aspera-cli 4.18.1 → 4.20.0

data/lib/aspera/transfer/sync.rb

@@ -4,6 +4,7 @@
 
 require 'aspera/command_line_builder'
 require 'aspera/ascp/installation'
+require 'aspera/agent/direct'
 require 'aspera/log'
 require 'aspera/assert'
 require 'json'
@@ -13,12 +14,12 @@ require 'English'
 
 module Aspera
   module Transfer
-    # builds command line arg for async
+    # builds command line arg for async and execute it
     module Sync
       # sync direction, default is push
       DIRECTIONS = %i[push pull bidi].freeze
-      # custom JSON for async instance command line options
-      PARAMS_VX_INSTANCE =
+      # JSON for async instance command line options
+      CMDLINE_PARAMS_INSTANCE =
         {
           'alt_logdir'          => { cli: { type: :opt_with_arg}, accepted_types: :string},
           'watchd'              => { cli: { type: :opt_with_arg}, accepted_types: :string},
@@ -28,7 +29,7 @@ module Aspera
         }.freeze
 
       # map sync session parameters to transfer spec: sync -> ts, true if same
-      PARAMS_VX_SESSION =
+      CMDLINE_PARAMS_SESSION =
         {
           'name'                       => { cli: { type: :opt_with_arg}, accepted_types: :string},
           'local_dir'                  => { cli: { type: :opt_with_arg}, accepted_types: :string},
@@ -65,13 +66,13 @@ module Aspera
           'license'                    => { cli: { type: :envvar, variable: 'ASPERA_SCP_LICENSE'}}
         }.freeze
 
-      CommandLineBuilder.normalize_description(PARAMS_VX_INSTANCE)
-      CommandLineBuilder.normalize_description(PARAMS_VX_SESSION)
+      CommandLineBuilder.normalize_description(CMDLINE_PARAMS_INSTANCE)
+      CommandLineBuilder.normalize_description(CMDLINE_PARAMS_SESSION)
 
-      PARAMS_VX_KEYS = %w[instance sessions].freeze
+      CMDLINE_PARAMS_KEYS = %w[instance sessions].freeze
 
       # Translation of transfer spec parameters to async v2 API (asyncs)
-      TS_TO_PARAMS_V2 = {
+      TSPEC_TO_ASYNC_CONF = {
         'remote_host'     => 'remote.host',
         'remote_user'     => 'remote.user',
         'remote_password' => 'remote.pass',
@@ -83,10 +84,9 @@ module Aspera
         'tags'            => 'tags'
       }.freeze
 
-      ASYNC_EXECUTABLE = 'async'
       ASYNC_ADMIN_EXECUTABLE = 'asyncadmin'
 
-      private_constant :PARAMS_VX_INSTANCE, :PARAMS_VX_SESSION, :PARAMS_VX_KEYS, :TS_TO_PARAMS_V2, :ASYNC_EXECUTABLE, :ASYNC_ADMIN_EXECUTABLE
+      private_constant :CMDLINE_PARAMS_INSTANCE, :CMDLINE_PARAMS_SESSION, :CMDLINE_PARAMS_KEYS, :TSPEC_TO_ASYNC_CONF, :ASYNC_ADMIN_EXECUTABLE
 
       class << self
         # Set remote_dir in sync parameters based on transfer spec
@@ -126,7 +126,7 @@ module Aspera
             remote.delete('ws_port')
             # add SSH bypass keys when authentication is token and no auth is provided
             if remote.key?('token') && !remote.key?('pass')
-              certificates_to_use.concat(Ascp::Installation.instance.aspera_token_ssh_key_paths)
+              certificates_to_use.concat(Ascp::Installation.instance.aspera_token_ssh_key_paths(:rsa))
             end
           end
           return certificates_to_use
@@ -134,23 +134,27 @@ module Aspera
 
         # @param sync_params [Hash] sync parameters, old or new format
         # @param block [nil, Proc] block to generate transfer spec, takes: direction (one of DIRECTIONS), local_dir, remote_dir
-        def start(sync_params, &block)
+        def start(
+          sync_params,
+          &block
+        )
+          Log.log.debug{Log.dump(:sync_params_initial, sync_params)}
           Aspera.assert_type(sync_params, Hash)
           env_args = {
             args: [],
             env:  {}
           }
           if sync_params.key?('local')
+            # async native JSON format (conf option)
+            Aspera.assert_type(sync_params['local'], Hash){'local'}
             remote = sync_params['remote']
-            # async native JSON format (v2)
-            Aspera.assert_type(remote, Hash)
+            Aspera.assert_type(remote, Hash){'remote'}
+            Aspera.assert_type(remote['path'], String){'remote path'}
             # get transfer spec if possible, and feed back to new structure
             if block
               transfer_spec = yield((sync_params['direction'] || 'push').to_sym, sync_params['local']['path'], remote['path'])
-              # async native JSON format
-              Aspera.assert_type(sync_params['local'], Hash)
               # translate transfer spec to async parameters
-              TS_TO_PARAMS_V2.each do |ts_param, sy_path|
+              TSPEC_TO_ASYNC_CONF.each do |ts_param, sy_path|
                 next unless transfer_spec.key?(ts_param)
                 sy_dig = sy_path.split('.')
                 param = sy_dig.pop
@@ -160,36 +164,41 @@ module Aspera
               end
               update_remote_dir(remote, 'path', transfer_spec)
             end
-            remote['connect_mode'] ||= remote.key?('ws_port') ? 'ws' : 'ssh'
+            remote['connect_mode'] ||= transfer_spec['wss_enabled'] ? 'ws' : 'ssh'
             add_certificates = remote_certificates(remote)
             if !add_certificates.empty?
               remote['private_key_paths'] ||= []
               remote['private_key_paths'].concat(add_certificates)
             end
-            Aspera.assert_type(sync_params, Hash)
+            # '--exclusive-mgmt-port=12345', '--arg-err-path=-',
             env_args[:args] = ["--conf64=#{Base64.strict_encode64(JSON.generate(sync_params))}"]
+            Log.log.debug{Log.dump(:sync_params_enriched, sync_params)}
+            agent = Agent::Direct.new
+            agent.start_and_monitor_process(session: {}, name: :async, **env_args)
           elsif sync_params.key?('sessions')
-            # ascli JSON format (v1)
+            # ascli JSON format (cmdline)
+            raise StandardError, "Only 'sessions', and optionally 'instance' keys are allowed" unless
+              sync_params.keys.push('instance').uniq.sort.eql?(CMDLINE_PARAMS_KEYS)
+            Aspera.assert_type(sync_params['sessions'], Array)
+            Aspera.assert_type(sync_params['sessions'].first, Hash)
             if block
               sync_params['sessions'].each do |session|
+                Aspera.assert_type(session['local_dir'], String){'local_dir'}
+                Aspera.assert_type(session['remote_dir'], String){'remote_dir'}
                 transfer_spec = yield((session['direction'] || 'push').to_sym, session['local_dir'], session['remote_dir'])
-                PARAMS_VX_SESSION.each do |async_param, behavior|
+                CMDLINE_PARAMS_SESSION.each do |async_param, behavior|
                   if behavior.key?(:ts)
                     tspec_param = behavior[:ts].is_a?(TrueClass) ? async_param : behavior[:ts].to_s
                     session[async_param] ||= transfer_spec[tspec_param] if transfer_spec.key?(tspec_param)
                   end
                 end
-                session['private_key_paths'] = Ascp::Installation.instance.aspera_token_ssh_key_paths if transfer_spec.key?('token')
+                session['private_key_paths'] = Ascp::Installation.instance.aspera_token_ssh_key_paths(:rsa) if transfer_spec.key?('token')
                 update_remote_dir(session, 'remote_dir', transfer_spec)
               end
             end
-            raise StandardError, "Only 'sessions', and optionally 'instance' keys are allowed" unless
-              sync_params.keys.push('instance').uniq.sort.eql?(PARAMS_VX_KEYS)
-            Aspera.assert_type(sync_params['sessions'], Array)
-            Aspera.assert_type(sync_params['sessions'].first, Hash)
             if sync_params.key?('instance')
               Aspera.assert_type(sync_params['instance'], Hash)
-              instance_builder = CommandLineBuilder.new(sync_params['instance'], PARAMS_VX_INSTANCE)
+              instance_builder = CommandLineBuilder.new(sync_params['instance'], CMDLINE_PARAMS_INSTANCE)
               instance_builder.process_params
               instance_builder.add_env_args(env_args)
             end
@@ -197,23 +206,19 @@ module Aspera
             sync_params['sessions'].each do |session_params|
               Aspera.assert_type(session_params, Hash)
               Aspera.assert(session_params.key?('name')){'session must contain at least name'}
-              session_builder = CommandLineBuilder.new(session_params, PARAMS_VX_SESSION)
+              session_builder = CommandLineBuilder.new(session_params, CMDLINE_PARAMS_SESSION)
               session_builder.process_params
               session_builder.add_env_args(env_args)
             end
+            async_exec = Ascp::Installation.instance.path(:async)
+            Process.wait(Environment.secure_spawn(env: env_args[:env], exec: async_exec, args: env_args[:args]))
+            if $CHILD_STATUS.exitstatus != 0
+              raise "Sync failed with exit: #{$CHILD_STATUS.exitstatus}"
+            end
           else
             raise 'At least one of `local` or `sessions` must be present in async parameters'
           end
-          Log.log.debug{Log.dump(:sync_params, sync_params)}
-          Log.log.debug{"execute: #{env_args[:env].map{|k, v| "#{k}=\"#{v}\""}.join(' ')} \"#{ASYNC_EXECUTABLE}\" \"#{env_args[:args].join('" "')}\""}
-          res = system(env_args[:env], [ASYNC_EXECUTABLE, ASYNC_EXECUTABLE], *env_args[:args])
-          Log.log.debug{"result=#{res}"}
-          case res
-          when true then return nil
-          when false then raise "failed: #{$CHILD_STATUS}"
-          when nil then raise "not started: #{$CHILD_STATUS}"
-          else Aspera.error_unexpected_value(res)
-          end
+          return nil
         end
 
         def parse_status(stdout)
@@ -234,15 +239,15 @@ module Aspera
         end
 
         def admin_status(sync_params, session_name)
-          command_line = [ASYNC_ADMIN_EXECUTABLE, '--quiet']
+          arguments = ['--quiet']
           if sync_params.key?('local')
             Aspera.assert(!sync_params['name'].nil?){'Missing session name'}
             Aspera.assert(session_name.nil? || session_name.eql?(sync_params['name'])){'Session not found'}
-            command_line.push("--name=#{sync_params['name']}")
+            arguments.push("--name=#{sync_params['name']}")
             if sync_params.key?('local_db_dir')
-              command_line.push("--local-db-dir=#{sync_params['local_db_dir']}")
+              arguments.push("--local-db-dir=#{sync_params['local_db_dir']}")
             elsif sync_params.dig('local', 'path')
-              command_line.push("--local-dir=#{sync_params.dig('local', 'path')}")
+              arguments.push("--local-dir=#{sync_params.dig('local', 'path')}")
             else
               raise 'Missing either local_db_dir or local.path'
             end
@@ -250,22 +255,18 @@ module Aspera
             session = session_name.nil? ? sync_params['sessions'].first : sync_params['sessions'].find{|s|s['name'].eql?(session_name)}
             raise "Session #{session_name} not found in #{sync_params['sessions'].map{|s|s['name']}.join(',')}" if session.nil?
             raise 'Missing session name' if session['name'].nil?
-            command_line.push("--name=#{session['name']}")
+            arguments.push("--name=#{session['name']}")
             if session.key?('local_db_dir')
-              command_line.push("--local-db-dir=#{session['local_db_dir']}")
+              arguments.push("--local-db-dir=#{session['local_db_dir']}")
             elsif session.key?('local_dir')
-              command_line.push("--local-dir=#{session['local_dir']}")
+              arguments.push("--local-dir=#{session['local_dir']}")
             else
               raise 'Missing either local_db_dir or local_dir'
             end
           else
             raise 'At least one of `local` or `sessions` must be present in async parameters'
           end
-          Log.log.debug{"execute: #{command_line.join(' ')}"}
-          stdout, stderr, status = Open3.capture3(*command_line)
-          Log.log.debug{"status=#{status}, stderr=#{stderr}"}
-          Log.log.trace1{"stdout=#{stdout}"}
-          raise "Sync failed: #{status.exitstatus} : #{stderr}" unless status.success?
+          stdout = Environment.secure_capture(exec: ASYNC_ADMIN_EXECUTABLE, args: arguments)
           return parse_status(stdout)
         end
       end

data/lib/aspera/transfer/uri.rb

@@ -26,7 +26,7 @@ module Aspera
         # faspex 4 does not encode trailing base64 padding, fix that to be able to decode properly
         fixed_query = @fasp_uri.query.gsub(/(=+)$/){|trail_equals|'%3D' * trail_equals.length}
 
-        Rest.decode_query(fixed_query).each do |name, value|
+        Rest.query_to_h(fixed_query).each do |name, value|
           case name
           when 'cookie'      then result_ts['cookie'] = value
           when 'token'       then result_ts['token'] = value

data/lib/aspera/uri_reader.rb

@@ -12,7 +12,7 @@ module Aspera
         uri = URI.parse(uri_to_read)
         case uri.scheme
         when 'http', 'https'
-          return Rest.new(base_url: uri_to_read, redirect_max: 5).call(operation: 'GET', subpath: '', headers: {'Accept' => 'text/plain'})[:data]
+          return Rest.new(base_url: uri_to_read, redirect_max: 5).call(operation: 'GET', headers: {'Accept' => '*/*'})[:data]
         when 'file', NilClass
           local_file_path = uri.path
           raise 'URL shall have a path, check syntax' if local_file_path.nil?

data/lib/aspera/web_auth.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'aspera/web_server_simple'
-require 'stringio'
+require 'aspera/assert'
 
 module Aspera
   # servlet called on callback: it records the callback request
@@ -16,41 +16,189 @@ module Aspera
 
     def service(request, response)
       Log.log.debug{"received request from browser #{request.request_method} #{request.path}"}
-      raise WEBrick::HTTPStatus::MethodNotAllowed, "unexpected method: #{request.request_method}" unless request.request_method.eql?('GET')
-      raise WEBrick::HTTPStatus::NotFound, "unexpected path: #{request.path}" unless request.path.eql?(@web_auth.expected_path)
-      # acquire lock and signal change
-      @web_auth.mutex.synchronize do
-        @web_auth.query = request.query
-        @web_auth.cond.signal
-      end
+      Aspera.assert_values(request.request_method, ['GET'], exception_class: WEBrick::HTTPStatus::MethodNotAllowed){'HTTP verb'}
+      additionnal_info = @web_auth.signal_request(request)
       response.status = 200
       response.content_type = 'text/html'
-      response.body = '<html><head><title>Ok</title></head><body><h1>Thank you !</h1><p>You can close this window.</p></body></html>'
+      response.body = <<~HTML
+        <!DOCTYPE html>
+        <html lang="en">
+        <head>
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <link rel="icon" href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgdmlld0JveD0iMCAwIDMyIDMyIiBmaWxsPSJub25lIiBzdHJva2U9IiMyMjIiIHN0cm9rZS13aWR0aD0iMyI+CiAgPGxpbmUgeDE9IjMiIHkxPSIzIiB4Mj0iMjkiIHkyPSIyOSIgIHN0cm9rZT0icmVkIi8+CiAgPGxpbmUgeDE9IjI5IiB5MT0iMyIgeDI9IjMiIHkyPSIyOSIgc3Ryb2tlPSJyZWQiIC8+Cjwvc3ZnPg==" type="image/svg+xml">
+        <title>Close Now</title>
+        <style>
+        body {
+        font-family: Arial, sans-serif;
+        text-align: center;
+        padding: 2rem;
+        margin: 0;
+        background: linear-gradient(135deg, #f0f4f8, #d9e2ec);
+        color: #333;
+        overflow: hidden; /* Ensure no scrollbars for the background animation */
+        position: relative;
+        }
+        h1 {
+        font-size: 2.5rem;
+        color: #0078d4;
+        }
+        p {
+        font-size: 1.2rem;
+        margin-top: 1rem;
+        }
+
+        /* Styling for animated IBM logos */
+        .logo {
+        position: absolute;
+        bottom: -100px;
+        width: 40px;
+        height: 40px;
+        background: none;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        animation: rise 10s infinite ease-in-out;
+        }
+
+        .logo svg {
+        width: 100%;
+        height: 100%;
+        }
+
+        .logo:nth-child(odd) {
+        animation-duration: 8s;
+        }
+
+        .logo:nth-child(even) {
+        animation-duration: 12s;
+        }
+
+        @keyframes rise {
+        0% {
+        transform: translateY(0) scale(1);
+        opacity: 1;
+        }
+        50% {
+        opacity: 0.7;
+        }
+        100% {
+        transform: translateY(-120vh) scale(0.7);
+        opacity: 0;
+        }
+        }
+        </style>
+        </head>
+        <body>
+        <h1>Thank You!</h1>
+        <p>You can close this window.</p>
+        <p>#{additionnal_info}</p>
+
+        <!-- JavaScript to generate IBM logos -->
+        <script>
+        // Function to create logos dynamically
+        function createLogos() {
+        const body = document.body;
+        const svgContent = `
+        <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="1000px" height="401.149px" viewBox="0 0 1000 401.149" xml:space="preserve">
+        <g>
+        <rect fill="#1F70C1" x="0" y="373.217" width="194.433" height="27.833"/>
+        <rect fill="#1F70C1" x="0" y="319.83" width="194.433" height="27.931"/>
+        <rect fill="#1F70C1" x="55.468" y="266.541" width="83.399" height="27.932"/>
+        <rect fill="#1F70C1" x="55.468" y="213.253" width="83.399" height="27.932"/>
+        <rect fill="#1F70C1" x="55.468" y="159.964" width="83.399" height="27.932"/>
+        <rect fill="#1F70C1" x="55.468" y="106.577" width="83.399" height="27.932"/>
+        <rect fill="#1F70C1" x="0" y="53.288" width="194.433" height="27.932"/>
+        <rect fill="#1F70C1" x="0" y="0" width="194.433" height="27.932"/>
+        <path fill="#1F70C1" d="M222.167,347.761h299.029c5.051-8.617,8.815-18.027,11.094-27.932H222.167V347.761z"/>
+        <path fill="#1F70C1" d="M497.92,213.253H277.734v27.932h243.463C514.857,230.487,507.032,221.078,497.92,213.253z"/>
+        <path fill="#1F70C1" d="M277.734,159.964v27.932H497.92c9.311-7.825,17.135-17.235,23.277-27.932H277.734z"/>
+        <path fill="#1F70C1" d="M521.197,53.288H222.167V81.22H532.29C529.715,71.315,525.951,61.906,521.197,53.288z"/>
+        <path fill="#1F70C1" d="M429.279,0H222.167v27.932h278.526C482.072,10.697,456.815,0,429.279,0z"/>
+        <rect fill="#1F70C1" x="277.734" y="106.577" width="83.3" height="27.932"/>
+        <path fill="#1F70C1" d="M444.433,134.509h87.163c2.476-8.914,3.764-18.324,3.764-27.932h-90.927z"/>
+        <rect fill="#1F70C1" x="277.734" y="266.541" width="83.3" height="27.932"/>
+        <path fill="#1F70C1" d="M444.433,266.541v27.932h90.927c0-9.608-1.288-19.017-3.764-27.932H444.433z"/>
+        <path fill="#1F70C1" d="M222.167,400.852h207.112c27.734,0,52.793-10.697,71.513-27.932H222.167V400.852z"/>
+        <rect fill="#1F70C1" x="555.567" y="373.217" width="138.866" height="27.833"/>
+        <rect fill="#1F70C1" x="555.567" y="319.83" width="138.866" height="27.931"/>
+        <rect fill="#1F70C1" x="611.034" y="266.541" width="83.399" height="27.932"/>
+        <rect fill="#1F70C1" x="611.034" y="213.253" width="83.399" height="27.932"/>
+        <polygon fill="#1F70C1" points="733.063,53.288 555.567,53.288 555.567,81.22 742.67,81.22"/>
+        <polygon fill="#1F70C1" points="714.639,0 555.567,0 555.567,27.932 724.247,27.932"/>
+        <rect fill="#1F70C1" x="861.034" y="373.217" width="138.866" height="27.833"/>
+        <rect fill="#1F70C1" x="861.034" y="319.83" width="138.866" height="27.931"/>
+        <rect fill="#1F70C1" x="861.034" y="266.541" width="83.399" height="27.932"/>
+        <rect fill="#1F70C1" x="861.034" y="213.253" width="83.399" height="27.932"/>
+        <polygon fill="#1F70C1" points="861.034,187.896 944.433,187.896 944.433,159.964 861.034,159.964 694.433,159.964 611.034,159.964 611.034,187.896 694.433,187.896 852.219,187.896"/>
+        <polygon fill="#1F70C1" points="944.433,106.577 803.982,106.577 794.374,134.509 944.433,134.509"/>
+        <polygon fill="#1F70C1" points="840.927,0 831.319,27.932 1000,27.932 1000,0"/>
+        <polygon fill="#1F70C1" points="777.734,400.852 787.341,373.217 768.126,373.217"/>
+        <polygon fill="#1F70C1" points="759.311,347.761 796.157,347.761 806.062,319.83 749.505,319.83"/>
+        <polygon fill="#1F70C1" points="740.59,294.473 814.877,294.473 824.683,266.541 730.784,266.541"/>
+        <polygon fill="#1F70C1" points="721.969,241.185 833.597,241.185 843.106,213.253 712.361,213.253"/>
+        <polygon fill="#1F70C1" points="611.034,134.509 761.093,134.509 751.486,106.577 611.034,106.577"/>
+        <polygon fill="#1F70C1" points="812.896,81.22 1000,81.22 1000,53.288 822.405,53.288"/>
+        </g>
+        </svg>
+        `;
+        for (let i = 0; i < 20; i++) {
+        const logo = document.createElement('div');
+        logo.className = 'logo';
+        const size = Math.random() * 30 + 20; // Random size between 20px and 50px
+        logo.style.width = `${size}px`;
+        logo.style.height = `${size}px`;
+        logo.style.left = `${Math.random() * 100}vw`;
+        logo.style.animationDelay = `${Math.random() * 5}s`;
+        logo.innerHTML = svgContent;
+        body.appendChild(logo);
+        }
+        }
+
+        // Call the function to create logos on load
+        createLogos();
+        </script>
+        </body>
+        </html>
+      HTML
+
       return nil
     end
   end
 
-  # start a local web server, then start a browser that will callback the local server upon authentication
+  # start a local web server
+  # then start a browser that will callback the local server upon authentication
+  # store the final query
   class WebAuth < WebServerSimple
-    attr_reader :expected_path, :mutex, :cond
-    attr_writer :query
-
-    # @param endpoint_url [String] e.g. 'https://127.0.0.1:12345'
-    def initialize(endpoint_url)
+    # @param endpoint_url     [String] e.g. 'https://127.0.0.1:12345'
+    # @param additionnal_info [String] Information in web page
+    def initialize(endpoint_url, additionnal_info = nil)
       uri = URI.parse(endpoint_url)
       super(uri)
-      # parameters for servlet
       @mutex = Mutex.new
       @cond = ConditionVariable.new
       @expected_path = uri.path.empty? ? '/' : uri.path
       @query = nil
+      @additionnal_info = additionnal_info
       # last argument (self) is provided to constructor of servlet
       mount(@expected_path, WebAuthServlet, self)
+      # server runs in thread
       Thread.new { start }
     end
 
-    # wait for request on web server
-    # @return Hash the query
+    # Called by web server thread on received request
+    # @return [String] additional information for web page
+    def signal_request(request)
+      raise WEBrick::HTTPStatus::NotFound, "unexpected path: #{request.path}" unless request.path.eql?(@expected_path)
+      # acquire lock and signal change
+      @mutex.synchronize do
+        @query = request.query
+        @cond.signal
+      end
+      return @additionnal_info
+    end
+
+    # wait for request on web server (main thread)
+    # @return [Hash] the query
     def received_request
       # wait for signal from thread
       @mutex.synchronize{@cond.wait(@mutex)}

data/lib/aspera/web_server_simple.rb

@@ -4,19 +4,20 @@ require 'webrick'
 require 'webrick/https'
 require 'aspera/log'
 require 'aspera/assert'
+require 'aspera/hash_ext'
 require 'openssl'
 
 module Aspera
   # Simple WEBrick server with HTTPS support
   class WebServerSimple < WEBrick::HTTPServer
-    CERT_PARAMETERS = %i[key cert chain].freeze
+    CERT_PARAMETERS = %i[key cert chain pkcs12].freeze
     GENERIC_ISSUER = '/C=FR/O=Test/OU=Test/CN=Test'
     ONE_YEAR_SECONDS = 365 * 24 * 60 * 60
 
     private_constant :CERT_PARAMETERS, :GENERIC_ISSUER, :ONE_YEAR_SECONDS
 
     class << self
-      # generates and adds self signed cert to provided webrick options
+      # Fill and self sign provided certificate
       def fill_self_signed_cert(cert, key, digest = 'SHA256')
         cert.subject = cert.issuer = OpenSSL::X509::Name.parse(GENERIC_ISSUER)
         cert.not_before = cert.not_after = Time.now
@@ -58,24 +59,35 @@ module Aspera
           Aspera.assert_type(certificate, Hash)
           certificate = certificate.symbolize_keys
           raise "unexpected key in certificate config: only: #{CERT_PARAMETERS.join(', ')}" if certificate.keys.any?{|key|!CERT_PARAMETERS.include?(key)}
-          webrick_options[:SSLPrivateKey] = if certificate.key?(:key)
-            OpenSSL::PKey::RSA.new(File.read(certificate[:key]))
+          if certificate.key?(:pkcs12)
+            Log.log.debug('Using PKCS12 certificate')
+            raise 'pkcs12 requires a key (password)' unless certificate.key?(:key)
+            pkcs12 = OpenSSL::PKCS12.new(File.read(certificate[:pkcs12]), certificate[:key])
+            webrick_options[:SSLCertificate] = pkcs12.certificate
+            webrick_options[:SSLPrivateKey] = pkcs12.key
+            webrick_options[:SSLExtraChainCert] = pkcs12.ca_certs
           else
-            OpenSSL::PKey::RSA.new(4096)
-          end
-          if certificate.key?(:cert)
-            webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.read(certificate[:cert]))
-          else
-            webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new
-            self.class.fill_self_signed_cert(webrick_options[:SSLCertificate], webrick_options[:SSLPrivateKey])
-          end
-          if certificate.key?(:chain)
-            webrick_options[:SSLExtraChainCert] = [OpenSSL::X509::Certificate.new(File.read(certificate[:chain]))]
+            Log.log.debug('Using PEM certificate')
+            webrick_options[:SSLPrivateKey] = if certificate.key?(:key)
+              OpenSSL::PKey::RSA.new(File.read(certificate[:key]))
+            else
+              OpenSSL::PKey::RSA.new(4096)
+            end
+            if certificate.key?(:cert)
+              webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.read(certificate[:cert]))
+            else
+              webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new
+              self.class.fill_self_signed_cert(webrick_options[:SSLCertificate], webrick_options[:SSLPrivateKey])
+            end
+            if certificate.key?(:chain)
+              webrick_options[:SSLExtraChainCert] = [OpenSSL::X509::Certificate.new(File.read(certificate[:chain]))]
+            end
           end
         end
       end
       # call constructor of parent class, but capture STDERR
-      # self signed certificate generates characters on STDERR, see create_self_signed_cert in webrick/ssl.rb
+      # self signed certificate generates characters on STDERR
+      # see create_self_signed_cert in webrick/ssl.rb
       Log.capture_stderr { super(webrick_options) }
     end