From 5139b8df47a43b12c7df240a1eaae58b39619377 Mon Sep 17 00:00:00 2001
From: Markus Strehle <11627201+strehle@users.noreply.github.com>
Date: Tue, 21 Nov 2023 15:08:13 +0100
Subject: [PATCH] Support ca_file for http client in curl mode (#130)

With curl simulation mode the parameters from curl needs to be passed
The parameters from uaac target xxx are not used here.
Therefore, ca cert was missing. -b for --skip-ssl-validation is available
For uaac target --ca-cert there is was no setting.
Added -C or --cacert because these are the parameters from curl
---
 lib/uaa/cli/curl.rb |  6 +++++-
 spec/curl_spec.rb   | 15 +++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/uaa/cli/curl.rb b/lib/uaa/cli/curl.rb
index 05560bc..5d2ea1d 100644
--- a/lib/uaa/cli/curl.rb
+++ b/lib/uaa/cli/curl.rb
@@ -27,9 +27,10 @@ class CurlCli < CommonCli
     define_option :data, "-d", "--data <data>", "data included in request body"
     define_option :header, "-H", "--header <header>", "header to be included in the request"
     define_option :insecure, "-k", "--insecure", "makes request without verifying SSL certificates"
+    define_option :cacert, "-C", "--cacert <ca_file>", "CA certificate to verify peer against"
     define_option :bodyonly, "-b", "--bodyonly", "show body only in response"
 
-    desc "curl [path]", "CURL to a UAA endpoint", :request, :data, :header, :insecure , :bodyonly do |path|
+    desc "curl [path]", "CURL to a UAA endpoint", :request, :data, :header, :insecure , :bodyonly, :cacert do |path|
       return say_command_help(["curl"]) unless path
 
       uri = parse_uri(path)
@@ -65,6 +66,9 @@ def make_request(uri, options)
         http.use_ssl = true
         if options[:insecure]
           http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        elsif options[:cacert]
+          http.ca_file = File.expand_path(options[:cacert])
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
         end
       end
       request_class = Net::HTTP.const_get("#{options[:request][0]}#{options[:request][1..-1].downcase}")
diff --git a/spec/curl_spec.rb b/spec/curl_spec.rb
index 8e96010..a1d3065 100644
--- a/spec/curl_spec.rb
+++ b/spec/curl_spec.rb
@@ -37,6 +37,7 @@ module CF::UAA
       Cli.output.string.should include "-d | --data <data>"
       Cli.output.string.should include "-k | --insecure"
       Cli.output.string.should include "-b | --bodyonly"
+      Cli.output.string.should include "-C | --cacert"
     end
 
     it "hits the URL on the UAA target" do
@@ -108,5 +109,19 @@ module CF::UAA
       Cli.output.string.should_not include "ECONNRESET"
       Cli.output.string.should include "200 OK"
     end
+
+    it "makes insecure requests without the -k flag" do
+      Cli.run("curl https://example.com/")
+
+      Cli.output.string.should_not include "ECONNRESET"
+      Cli.output.string.should include "200 OK"
+    end
+
+    it "makes requests using invalid custom ca cert file with the -C flag" do
+      Cli.run("curl https://example.com/ -C ca.pem")
+
+      Cli.output.string.should_not include "200 OK"
+      Cli.output.string.should include "SSLError"
+    end
   end
 end