Extract SSL policy to a DI-able class

author: danielsdeleo <dan@opscode.com> 2013-10-15 16:13:26 -0700
committer: danielsdeleo <dan@opscode.com> 2013-10-16 17:52:51 -0700
commit: 368dede80b8cd16443e7e38e965b4f368c1a6a75 (patch)
tree: 063ca5868c78e862747543cfe64609446fdab4ee /lib/chef/http
parent: ced89196578b3d9ac302ec4fb71d0f4fd61f5968 (diff)
download: chef-368dede80b8cd16443e7e38e965b4f368c1a6a75.tar.gz
2 files changed, 104 insertions, 30 deletions
diff --git a/lib/chef/http/basic_client.rb b/lib/chef/http/basic_client.rb
index 181fd5135d..fb28a841c8 100644
--- a/lib/chef/http/basic_client.rb
+++ b/lib/chef/http/basic_client.rb
@@ -22,6 +22,7 @@
 #
 require 'uri'
 require 'net/http'
+require 'chef/http/ssl_policies'
 require 'chef/http/http_request'
 
 class Chef
@@ -32,9 +33,16 @@ class Chef
 
       attr_reader :url
       attr_reader :http_client
+      attr_reader :ssl_policy
 
-      def initialize(url)
+      # Instantiate a BasicClient.
+      # === Arguments:
+      # url:: An URI for the remote server.
+      # === Options:
+      # ssl_policy:: The SSL Policy to use, defaults to DefaultSSLPolicy
+      def initialize(url, opts={})
         @url = url
+        @ssl_policy = opts[:ssl_policy] || DefaultSSLPolicy
         @http_client = build_http_client
       end
 
@@ -95,35 +103,7 @@ class Chef
 
       def configure_ssl(http_client)
         http_client.use_ssl = true
-        if config[:ssl_verify_mode] == :verify_none
-          http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
-        elsif config[:ssl_verify_mode] == :verify_peer
-          http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        end
-        if config[:ssl_ca_path]
-          unless ::File.exist?(config[:ssl_ca_path])
-            raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_path #{config[:ssl_ca_path]} does not exist"
-          end
-          http_client.ca_path = config[:ssl_ca_path]
-        elsif config[:ssl_ca_file]
-          unless ::File.exist?(config[:ssl_ca_file])
-            raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{config[:ssl_ca_file]} does not exist"
-          end
-          http_client.ca_file = config[:ssl_ca_file]
-        end
-        if (config[:ssl_client_cert] || config[:ssl_client_key])
-          unless (config[:ssl_client_cert] && config[:ssl_client_key])
-            raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together"
-          end
-          unless ::File.exists?(config[:ssl_client_cert])
-            raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist"
-          end
-          unless ::File.exists?(config[:ssl_client_key])
-            raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
-          end
-          http_client.cert = OpenSSL::X509::Certificate.new(::File.read(config[:ssl_client_cert]))
-          http_client.key = OpenSSL::PKey::RSA.new(::File.read(config[:ssl_client_key]))
-        end
+        ssl_policy.apply_to(http_client)
       end
 
     end
diff --git a/lib/chef/http/ssl_policies.rb b/lib/chef/http/ssl_policies.rb
new file mode 100644
index 0000000000..604bff8461
--- /dev/null
+++ b/lib/chef/http/ssl_policies.rb
@@ -0,0 +1,94 @@
+#--
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Thom May (<thom@clearairturbulence.org>)
+# Author:: Nuo Yan (<nuo@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010, 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'openssl'
+
+class Chef
+  class HTTP
+
+    # == Chef::HTTP::DefaultSSLPolicy
+    # Configures SSL behavior on an HTTP object via visitor pattern.
+    class DefaultSSLPolicy
+
+      def self.apply_to(http_client)
+        new(http_client).apply
+        http_client
+      end
+
+      attr_reader :http_client
+
+      def initialize(http_client)
+        @http_client = http_client
+      end
+
+      def apply
+        set_verify_mode
+        set_ca_store
+        set_client_credentials
+      end
+
+      def set_verify_mode
+        if config[:ssl_verify_mode] == :verify_none
+          http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        elsif config[:ssl_verify_mode] == :verify_peer
+          http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        end
+      end
+
+      def set_ca_store
+        if config[:ssl_ca_path]
+          unless ::File.exist?(config[:ssl_ca_path])
+            raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_path #{config[:ssl_ca_path]} does not exist"
+          end
+          http_client.ca_path = config[:ssl_ca_path]
+        elsif config[:ssl_ca_file]
+          unless ::File.exist?(config[:ssl_ca_file])
+            raise Chef::Exceptions::ConfigurationError, "The configured ssl_ca_file #{config[:ssl_ca_file]} does not exist"
+          end
+          http_client.ca_file = config[:ssl_ca_file]
+        end
+      end
+
+      def set_client_credentials
+        if (config[:ssl_client_cert] || config[:ssl_client_key])
+          unless (config[:ssl_client_cert] && config[:ssl_client_key])
+            raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together"
+          end
+          unless ::File.exists?(config[:ssl_client_cert])
+            raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist"
+          end
+          unless ::File.exists?(config[:ssl_client_key])
+            raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
+          end
+          http_client.cert = OpenSSL::X509::Certificate.new(::File.read(config[:ssl_client_cert]))
+          http_client.key = OpenSSL::PKey::RSA.new(::File.read(config[:ssl_client_key]))
+        end
+      end
+
+      def config
+        Chef::Config
+      end
+
+    end
+  end
+end
author	danielsdeleo <dan@opscode.com>	2013-10-15 16:13:26 -0700
committer	danielsdeleo <dan@opscode.com>	2013-10-16 17:52:51 -0700
commit	368dede80b8cd16443e7e38e965b4f368c1a6a75 (patch)
tree	063ca5868c78e862747543cfe64609446fdab4ee /lib/chef/http
parent	ced89196578b3d9ac302ec4fb71d0f4fd61f5968 (diff)
download	chef-368dede80b8cd16443e7e38e965b4f368c1a6a75.tar.gz