module OneviewSDK::SSLHelper

SSL certificate helper

Constants

CERT_STORE

Public Class Methods

check_cert(url) click to toggle source

Check to see if the OneView instance's certificate is trusted @param [String] url URL for the OneView Instance to be added @return [Boolean] Whether or not certificate is trusted @raise [OneviewSDK::InvalidURL] if the url is invalid

# File lib/oneview-sdk/ssl_helper.rb, line 44
def self.check_cert(url)
  uri = URI.parse(Addressable::URI.escape(url))
  raise InvalidURL, "Invalid url '#{url}'" unless uri.host
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true if uri.scheme == 'https'
  trusted_certs = load_trusted_certs
  http.cert_store = trusted_certs if trusted_certs
  http.request(Net::HTTP::Get.new(uri.request_uri))
  true
rescue OpenSSL::SSL::SSLError
  false
end
install_cert(url) click to toggle source

Fetch and add the SSL certificate for the OneView instance to the trusted certs store.

Creates/modifies file at ~/.oneview-sdk-ruby/trusted_certs.cer

@param [String] url URL for the OneView Instance to be added @raise [OneviewSDK::InvalidURL] if the url is invalid

# File lib/oneview-sdk/ssl_helper.rb, line 61
def self.install_cert(url)
  uri = URI.parse(Addressable::URI.escape(url))
  raise InvalidURL, "Invalid url '#{url}'" unless uri.host
  options = { use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_NONE }
  pem = Net::HTTP.start(uri.host, uri.port, options) do |http|
    http.peer_cert.to_pem
  end
  raise "Could not download cert from #{url}. You may have to do it manually, and append it to '#{CERT_STORE}'" if pem.nil?

  name = "OneView at #{url}"
  content = "\n#{name}\n"
  content << "#{'=' * name.length}\n"
  content << pem

  cert_dir = File.dirname(CERT_STORE)
  Dir.mkdir(cert_dir) unless File.directory?(cert_dir)
  if File.file?(CERT_STORE) && File.read(CERT_STORE).include?(pem)
    puts 'Cert store already contains this certificate. Skipped!'
    false
  else
    File.open(CERT_STORE, 'a') { |f| f.write content }
    puts "Cert added to '#{CERT_STORE}'. Cert Info: #{content}"
    true
  end
end
load_trusted_certs() click to toggle source

Load any trusted certs and add them to the default SSL cert store.

Looks for a file at ~/.oneview-sdk-ruby/trusted_certs.cer
Note: File must be readable and parseable by X509::Store.add_file method

@return [X509::Store] cert_store

# File lib/oneview-sdk/ssl_helper.rb, line 26
def self.load_trusted_certs
  store = OpenSSL::X509::Store.new
  store.set_default_paths
  begin
    store.add_file(CERT_STORE) if File.file?(CERT_STORE)
  rescue StandardError => e
    puts "WARNING: Failed to load certificate store file at #{CERT_STORE} \n  Message: #{e.message}"
  end
  store
rescue StandardError => e
  puts "WARNING: Failure in #{self}##{__method__} \n  Message: #{e.message}"
  nil
end