ssl_certifier 0.1.0

data/spec/open-uri_ssl_spec.rb

@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe OpenURI do
+  context "SSL operations" do
+    before(:each) do
+      @proxies = %w[http_proxy HTTP_PROXY https_proxy HTTPS_PROXY ftp_proxy FTP_PROXY no_proxy]
+      @old_proxies = @proxies.map {|k| ENV[k] }
+      @proxies.each {|k| ENV[k] = nil }
+    end
+    
+    after(:each) do
+      @proxies.each_with_index {|k, i| ENV[k] = @old_proxies[i] }
+    end
+    
+    it 'should validate with ca_cert specified' do
+      with_https do |srv, dr, url|
+        cacert_filename = "#{dr}/cacert.pem"
+        open(cacert_filename, "w") {|f| f << CA_CERT }
+        open("#{dr}/data", "w") {|f| f << "ddd" }
+        open("#{url}/data", :ssl_ca_cert => cacert_filename) do |f|
+          f.status[0].should == "200"
+          f.read.should == "ddd"
+        end
+        open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE) do |f|
+          f.status[0].should == "200"
+          f.read.should == "ddd"
+        end
+        
+        lambda { open("#{url}/data") {} }.should raise_error(OpenSSL::SSL::SSLError)
+      end
+    end
+    
+    it 'should work via proxy' do
+      with_https do |srv, dr, url|
+        cacert_filename = "#{dr}/cacert.pem"
+        open(cacert_filename, "w") {|f| f << CA_CERT }
+        cacert_directory = "#{dr}/certs"
+        Dir.mkdir cacert_directory
+        hashed_name = "%08x.0" % OpenSSL::X509::Certificate.new(CA_CERT).subject.hash
+        open("#{cacert_directory}/#{hashed_name}", "w") {|f| f << CA_CERT }
+        
+        prxy = WEBrick::HTTPProxyServer.new({
+          :ServerType => Thread,
+          :Logger => WEBrick::Log.new(NullLog),
+          :AccessLog => [[sio=StringIO.new, WEBrick::AccessLog::COMMON_LOG_FORMAT]],
+          :BindAddress => '127.0.0.1',
+          :Port => 0})
+        _, p_port, _, p_host = prxy.listeners[0].addr
+        
+        begin
+          th = prxy.start
+          open("#{dr}/proxy", "w") {|f| f << "proxy" }
+          
+          open("#{url}/proxy", :proxy=>"http://#{p_host}:#{p_port}/", :ssl_ca_cert => cacert_filename) do |f|
+            f.status[0].should == "200"
+            f.read.should == "proxy"
+          end
+          sio.string.should match %r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ]
+          sio.truncate(0); sio.rewind
+          
+          open("#{url}/proxy", :proxy=>"http://#{p_host}:#{p_port}/", :ssl_ca_cert => cacert_directory) do |f|
+            f.status[0].should == "200"
+            f.read.should == "proxy"
+          end
+          sio.string.should match %r[CONNECT #{url.sub(%r{\Ahttps://}, '')} ]
+          sio.truncate(0); sio.rewind
+        ensure
+          prxy.shutdown
+        end
+      end
+    end
+    
+    #TODO: make this a better URL
+    it 'should validate without ca_cert specified' do
+      with_https do |srv, dr, url|
+        open("https://github.com/wingrunr21/ssl_certifier/raw/master/spec/data.txt") do |f|
+          f.status[0].should == "200"
+          f.read.should == "ddd"
+        end
+        open("https://github.com/wingrunr21/ssl_certifier/raw/master/spec/data.txt", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE) do |f|
+          f.status[0].should == "200"
+          f.read.should == "ddd"
+        end
+        
+        #lambda { open("#{url}/data") {} }.should_not raise_error(OpenSSL::SSL::SSLError)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,73 @@
+require 'open-uri'
+require 'openssl'
+require 'webrick'
+require 'webrick/https'
+require 'webrick/httpproxy'
+require 'stringio'
+require 'zlib'
+require 'ssl_certifier'
+
+dr = File.dirname(File.expand_path(__FILE__))
+
+#Read in various files needed for SSL
+SERVER_CERT = File.read(File.join(dr, 'certs', 'server_cert.pem'))
+SERVER_KEY = File.read(File.join(dr, 'certs', 'server_key'))
+CA_CERT = File.read(File.join(dr, 'certs', 'ca_cert.pem'))
+
+#NullLog
+NullLog = Object.new
+def NullLog.<<(arg)
+end
+
+#Various with methods from the open-uri unit tests
+def with_http
+  Dir.mktmpdir {|dr|
+    srv = WEBrick::HTTPServer.new({
+      :DocumentRoot => dr,
+      :ServerType => Thread,
+      :Logger => WEBrick::Log.new(NullLog),
+      :AccessLog => [[NullLog, ""]],
+      :BindAddress => '127.0.0.1',
+      :Port => 0})
+    _, port, _, host = srv.listeners[0].addr
+    begin
+      th = srv.start
+      yield srv, dr, "http://#{host}:#{port}"
+    ensure
+      srv.shutdown
+    end
+  }
+end
+
+def with_env(h)
+  begin
+    old = {}
+    h.each_key {|k| old[k] = ENV[k] }
+    h.each {|k, v| ENV[k] = v }
+    yield
+  ensure
+    h.each_key {|k| ENV[k] = old[k] }
+  end
+end
+
+def with_https
+  Dir.mktmpdir {|dr|
+    srv = WEBrick::HTTPServer.new({
+      :DocumentRoot => dr,
+      :ServerType => Thread,
+      :Logger => WEBrick::Log.new(NullLog),
+      :AccessLog => [[NullLog, ""]],
+      :SSLEnable => true,
+      :SSLCertificate => OpenSSL::X509::Certificate.new(SERVER_CERT),
+      :SSLPrivateKey => OpenSSL::PKey::RSA.new(SERVER_KEY),
+      :BindAddress => '127.0.0.1',
+      :Port => 0})
+    _, port, _, host = srv.listeners[0].addr
+    begin
+      th = srv.start
+      yield srv, dr, "https://#{host}:#{port}"
+    ensure
+      srv.shutdown
+    end
+  }
+end

data/ssl_certifier.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "ssl_certifier/version"
+
+Gem::Specification.new do |s|
+  s.name        = "ssl_certifier"
+  s.version     = SslCertifier::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Stafford Brunk"]
+  s.email       = ["wingrunr21@gmail.com"]
+  s.homepage    = "https://www.github.com/wingrunr21/ssl_certifier"
+  s.summary     = %q{Adds root certificates to the OpenURI module so that SSL connections work properly in Ruby 1.9}
+  s.description = %q{Adds root certificates to the OpenURI module so that SSL connections work properly in Ruby 1.9.  This gem allows for SSL connections to function properly even when Ruby does not have access to the operating system's default root certificates}
+
+  s.rubyforge_project = "ssl_certifier"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  
+  s.add_development_dependency "rspec", "~> 2.5.0"
+end

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: ssl_certifier
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Stafford Brunk
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-05-17 00:00:00.000000000 -04:00
+default_executable: 
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &2154644380 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+  type: :development
+  prerelease: false
+  version_requirements: *2154644380
+description: Adds root certificates to the OpenURI module so that SSL connections
+  work properly in Ruby 1.9.  This gem allows for SSL connections to function properly
+  even when Ruby does not have access to the operating system's default root certificates
+email:
+- wingrunr21@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gemtest
+- .gitignore
+- Gemfile
+- README.rdoc
+- Rakefile
+- certs/cacert.pem
+- lib/ssl_certifier.rb
+- lib/ssl_certifier/open-uri.rb
+- lib/ssl_certifier/version.rb
+- spec/certs/ca_cert.pem
+- spec/certs/server_cert.pem
+- spec/certs/server_key
+- spec/data.txt
+- spec/open-uri_spec.rb
+- spec/open-uri_ssl_spec.rb
+- spec/spec_helper.rb
+- ssl_certifier.gemspec
+has_rdoc: true
+homepage: https://www.github.com/wingrunr21/ssl_certifier
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: ssl_certifier
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: Adds root certificates to the OpenURI module so that SSL connections work
+  properly in Ruby 1.9
+test_files:
+- spec/certs/ca_cert.pem
+- spec/certs/server_cert.pem
+- spec/certs/server_key
+- spec/data.txt
+- spec/open-uri_spec.rb
+- spec/open-uri_ssl_spec.rb
+- spec/spec_helper.rb