Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add verify_https (and https_ca_dir & https_host) options to check SSL…
… certificate (suggested by William Shallum, closes RT#61409); prepare v0.10
- Loading branch information
Showing
6 changed files
with
138 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
package Finance::BankUtils::ID::Mechanize; | ||
# ABSTRACT: A subclass of WWW::Mechanize that does HTTPS certificate verification | ||
|
||
=head1 SYNOPSIS | ||
my $mech = Finance::BankUtils::ID::Mechanize->new( | ||
verify_https => 1, | ||
#https_ca_dir => '/etc/ssl/certs', | ||
https_host => 'example.com', | ||
); | ||
# use as you would WWW::Mechanize object ... | ||
=head1 DESCRIPTION | ||
This is a subclass of WWW::Mechanize that does (optional) HTTPS certificate verification. | ||
=cut | ||
|
||
use 5.010; | ||
use Crypt::SSLeay; | ||
use Log::Any qw($log); | ||
use base qw(WWW::Mechanize); | ||
|
||
=head1 METHODS | ||
=cut | ||
|
||
=head2 new() | ||
=cut | ||
|
||
sub new { | ||
my ($class, %args) = @_; | ||
my $mech = WWW::Mechanize->new; | ||
$mech->{verify_https} = $args{verify_https} // 0; | ||
$mech->{https_ca_dir} = $args{https_ca_dir} // "/etc/ssl/certs"; | ||
$mech->{https_host} = $args{https_host}; | ||
bless $mech, $class; | ||
} | ||
|
||
=head2 request() | ||
=cut | ||
|
||
sub request { | ||
my ($self, $req) = @_; | ||
local $ENV{HTTPS_CA_DIR} = $self->{verify_https} ? | ||
$self->{https_ca_dir} : undef; | ||
$log->trace("HTTPS_CA_DIR = $ENV{HTTPS_CA_DIR}"); | ||
if ($self->{verify_https} && $self->{https_host}) { | ||
$req->header('If-SSL-Cert-Subject', | ||
qr!\Q/CN=$self->{https_host}\E(/|$)!); | ||
} | ||
$log->trace('Mech request: ' . $req->headers_as_string); | ||
my $resp = $self->SUPER::request($req); | ||
$log->trace('Mech response: ' . $resp->headers_as_string); | ||
$resp; | ||
} | ||
|
||
1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
#!perl -Tw | ||
|
||
BEGIN { | ||
unless ($ENV{RELEASE_TESTING}) { | ||
require Test::More; | ||
Test::More::plan(skip_all => 'these tests are for release candidate testing'); | ||
} | ||
} | ||
|
||
use strict; | ||
use Test::More tests => 3-1; | ||
|
||
use Finance::Bank::ID::BCA; | ||
|
||
my $ibank = Finance::Bank::ID::BCA->new(verify_https => 1); | ||
$ibank->_set_default_mech; | ||
|
||
$ibank->mech->get($ibank->site); | ||
ok($ibank->mech->success, 'normal request succeed'); | ||
|
||
# https_ca_dir always set by WWW::Mechanize? | ||
#{ | ||
# local $ibank->mech->{https_ca_dir}; | ||
# my $req = HTTP::Request->new(GET => $ibank->site); | ||
# my $resp = $ibank->mech->request($req); | ||
# like($resp->headers_as_string, | ||
# qr/^Client-SSL-Warning: Peer certificate not verified/m, | ||
# 'request has SSL warning because https_ca_dir unset'); | ||
#} | ||
|
||
$ibank->mech->{https_host} = "example.com"; | ||
eval { $ibank->mech->get($ibank->site) }; | ||
like($@, qr/Bad SSL certificate subject/, 'request failed because https_host doesnt match'); |