uri = URI.parse(URI.escape(url)) fail "Invalid url '#{url}'" unless uri.host = { use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_NONE } pem = Net::HTTP.start(uri.host, uri.port, ) do |http| http.peer_cert.to_pem end fail "Could not download cert from #{url}. You may have to do it manually, and append it to '#{CERT_STORE}'" if pem.nil? name = "OneView at #{url}" content = "\n#{name}\n" content << "#{'=' * name.length}\n" content << pem cert_dir = File.dirname(CERT_STORE) Dir.mkdir(cert_dir) unless File.directory?(cert_dir) if File.file?(CERT_STORE) && File.read(CERT_STORE).include?(pem) puts 'Cert store already contains this certificate. Skipped!' false else File.open(CERT_STORE, 'a') { |f| f.write content } puts "Cert added to '#{CERT_STORE}'. Cert Info: #{content}" true end end |
.load_trusted_certs ⇒ X509::Store
Load any trusted certs and add them to the default SSL cert store.
Looks for a file at ~/.oneview-sdk-ruby/trusted_certs.cer
Note: File must be readable and parseable by X509::Store.add_file method
14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'lib/oneview-sdk/ssl_helper.rb', line 14 def self.load_trusted_certs store = OpenSSL::X509::Store.new store.set_default_paths begin store.add_file(CERT_STORE) if File.file?(CERT_STORE) rescue StandardError => e puts "WARNING: Failed to load certificate store file at #{CERT_STORE} \n Message: #{e.}" end store rescue StandardError => e puts "WARNING: Failure in #{self}##{__method__} \n Message: #{e.}" nil end |