Permalink
Browse files

Allows PKCS12 client certificate

  • Loading branch information...
1 parent 7feb028 commit a1b52f231dd7521964291e2f0fe96d98655e7d58 @gareth gareth committed Oct 22, 2013
Showing with 50 additions and 0 deletions.
  1. +8 −0 lib/httparty/connection_adapter.rb
  2. +42 −0 spec/httparty/connection_adapter_spec.rb
@@ -147,6 +147,14 @@ def attach_ssl_certificates(http, options)
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
end
+ # PKCS12 client certificate authentication
+ if options[:p12]
+ p12 = OpenSSL::PKCS12.new(options[:p12], options[:p12_password])
+ http.cert = p12.certificate
+ http.key = p12.key
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ end
+
# SSL certificate authority file and/or directory
if options[:ssl_ca_file]
http.ca_file = options[:ssl_ca_file]
@@ -251,6 +251,48 @@
end
end
end
+
+ context "when providing PKCS12 certificates" do
+ let(:p12) { :p12_contents }
+ let(:options) { {:p12 => p12, :p12_password => "password"} }
+
+ context "when scheme is https" do
+ let(:uri) { URI 'https://google.com' }
+ let(:pkcs12) { mock("OpenSSL::PKCS12", certificate: cert, key: key) }
+ let(:cert) { mock("OpenSSL::X509::Certificate") }
+ let(:key) { mock("OpenSSL::PKey::RSA") }
+
+ before do
+ OpenSSL::PKCS12.should_receive(:new).with(p12, "password").and_return(pkcs12)
+ end
+
+ it "uses the provided P12 certificate " do
+ subject.cert.should == cert
+ subject.key.should == key
+ end
+
+ it "will verify the certificate" do
+ subject.verify_mode.should == OpenSSL::SSL::VERIFY_PEER
+ end
+ end
+
+ context "when scheme is not https" do
+ let(:uri) { URI 'http://google.com' }
+ let(:http) { Net::HTTP.new(uri) }
+
+ before do
+ Net::HTTP.stub(:new => http)
+ OpenSSL::PKCS12.new.should_not_receive(:new).with(p12, "password")
+ http.should_not_receive(:cert=)
+ http.should_not_receive(:key=)
+ end
+
+ it "has no PKCS12 certificate " do
+ subject.cert.should be_nil
+ subject.key.should be_nil
+ end
+ end
+ end
end
end
end

0 comments on commit a1b52f2

Please sign in to comment.