Merge pull request sumoheavy#225 from falconed/client_cert_support

Add client cert support
kali-hernandez · Jan 19, 2018 · a8e1dbe · a8e1dbe
2 parents fedc80d + 0e8f0f3
commit a8e1dbe
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 0 deletions.
diff --git a/lib/jira/client.rb b/lib/jira/client.rb
@@ -52,6 +52,7 @@ class Client
       :rest_base_path     => "/rest/api/2",
       :ssl_verify_mode    => OpenSSL::SSL::VERIFY_PEER,
       :use_ssl            => true,
+      :use_client_cert    => false,
       :auth_type          => :oauth,
       :http_debug         => false
     }
@@ -61,6 +62,13 @@ def initialize(options={})
       @options = options
       @options[:rest_base_path] = @options[:context_path] + @options[:rest_base_path]
 
+      if options[:use_client_cert]
+        raise ArgumentError, 'Options: :cert_path must be set when :use_client_cert is true' unless @options[:cert_path]
+        raise ArgumentError, 'Options: :key_path must be set when :use_client_cert is true' unless @options[:key_path]
+        @options[:cert] = OpenSSL::X509::Certificate.new(File.read(@options[:cert_path]))
+        @options[:key] = OpenSSL::PKey::RSA.new(File.read(@options[:key_path]))
+      end
+
       case options[:auth_type]
       when :oauth, :oauth_2legged
         @request_client = OauthClient.new(@options)

diff --git a/lib/jira/http_client.rb b/lib/jira/http_client.rb
@@ -50,6 +50,10 @@ def http_conn(uri)
       end
       http_conn = http_class.new(uri.host, uri.port)
       http_conn.use_ssl = @options[:use_ssl]
+      if @options[:use_client_cert]
+        http_conn.cert = @options[:cert]
+        http_conn.key = @options[:key]
+      end
       http_conn.verify_mode = @options[:ssl_verify_mode]
       http_conn.read_timeout = @options[:read_timeout]
       http_conn

diff --git a/spec/jira/http_client_spec.rb b/spec/jira/http_client_spec.rb
@@ -28,6 +28,15 @@
     JIRA::HttpClient.new(options)
   end
 
+  let(:basic_client_cert_client) do
+    options = JIRA::Client::DEFAULT_OPTIONS.merge(JIRA::HttpClient::DEFAULT_OPTIONS).merge(
+      :use_client_cert => true,
+      :cert => 'public certificate contents',
+      :key => 'private key contents'
+    )
+    JIRA::HttpClient.new(options)
+  end
+
   let(:response) do
     response = double("response")
     allow(response).to receive(:kind_of?).with(Net::HTTPSuccess).and_return(true)
@@ -170,6 +179,22 @@
     expect(basic_client.http_conn(uri)).to eq(http_conn)
   end
 
+  it 'can use client certificates' do
+    http_conn = double
+    uri = double
+    host = double
+    port = double
+    expect(Net::HTTP).to receive(:new).with(host, port).and_return(http_conn)
+    expect(uri).to receive(:host).and_return(host)
+    expect(uri).to receive(:port).and_return(port)
+    expect(http_conn).to receive(:use_ssl=).with(basic_client.options[:use_ssl])
+    expect(http_conn).to receive(:verify_mode=).with(basic_client.options[:ssl_verify_mode])
+    expect(http_conn).to receive(:read_timeout=).with(basic_client.options[:read_timeout])
+    expect(http_conn).to receive(:cert=).with(basic_client_cert_client.options[:cert])
+    expect(http_conn).to receive(:key=).with(basic_client_cert_client.options[:key])
+    expect(basic_client_cert_client.http_conn(uri)).to eq(http_conn)
+  end
+
   it "returns a http connection" do
     http_conn = double()
     uri = double()