Merge pull request #246 from gareth/pkcs12_client_certificates

PKCS12 client certificates
jnunemaker · Oct 22, 2013 · bddaac0 · bddaac0
2 parents 7feb028 + 13f8b35
commit bddaac0
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 0 deletions.
diff --git a/lib/httparty.rb b/lib/httparty.rb
@@ -282,6 +282,17 @@ def pem(pem_contents, password=nil)
       default_options[:pem_password] = password
     end
 
+    # Allows setting a PKCS12 file to be used
+    #
+    #   class Foo
+    #     include HTTParty
+    #     pkcs12 File.read('/home/user/my.p12'), "password"
+    #   end
+    def pkcs12(p12_contents, password)
+      default_options[:p12] = p12_contents
+      default_options[:p12_password] = password
+    end
+
     # Override the way query strings are normalized.
     # Helpful for overriding the default rails normalization of Array queries.
     #

diff --git a/lib/httparty/connection_adapter.rb b/lib/httparty/connection_adapter.rb
@@ -147,6 +147,14 @@ def attach_ssl_certificates(http, options)
           http.verify_mode = OpenSSL::SSL::VERIFY_PEER
         end
 
+        # PKCS12 client certificate authentication
+        if options[:p12]
+          p12 = OpenSSL::PKCS12.new(options[:p12], options[:p12_password])
+          http.cert = p12.certificate
+          http.key = p12.key
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        end
+
         # SSL certificate authority file and/or directory
         if options[:ssl_ca_file]
           http.ca_file = options[:ssl_ca_file]

diff --git a/spec/httparty/connection_adapter_spec.rb b/spec/httparty/connection_adapter_spec.rb
@@ -251,6 +251,48 @@
           end
         end
       end
+
+      context "when providing PKCS12 certificates" do
+        let(:p12) { :p12_contents }
+        let(:options) { {:p12 => p12, :p12_password => "password"} }
+
+        context "when scheme is https" do
+          let(:uri) { URI 'https://google.com' }
+          let(:pkcs12) { mock("OpenSSL::PKCS12", :certificate => cert, :key => key) }
+          let(:cert) { mock("OpenSSL::X509::Certificate") }
+          let(:key) { mock("OpenSSL::PKey::RSA") }
+
+          before do
+            OpenSSL::PKCS12.should_receive(:new).with(p12, "password").and_return(pkcs12)
+          end
+
+          it "uses the provided P12 certificate " do
+            subject.cert.should == cert
+            subject.key.should == key
+          end
+
+          it "will verify the certificate" do
+            subject.verify_mode.should == OpenSSL::SSL::VERIFY_PEER
+          end
+        end
+
+        context "when scheme is not https" do
+          let(:uri) { URI 'http://google.com' }
+          let(:http) { Net::HTTP.new(uri) }
+
+          before do
+            Net::HTTP.stub(:new => http)
+            OpenSSL::PKCS12.new.should_not_receive(:new).with(p12, "password")
+            http.should_not_receive(:cert=)
+            http.should_not_receive(:key=)
+          end
+
+          it "has no PKCS12 certificate " do
+            subject.cert.should be_nil
+            subject.key.should be_nil
+          end
+        end
+      end
     end
   end
 end
diff --git a/spec/httparty_spec.rb b/spec/httparty_spec.rb
@@ -38,6 +38,18 @@
     end
   end
 
+  describe "pkcs12" do
+    it 'should set the p12 content' do
+      @klass.pkcs12 'P12-CONTENT', 'PASSWORD'
+      @klass.default_options[:p12].should == 'P12-CONTENT'
+    end
+
+    it 'should set the password' do
+      @klass.pkcs12 'P12-CONTENT', 'PASSWORD'
+      @klass.default_options[:p12_password].should == 'PASSWORD'
+    end
+  end
+
   describe 'ssl_version' do
     it 'should set the ssl_version content' do
       @klass.ssl_version :SSLv3