Auto merge of #5880 - stan3:ssl_cert_from_gem_config, r=indirect

Use ssl client cert and ca cert settings from gem configuration as fallbacks ### What was the end-user problem that led to this PR? The problem was having to configure ssl client cert and ca cert in bundler and gem. ### What is your fix for the problem, implemented in this PR? My fix makes bundler check the gem configuration for these settings. ### Why did you choose this fix out of the possible options? I chose this fix because it makes sense for the user to only configure these once. Couldn't find existing coverage for this in the tests so haven't added any... Also assume a changelog entry is needed but can't see a unreleased changes section so not sure how this is handled.
author: The Bundler Bot <bot@bundler.io> 2017-08-16 11:14:09 +0000
committer: The Bundler Bot <bot@bundler.io> 2017-08-16 11:14:09 +0000
commit: 246ab43690f517130772bd7d6219539ee60c9703 (patch)
tree: 65e8fdea87701492646c8110518f9d60861bc9ea
parent: 707d0b43e6cdf9a801ef6c47a231b7119faa4fe2 (diff)
parent: 4a55f61c549dce560fecc905168de5b83e4fb7a4 (diff)
download: bundler-246ab43690f517130772bd7d6219539ee60c9703.tar.gz
2 files changed, 53 insertions, 6 deletions
diff --git a/lib/bundler/fetcher.rb b/lib/bundler/fetcher.rb
index 01a0679f7c..5a9617c60a 100644
--- a/lib/bundler/fetcher.rb
+++ b/lib/bundler/fetcher.rb
@@ -249,8 +249,11 @@ module Bundler
           con.cert_store = bundler_cert_store
         end
 
-        if Bundler.settings[:ssl_client_cert]
-          pem = File.read(Bundler.settings[:ssl_client_cert])
+        ssl_client_cert = Bundler.settings[:ssl_client_cert] ||
+          (Bundler.rubygems.configuration.ssl_client_cert if
+            Bundler.rubygems.configuration.respond_to?(:ssl_client_cert))
+        if ssl_client_cert
+          pem = File.read(ssl_client_cert)
           con.cert = OpenSSL::X509::Certificate.new(pem)
           con.key  = OpenSSL::PKey::RSA.new(pem)
         end
@@ -279,11 +282,14 @@ module Bundler
 
     def bundler_cert_store
       store = OpenSSL::X509::Store.new
-      if Bundler.settings[:ssl_ca_cert]
-        if File.directory? Bundler.settings[:ssl_ca_cert]
-          store.add_path Bundler.settings[:ssl_ca_cert]
+      ssl_ca_cert = Bundler.settings[:ssl_ca_cert] ||
+        (Bundler.rubygems.configuration.ssl_ca_cert if
+          Bundler.rubygems.configuration.respond_to?(:ssl_ca_cert))
+      if ssl_ca_cert
+        if File.directory? ssl_ca_cert
+          store.add_path ssl_ca_cert
         else
-          store.add_file Bundler.settings[:ssl_ca_cert]
+          store.add_file ssl_ca_cert
         end
       else
         store.set_default_paths
diff --git a/spec/bundler/fetcher_spec.rb b/spec/bundler/fetcher_spec.rb
index 2746da3bd8..f9e52e09c0 100644
--- a/spec/bundler/fetcher_spec.rb
+++ b/spec/bundler/fetcher_spec.rb
@@ -85,6 +85,47 @@ RSpec.describe Bundler::Fetcher do
         end
       end
     end
+
+    context "when no ssl configuration is set" do
+      it "no cert" do
+        expect(fetcher.send(:connection).cert).to be_nil
+        expect(fetcher.send(:connection).key).to be_nil
+      end
+    end
+
+    context "when bunder ssl ssl configuration is set" do
+      before do
+        allow(Bundler.settings).to receive(:[]).and_return(nil)
+        allow(Bundler.settings).to receive(:[]).with(:ssl_client_cert).and_return("/cert")
+        expect(File).to receive(:read).with("/cert").and_return("")
+        expect(OpenSSL::X509::Certificate).to receive(:new).and_return("cert")
+        expect(OpenSSL::PKey::RSA).to receive(:new).and_return("key")
+      end
+      it "use bundler configuration" do
+        expect(fetcher.send(:connection).cert).to eq("cert")
+        expect(fetcher.send(:connection).key).to eq("key")
+      end
+    end
+
+    context "when gem ssl configuration is set" do
+      before do
+        allow(Bundler.rubygems.configuration).to receive_messages(
+          :http_proxy => nil,
+          :ssl_client_cert => "cert",
+          :ssl_ca_cert => "ca"
+        )
+        expect(File).to receive(:read).and_return("")
+        expect(OpenSSL::X509::Certificate).to receive(:new).and_return("cert")
+        expect(OpenSSL::PKey::RSA).to receive(:new).and_return("key")
+        store = double("ca store")
+        expect(store).to receive(:add_file)
+        expect(OpenSSL::X509::Store).to receive(:new).and_return(store)
+      end
+      it "use gem configuration" do
+        expect(fetcher.send(:connection).cert).to eq("cert")
+        expect(fetcher.send(:connection).key).to eq("key")
+      end
+    end
   end
 
   describe "#user_agent" do
author	The Bundler Bot <bot@bundler.io>	2017-08-16 11:14:09 +0000
committer	The Bundler Bot <bot@bundler.io>	2017-08-16 11:14:09 +0000
commit	246ab43690f517130772bd7d6219539ee60c9703 (patch)
tree	65e8fdea87701492646c8110518f9d60861bc9ea
parent	707d0b43e6cdf9a801ef6c47a231b7119faa4fe2 (diff)
parent	4a55f61c549dce560fecc905168de5b83e4fb7a4 (diff)
download	bundler-246ab43690f517130772bd7d6219539ee60c9703.tar.gz