SSL options with Faraday not working as expected

[bbozo]

Seems like apples get fed into oranges somewhere in the Faraday integration, the stack trace:

TypeError: no implicit conversion of OpenSSL::X509::Certificate into String
org/jruby/RubyKernel.java:289:in `open'
/opt/MyApp/vendor/cache/manticore-027d9cc50ba7/lib/manticore/client.rb:652:in `setup_key_store'
/opt/MyApp/vendor/cache/manticore-027d9cc50ba7/lib/manticore/client.rb:619:in `ssl_socket_factory_from_options'
/opt/MyApp/vendor/cache/manticore-027d9cc50ba7/lib/manticore/client.rb:394:in `pool_builder'
/opt/MyApp/vendor/cache/manticore-027d9cc50ba7/lib/manticore/client.rb:402:in `pool'
/opt/MyApp/vendor/cache/manticore-027d9cc50ba7/lib/manticore/client.rb:208:in `initialize'
/opt/MyApp/vendor/cache/manticore-027d9cc50ba7/lib/faraday/adapter/manticore.rb:43:in `client'
/opt/MyApp/vendor/cache/manticore-027d9cc50ba7/lib/faraday/adapter/manticore.rb:70:in `call'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/faraday-0.15.2/lib/faraday/rack_builder.rb:143:in `build_response'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/faraday-0.15.2/lib/faraday/connection.rb:387:in `run_request'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/faraday-0.15.2/lib/faraday/connection.rb:175:in `post'
/opt/MyApp/app/services/directory_server_request.rb:45:in `make_request'
/opt/MyApp/app/services/directory_server_request.rb:24:in `ds_request'
/opt/MyApp/app/services/verify_enrollment_request.rb:141:in `ds_params'
/opt/MyApp/app/forms/authentication_request_form.rb:131:in `get_ds_info'
/opt/MyApp/app/forms/authentication_request_form.rb:64:in `block in response'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/nokogiri-1.8.3-java/lib/nokogiri/xml/builder.rb:391:in `insert'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/nokogiri-1.8.3-java/lib/nokogiri/xml/builder.rb:375:in `method_missing'
/opt/MyApp/app/forms/authentication_request_form.rb:61:in `block in response'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/nokogiri-1.8.3-java/lib/nokogiri/xml/builder.rb:391:in `insert'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/nokogiri-1.8.3-java/lib/nokogiri/xml/builder.rb:375:in `method_missing'
/opt/MyApp/app/forms/authentication_request_form.rb:59:in `block in response'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/nokogiri-1.8.3-java/lib/nokogiri/xml/builder.rb:293:in `initialize'
/opt/MyApp/app/forms/authentication_request_form.rb:58:in `response'
(pry):1:in `<eval>'
org/jruby/RubyKernel.java:995:in `eval'
org/jruby/RubyBinding.java:139:in `eval'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_instance.rb:328:in `evaluate_ruby'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_instance.rb:278:in `re'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_instance.rb:254:in `rep'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_instance.rb:234:in `block in repl'
org/jruby/RubyKernel.java:1316:in `loop'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_instance.rb:232:in `block in repl'
org/jruby/RubyKernel.java:1138:in `catch'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_instance.rb:231:in `block in repl'
org/jruby/RubyKernel.java:1138:in `catch'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_instance.rb:230:in `repl'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-0.9.12.6-java/lib/pry/pry_class.rb:169:in `start'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/pry-nav-0.2.3/lib/pry-nav/pry_ext.rb:17:in `start_with_pry_nav'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/railties-4.2.10/lib/rails/commands/console.rb:110:in `start'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/railties-4.2.10/lib/rails/commands/console.rb:9:in `start'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/railties-4.2.10/lib/rails/commands/commands_tasks.rb:68:in `console'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/railties-4.2.10/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
/opt/MyApp/vendor/bundle/jruby/2.3.0/gems/railties-4.2.10/lib/rails/commands.rb:17:in `<main>'
org/jruby/RubyKernel.java:956:in `require'
bin/rails:4:in `<main>'

Where the connection is built as:

  def make_request ds_url, with
    conn = Faraday.new(ds_url,
      :ssl => {
        :client_cert  => client_cert,
        :client_key   => client_key,
        :ca_file      => ds_cert_file,
        :version      => :'TLSv1_2'
      }) do |faraday|
        faraday.adapter(::Rails.env.test? ? :net_http : :manticore)
      end

    binding.pry if $PRY

    resp = conn.post do |req|
      req.options[:timeout] = configuration[:timeout]
      req.options[:open_timeout] = configuration[:open_timeout]
      req.headers['Content-Type'] = 'application/xml; charset=utf-8'
      req.body = with
    end

    resp.body
  end

  def ds_cert_file
    "#{Rails.root}/trusted_store/ca/eCommerce CA.PEM"
  end

  def ds_cert_path
    "#{Rails.root}/trusted_store/visa_ca"
  end

  def client_cert
    @client_cert ||= 
      OpenSSL::X509::Certificate.new(
        File.new(File.join(TRUSTED_STORE_PATH, "client_cert.pem"), "r"))
  end

  def client_key
    @client_key ||= 
      OpenSSL::PKey::RSA.new(
        File.new(File.join(TRUSTED_STORE_PATH, "client_key.pem"), "r"))
  end

[cheald]

9b84b7bc89d0a191d1db6fda3845210d6e179827 should fix this up!

[cheald]

I spoke too soon - CI failed.

[cheald]

And fixed. Older versions of JRuby apparently ship SSL support that can't handle PKCS#1 keys - Manticore will now convert them to PKCS#8 keys before passing them into Java.