Added require 'yaml' call.

Added ability to override config values when instantiating the Config class, used for testing. The Config class now sets the value of ssl_cert_file and/or ssl_cert_path for use with SSL certificate verification. The Request and IpnNotification classes now verify SSL certificates when making their HTTPS calls. Included tests and supporting file.
tc · Apr 25, 2011 · 7df0e2a · 7df0e2a
1 parent ba4a47e
commit 7df0e2a
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 8 deletions.
diff --git a/lib/config.rb b/lib/config.rb
@@ -1,3 +1,5 @@
+require 'yaml'
+
 module PaypalAdaptive
   class Config
     PAYPAL_BASE_URL_MAPPING = {
@@ -12,27 +14,29 @@ class Config
       :beta_sandbox => "https://svcs.beta-sandbox.paypal.com"
     } unless defined? API_BASE_URL_MAPPING
 
-    attr_accessor :config_filepath, :paypal_base_url, :api_base_url, :headers
+    attr_accessor :config_filepath, :paypal_base_url, :api_base_url, :headers, :ssl_cert_path, :ssl_cert_file
 
-    def initialize(env=nil)
+    def initialize(env=nil, config_override=nil)
       if env
         #non-rails env
         @config_filepath = "../config/paypal_adaptive.yml"
-        load(env)
+        load(env, config_override)
       else
         @config_filepath = File.join(Rails.root, "config/paypal_adaptive.yml")
-        load(Rails.env)
+        load(Rails.env, config_override)
       end
     end
 
-    def load(rails_env)
-      config= YAML.load_file(@config_filepath)[rails_env]
+    def load(rails_env, config_override)
+      config = YAML.load_file(@config_filepath)[rails_env]
+      config.merge!(config_override) unless config_override.nil?
 
       if config["retain_requests_for_test"] == true
         @retain_requests_for_test = true
       else
         pp_env = config['environment'].to_sym
 
+        @ssl_cert_path = nil
         @paypal_base_url = PAYPAL_BASE_URL_MAPPING[pp_env]
         @api_base_url = API_BASE_URL_MAPPING[pp_env]
         @headers = {
@@ -43,6 +47,14 @@ def load(rails_env)
           "X-PAYPAL-REQUEST-DATA-FORMAT" => "JSON",
           "X-PAYPAL-RESPONSE-DATA-FORMAT" => "JSON"
         }
+
+        if ! config['ssl_cert_file'].nil? && File.exists?(config['ssl_cert_file'])
+          @ssl_cert_file = config['ssl_cert_file']
+        elsif File.exists?("/etc/ssl/certs")
+          @ssl_cert_path = "/etc/ssl/certs"
+        else
+          @ssl_cert_file = "../cacert.pem"
+        end
       end
     end
 

diff --git a/lib/ipn_notification.rb b/lib/ipn_notification.rb
@@ -10,13 +10,18 @@ def initialize(env=nil)
       @env = env
       @@config ||= PaypalAdaptive::Config.new(@env)
       @@paypal_base_url ||= @@config.paypal_base_url
+      @@ssl_cert_path ||= @@config.ssl_cert_path
+      @@ssl_cert_file ||= @@config.ssl_cert_file
     end
 
     def send_back(data)
       data = "cmd=_notify-validate&#{data}"
       url = URI.parse @@paypal_base_url
       http = Net::HTTP.new(url.host, 443)
-      http.use_ssl = (url.scheme == 'https')
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      http.ca_path = @@ssl_cert_path unless @@ssl_cert_path.nil?
+      http.ca_file = @@ssl_cert_file
 
       path = "#{@@paypal_base_url}/cgi-bin/webscr"
       resp, response_data = http.post(path, data)

diff --git a/lib/request.rb b/lib/request.rb
@@ -14,6 +14,8 @@ def initialize(env = nil)
       @@config ||= PaypalAdaptive::Config.new(@env)
       @@api_base_url ||= @@config.api_base_url
       @@headers ||= @@config.headers
+      @@ssl_cert_path ||= @@config.ssl_cert_path
+      @@ssl_cert_file ||= @@config.ssl_cert_file
     end
 
     def validate
@@ -74,7 +76,10 @@ def call_api(data, path)
       api_request_data = JSON.unparse(data) rescue data.to_json
       url = URI.parse @@api_base_url
       http = Net::HTTP.new(url.host, 443)
-      http.use_ssl = (url.scheme == 'https')
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      http.ca_path = @@ssl_cert_path unless @@ssl_cert_path.nil?
+      http.ca_file = @@ssl_cert_file
 
       resp, response_data = http.post(path, api_request_data, @@headers)
 

diff --git a/test/config_test.rb b/test/config_test.rb
@@ -0,0 +1,15 @@
+require 'helper'
+require '../lib/request'
+
+class ConfigTest < Test::Unit::TestCase
+  def test_ssl_cert_logic
+    @config = PaypalAdaptive::Config.new("test", { "ssl_cert_file" => "" })
+    assert @config.ssl_cert_file == "../cacert.pem"
+  end
+
+  def test_ssl_cert_file
+    @config = PaypalAdaptive::Config.new("test", { "ssl_cert_file" => "data/dummy_cacert.pem" })
+    assert @config.ssl_cert_file == "data/dummy_cacert.pem"
+    assert @config.ssl_cert_path == nil
+  end
+end
diff --git a/test/data/dummy_cacert.pem b/test/data/dummy_cacert.pem
@@ -0,0 +1 @@
+# Dummy file for testing.