From 5b82609f073f33635ba93ba1f75a543d0a403efb Mon Sep 17 00:00:00 2001
From: d036670 <markus.strehle@sap.com>
Date: Sat, 18 Nov 2023 17:58:27 +0100
Subject: [PATCH] Support ca_file for http client in curl mode

With curl simulation mode the parameters from curl needs to be passed
The parameters from uaac target xxx are not used here.
Therefore, ca cert was missing. -b for --skip-ssl-validation is available
For uaac target --ca-cert there is was no setting.
Added -C or --cacert because these are the parameters from curl
---
 lib/uaa/cli/curl.rb |  6 +++++-
 spec/curl_spec.rb   | 15 +++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/uaa/cli/curl.rb b/lib/uaa/cli/curl.rb
index 05560bc..5d2ea1d 100644
--- a/lib/uaa/cli/curl.rb
+++ b/lib/uaa/cli/curl.rb
@@ -27,9 +27,10 @@ class CurlCli < CommonCli
     define_option :data, "-d", "--data <data>", "data included in request body"
     define_option :header, "-H", "--header <header>", "header to be included in the request"
     define_option :insecure, "-k", "--insecure", "makes request without verifying SSL certificates"
+    define_option :cacert, "-C", "--cacert <ca_file>", "CA certificate to verify peer against"
     define_option :bodyonly, "-b", "--bodyonly", "show body only in response"
 
-    desc "curl [path]", "CURL to a UAA endpoint", :request, :data, :header, :insecure , :bodyonly do |path|
+    desc "curl [path]", "CURL to a UAA endpoint", :request, :data, :header, :insecure , :bodyonly, :cacert do |path|
       return say_command_help(["curl"]) unless path
 
       uri = parse_uri(path)
@@ -65,6 +66,9 @@ def make_request(uri, options)
         http.use_ssl = true
         if options[:insecure]
           http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        elsif options[:cacert]
+          http.ca_file = File.expand_path(options[:cacert])
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
         end
       end
       request_class = Net::HTTP.const_get("#{options[:request][0]}#{options[:request][1..-1].downcase}")
diff --git a/spec/curl_spec.rb b/spec/curl_spec.rb
index 8e96010..a1d3065 100644
--- a/spec/curl_spec.rb
+++ b/spec/curl_spec.rb
@@ -37,6 +37,7 @@ module CF::UAA
       Cli.output.string.should include "-d | --data <data>"
       Cli.output.string.should include "-k | --insecure"
       Cli.output.string.should include "-b | --bodyonly"
+      Cli.output.string.should include "-C | --cacert"
     end
 
     it "hits the URL on the UAA target" do
@@ -108,5 +109,19 @@ module CF::UAA
       Cli.output.string.should_not include "ECONNRESET"
       Cli.output.string.should include "200 OK"
     end
+
+    it "makes insecure requests without the -k flag" do
+      Cli.run("curl https://example.com/")
+
+      Cli.output.string.should_not include "ECONNRESET"
+      Cli.output.string.should include "200 OK"
+    end
+
+    it "makes requests using invalid custom ca cert file with the -C flag" do
+      Cli.run("curl https://example.com/ -C ca.pem")
+
+      Cli.output.string.should_not include "200 OK"
+      Cli.output.string.should include "SSLError"
+    end
   end
 end