Implemented net/http helper to use bundled openssl certificates (#7)

.github/workflows/test-and-release.yml

@@ -57,11 +57,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ 'ubuntu-20.04', macos-12 ]
-        ruby_ver: [ '3.0.6', '3.1.4', '3.2.2' ]
+        os: [ 'ubuntu-20.04' ]
+        ruby_ver: [ '2.7.8', '3.0.7', '3.1.5', '3.2.4', '3.3.1' ]
         include:
           - os: windows-latest
-            ruby_ver: '3.1.4'
+            ruby_ver: '3.1.5'
+          - os: macos-12
+            ruby_ver: '3.1.5'
+          - os: macos-14
+            ruby_ver: '3.1.5'
 
     runs-on: ${{ matrix.os }}
 

.gitignore

@@ -6,6 +6,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+/lib/cert/
 
 Gemfile.lock
 

Rakefile

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com).
+# Copyright (c) 2023-2024 [Ribose Inc](https://www.ribose.com).
 # All rights reserved.
 # This file is a part of tebako
 #
@@ -29,7 +29,30 @@ require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 require "rubocop/rake_task"
 
+require "net/http"
+require "fileutils"
+
+namespace :build do
+  desc "Download cacert.pem"
+  task :download_cacert do
+    url = URI("https://curl.se/ca/cacert.pem")
+    FileUtils.mkdir_p("cert")
+    Net::HTTP.start(url.host, url.port, use_ssl: url.scheme == "https") do |http|
+      request = Net::HTTP::Get.new url
+      http.request request do |response|
+        open "cert/cacert.pem.mozilla", "w" do |io|
+          response.read_body do |chunk|
+            io.write chunk
+          end
+        end
+      end
+    end
+  end
+end
+
+task build: "build:download_cacert"
+
+task default: ["build:download_cacert", :spec]
+
 RSpec::Core::RakeTask.new(:spec)
 RuboCop::RakeTask.new
-
-task default: %i[spec]

lib/tebako-runtime.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright (c) 2023 [Ribose Inc](https://www.ribose.com).
+# Copyright (c) 2023-2024 [Ribose Inc](https://www.ribose.com).
 # All rights reserved.
 # This file is a part of tebako
 #
@@ -45,6 +45,7 @@ module TebakoRuntime
     "jing" => "tebako-runtime/adapters/jing",
     "mn2pdf" => "tebako-runtime/adapters/mn2pdf",
     "mnconvert" => "tebako-runtime/adapters/mnconvert",
+    "net/http" => "tebako-runtime/adapters/net-http",
     "sassc" => "tebako-runtime/adapters/sassc"
   }.freeze
 

lib/tebako-runtime/adapters/net-http.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2024 [Ribose Inc](https://www.ribose.com).
+# All rights reserved.
+# This file is a part of tebako
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+CACERT_PEM = File.expand_path("#{__dir__}/../../cert/cacert.pem.mozilla")
+CACERT_PEM_TMP = TebakoRuntime.extract_memfs(CACERT_PEM)
+
+Net::HTTP.class_eval do
+  alias_method :_use_ssl=, :use_ssl=
+
+  def use_ssl=(boolean)
+    self.ca_file = CACERT_PEM_TMP
+    self.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    self._use_ssl = boolean
+  end
+end

lib/tebako-runtime/version.rb

@@ -26,5 +26,5 @@
 # POSSIBILITY OF SUCH DAMAGE.
 
 module TebakoRuntime
-  VERSION = "0.3.1"
+  VERSION = "0.4.0"
 end

spec/runtime_spec.rb

@@ -150,6 +150,22 @@ def tmpdir_name
     require "mnconvert"
   end
 
+  it "provides an adapter for net/http gem" do
+    tfile = File.join(TebakoRuntime.full_gem_path("tebako-runtime"), "lib", "cert", "cacert.pem.mozilla")
+    expect(TebakoRuntime).to receive(:extract_memfs).with(tfile).and_call_original
+    require "net/http"
+
+    uri = URI("https://github.com/tamatebako/tebako-runtime/archive/refs/tags/v0.2.0.tar.gz")
+    http = Net::HTTP.new(uri.host, uri.port)
+
+    expect(http).to receive(:use_ssl=).with(true).and_call_original
+
+    http.use_ssl = true
+
+    expect(http.ca_file).to eq(tfile)
+    expect(http.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
+  end
+
   it "provides an adapter for sassc gem" do
     TebakoRuntime.send(:remove_const, :COMPILER_MEMFS)
     TebakoRuntime::COMPILER_MEMFS = __dir__