From d61b9229d6a273aed72dd38209bb2c77461d389b Mon Sep 17 00:00:00 2001 From: Dan Falcone Date: Fri, 7 Apr 2017 00:41:38 -0400 Subject: [PATCH 1/2] Add client cert support --- lib/jira/client.rb | 8 ++++++++ lib/jira/http_client.rb | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/lib/jira/client.rb b/lib/jira/client.rb index e233b4e4..b5a93232 100644 --- a/lib/jira/client.rb +++ b/lib/jira/client.rb @@ -52,6 +52,7 @@ class Client :rest_base_path => "/rest/api/2", :ssl_verify_mode => OpenSSL::SSL::VERIFY_PEER, :use_ssl => true, + :use_client_cert => false, :auth_type => :oauth, :http_debug => false } @@ -61,6 +62,13 @@ def initialize(options={}) @options = options @options[:rest_base_path] = @options[:context_path] + @options[:rest_base_path] + if options[:use_client_cert] + raise ArgumentError, 'Options: :cert_path must be set when :use_client_cert is true' unless @options[:cert_path] + raise ArgumentError, 'Options: :key_path must be set when :use_client_cert is true' unless @options[:key_path] + @options[:cert] = OpenSSL::X509::Certificate.new(File.read(@options[:cert_path])) + @options[:key] = OpenSSL::PKey::RSA.new(File.read(@options[:key_path])) + end + case options[:auth_type] when :oauth @request_client = OauthClient.new(@options) diff --git a/lib/jira/http_client.rb b/lib/jira/http_client.rb index a4ca0afd..c8949460 100644 --- a/lib/jira/http_client.rb +++ b/lib/jira/http_client.rb @@ -44,6 +44,10 @@ def http_conn(uri) end http_conn = http_class.new(uri.host, uri.port) http_conn.use_ssl = @options[:use_ssl] + if @options[:use_client_cert] + http_conn.cert = @options[:cert] + http_conn.key = @options[:key] + end http_conn.verify_mode = @options[:ssl_verify_mode] http_conn.read_timeout = @options[:read_timeout] http_conn From 0e8f0f34fab3c06cb5a5f31a7fc036704511bfbf Mon Sep 17 00:00:00 2001 From: Dan Falcone Date: Wed, 29 Nov 2017 21:00:42 -0500 Subject: [PATCH 2/2] Add a client cert spec for the http client --- spec/jira/http_client_spec.rb | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/spec/jira/http_client_spec.rb b/spec/jira/http_client_spec.rb index be71d642..fdc13766 100644 --- a/spec/jira/http_client_spec.rb +++ b/spec/jira/http_client_spec.rb @@ -28,6 +28,15 @@ JIRA::HttpClient.new(options) end + let(:basic_client_cert_client) do + options = JIRA::Client::DEFAULT_OPTIONS.merge(JIRA::HttpClient::DEFAULT_OPTIONS).merge( + :use_client_cert => true, + :cert => 'public certificate contents', + :key => 'private key contents' + ) + JIRA::HttpClient.new(options) + end + let(:response) do response = double("response") allow(response).to receive(:kind_of?).with(Net::HTTPSuccess).and_return(true) @@ -170,6 +179,22 @@ expect(basic_client.http_conn(uri)).to eq(http_conn) end + it 'can use client certificates' do + http_conn = double + uri = double + host = double + port = double + expect(Net::HTTP).to receive(:new).with(host, port).and_return(http_conn) + expect(uri).to receive(:host).and_return(host) + expect(uri).to receive(:port).and_return(port) + expect(http_conn).to receive(:use_ssl=).with(basic_client.options[:use_ssl]) + expect(http_conn).to receive(:verify_mode=).with(basic_client.options[:ssl_verify_mode]) + expect(http_conn).to receive(:read_timeout=).with(basic_client.options[:read_timeout]) + expect(http_conn).to receive(:cert=).with(basic_client_cert_client.options[:cert]) + expect(http_conn).to receive(:key=).with(basic_client_cert_client.options[:key]) + expect(basic_client_cert_client.http_conn(uri)).to eq(http_conn) + end + it "returns a http connection" do http_conn = double() uri = double()