Add option for ssl_cert_key_password

.gitignore

@@ -1,3 +1,4 @@
+.rvmrc
 .DS_Store
 .yardoc
 doc

lib/savon/options.rb

@@ -186,6 +186,11 @@ def ssl_cert_key_file(file)
       @options[:ssl_cert_key_file] = file
     end
 
+    # Sets the cert key password to use.
+    def ssl_cert_key_password(password)
+      @options[:ssl_cert_key_password] = password
+    end
+
     # Sets the cert file to use.
     def ssl_cert_file(file)
       @options[:ssl_cert_file] = file

lib/savon/request.rb

@@ -25,10 +25,10 @@ def configure_timeouts
     def configure_ssl
       @http_request.auth.ssl.ssl_version   = @globals[:ssl_version]       if @globals.include? :ssl_version
       @http_request.auth.ssl.verify_mode   = @globals[:ssl_verify_mode]   if @globals.include? :ssl_verify_mode
-
       @http_request.auth.ssl.cert_key_file = @globals[:ssl_cert_key_file] if @globals.include? :ssl_cert_key_file
       @http_request.auth.ssl.cert_file     = @globals[:ssl_cert_file]     if @globals.include? :ssl_cert_file
       @http_request.auth.ssl.ca_cert_file  = @globals[:ssl_ca_cert_file]  if @globals.include? :ssl_ca_cert_file
+      @http_request.auth.ssl.cert_key_password = @globals[:ssl_cert_key_password] if @globals.include? :ssl_cert_key_password
     end
 
   end
@@ -80,6 +80,8 @@ def configure_ssl
       @http_request.auth.ssl.cert_key_file = @globals[:ssl_cert_key_file] if @globals.include? :ssl_cert_key_file
       @http_request.auth.ssl.cert_file     = @globals[:ssl_cert_file]     if @globals.include? :ssl_cert_file
       @http_request.auth.ssl.ca_cert_file  = @globals[:ssl_ca_cert_file]  if @globals.include? :ssl_ca_cert_file
+
+      @http_request.auth.ssl.cert_key_password = @globals[:ssl_cert_key_password] if @globals.include? :ssl_cert_key_password
     end
 
     def configure_auth

spec/fixtures/ssl/client_encrypted_key.pem

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIi+Fi+FH7OtACAggA
+MBQGCCqGSIb3DQMHBAivzaRTYRNk4QSCBMhnQ7/NN0ljkAwADHknQi4dgbBU+FV+
+vY+ypRCTLp7UongPMDS+pC6TyOFGeHz4Yri3UvmEIN5DlBlAfjPI6+lBswjOIrpw
+6CaZXrX4oefjh73c2OcQlYKw9w03ppfmfO0v1t6oPLiK6M8sNQ5lgb8d9eG3r6Dp
+LqIp4I6WeGcoXIpVYE35sz6wmLQ2Q626KY/5BPVAgMVG3K1g1haxZIAQBQE63cqz
+JK3IUiG2r6Q6vOyZ+Iz9KolEf3RVvW/RgOrb0dLbbLkDOL8G6dXDgWEeYtqGZpPR
+BktU2Kf7lr0BAgbI3eLubmIufhonoV4VkHVYu1ZSACwSl2HEqDl5aF5hP3wOtfS5
+Ls62Z1ATO/24dG1oI8xL3YCeTzoa1Lmyeh+HFRncoVU5CdQgyzY9d5yr1x70AwN+
+MpVwd0+WGyESiRVd4dN8n99SY/bTaYJxv8P+wOrbjld9Q3mF3vxx6Nkkfboai1wD
+bY9i/B5/TZip5FBnZbJiYakc+yoB6Bf1UuIZA9T9EIY2K7VhTeuEjTTqJVf7dp/C
+ZqVSNCHO3eAUMByrshznw2YCia8Q1VAXgIbnZ8RvUxxIZVUDTxuWPkBJkcrmMgKt
+GvD2YYIOIuFwTLCFBTlcXNl8kNYc9VRAnK7efi9xrzINod0VSV5hj1PYT4e2khnS
+4cngMTbbNwWP8Rg7pSxzwWIwc8Zkytde5gnfkBFv+g8o+JRM2ZB3wkiUhEkf0Vht
+gl3K9LFqdqN+EsRjXR/a16sVK3Uer7zcy/NLzvo/rF0YKRmb+apDIFO/vtCX9qyH
++pBofVO+RNb2T2ZY1iSvyjv/d7nNXRnLArecralQjekh+AKIBsl5R0nsSnQu6ydn
+yDteKDuOPnVl4qQowVbmGg7juHW9j4u98H7cW4RN/txegG1J7gbFFdl2bjYQ/PGZ
+iAG53QvjmvRRaiPCNOB3PYm1yO/1vCPAKlOeBYywF53BSxCDx9OjP0eXROdQGiZV
+XEkDqf742R9/8Fy1ETcriEzRVWv4nSRmB+yfMfHcTZZiJnEF9RUYQVxBVfpwBi8t
+I8N46L2iNeY4itbN8Ke3U3EfntdoZMNI1uN/haDmLFuRuzZIBkSl3YsnsDJXaT5P
+KjPPiZWkxsC3KUYeisefjNHonkM6JXqAy9ElyWrjSPhioMLTy3Qwus8NPGLWkMfI
+bpy7Z63xRf9tifXoANLOqC/VVXOCn4m/eEUAMi0EQZ7QbysopFigiri/MFidXf90
+aIUMiPmCTzLDBJfHozyalMVf3aJFbDJdlAmFtasAP1aPgqReAb9s+6U3wkE8VtGB
+rneBPhejj9FzrWMludgPLDRvfzr6/0nG2GC7XbOnKPd0RbKFtZaJuT18Jhil5Bwb
+S2MBrUnxMmOge9N5ZIyzXk+lPFRMkHmY64h+P/Op9w8tVYCFlj4HjAboVpJAGIq4
+gPgT3Q/0ghRyyBjBrmSDuk+/1s7qc/lWUONFAJaSCRdhpM9I8il5QYHPM6Z9JCg+
+PrfHftP+bU0xht7mVI5ew1OjWTZEym0/ALEyqddLz0qFYejKSemx8EMze8cN2wEE
+OTAqyVBLo+7HJ2FbIXMgRNSc4P77jmeEG0/4WsreMOeI1/6nOiwqvipuLY9ojc9v
+TGQ=
+-----END ENCRYPTED PRIVATE KEY-----

spec/fixtures/ssl/client_encrypted_key_cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEBTCCAu2gAwIBAgIJAKoJLHwFIyVbMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD
+VQQGEwJVUzERMA8GA1UECAwIVmlyZ2luaWExEzARBgNVBAcMCkFsZXhhbmRyaWEx
+GDAWBgNVBAoMD1Rlc3RpbmcgQ28sIExMQzEQMA4GA1UECwwHVGVzdGluZzEUMBIG
+A1UEAwwLZXhhbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5j
+b20wHhcNMTMwMTI1MTUwNDEwWhcNNDMwMTE4MTUwNDEwWjCBmDELMAkGA1UEBhMC
+VVMxETAPBgNVBAgMCFZpcmdpbmlhMRMwEQYDVQQHDApBbGV4YW5kcmlhMRgwFgYD
+VQQKDA9UZXN0aW5nIENvLCBMTEMxEDAOBgNVBAsMB1Rlc3RpbmcxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1wbGUuY29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gYiV5ufeedy/paVEJ9eJAZo
+t3zFO+9UJzrIFWGhDdTB8AwX6ZE3koKV105i3nRKN+I6dS6+7APB607CqTqdzuqa
+/5qLnV2d73BuTAZabeClE4/8HXsDoQH42KcPQfVQ/nCuTPjuGUEUqIWVFpwKcZmV
+UP82Ezf31fOqtzVI6cSgOwWSflgFFdKRyCk0R1eNznRj2rvfYtypIplV715d1Qqk
+k+XXmMIWIobNT/utgf6n39e89VPzu9EZ5vSpCflWvCkeAnjavWLD/MJktRJqQqlx
+dFTWvzIxYAhJR6M+zB4a6UGDzj6NG1ujrtIdBaK1Jq6iXO4WDryRMs8RPF0UmwID
+AQABo1AwTjAdBgNVHQ4EFgQUjEykvRbAg/ju1UIvMuozlXzKRpYwHwYDVR0jBBgw
+FoAUjEykvRbAg/ju1UIvMuozlXzKRpYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQUFAAOCAQEAhvgvCfZcQlEJwRZMYd1AUOS39fs90Nc5hezaIN1I6bqzW0+ka45Y
+MAxcq7BTOZfVO+DTEAB/IW7yR4Np8mzWSp7gDnyP3wyOX4Lce2lUZQ2fQI71pupf
+tXwpp0bGGgzeUeJK8MFBUiFMUBiJuUMsY2hYIqJ2gYlazMEQp67jV0fdgcgj3nak
+3cnC9GbHZj/QXwRAlj3dp1CDrMHqvbrCZ6jW7YS/+dVUn24oMadyIX0E88EBgP+l
+Wu4gvzn2nkV8L4Ukcspt7Mqvr/YGlWu/8GPVACUp1AdZH7YJ7ARZE7SVgxR/iNGd
+HJclQ/939s63ZNrnsOR+6qrhcC3c83UARw==
+-----END CERTIFICATE-----

spec/savon/options_spec.rb

@@ -325,6 +325,19 @@ def mock_stdout
       client.call(:authenticate)
     end
   end
+
+  context "global :ssl_cert_key_password" do
+    it "sets the encrypted cert key file password to use" do
+      cert_key = File.expand_path("../../fixtures/ssl/client_encrypted_key.pem", __FILE__)
+      cert_key_pass = "secure-password!42"
+      HTTPI::Auth::SSL.any_instance.expects(:cert_key_file=).with(cert_key).twice
+      HTTPI::Auth::SSL.any_instance.expects(:cert_key_password=).with(cert_key_pass).twice
+
+      client = new_client(:endpoint => @server.url, :ssl_cert_key_file => cert_key, :ssl_cert_key_password => cert_key_pass)
+      client.call(:authenticate)
+    end
+
+  end
 
   context "global :ssl_cert_file" do
     it "sets the cert file to use" do

spec/savon/request_spec.rb

@@ -87,6 +87,54 @@ def new_wsdl_request
       end
     end
 
+    describe "ssl cert key password" do
+      it "is set when specified" do
+        the_pass = "secure-password!42"
+        globals.ssl_cert_key_password(the_pass)
+        http_request.auth.ssl.expects(:cert_key_password=).with(the_pass)
+
+        new_wsdl_request.build
+      end
+
+      it "is not set otherwise" do
+        http_request.auth.ssl.expects(:cert_key_password=).never
+        new_wsdl_request.build
+      end
+    end
+
+    describe "ssl encrypted cert key file" do
+      describe "set with an invalid decrypting password" do
+        it "fails when attempting to use the SSL private key" do
+          pass = "wrong-password"
+          key  = File.expand_path("../../fixtures/ssl/client_encrypted_key.pem", __FILE__)
+          cert = File.expand_path("../../fixtures/ssl/client_encrypted_key_cert.pem", __FILE__)
+
+          globals.ssl_cert_file(cert)
+          globals.ssl_cert_key_password(pass)
+          globals.ssl_cert_key_file(key)
+
+          new_wsdl_request.build
+
+          expect { http_request.auth.ssl.cert_key }.to raise_error(OpenSSL::PKey::RSAError)
+        end
+      end
+      describe "set with a valid decrypting password" do
+        it "handles SSL private keys properly" do
+          pass = "secure-password!42"
+          key  = File.expand_path("../../fixtures/ssl/client_encrypted_key.pem", __FILE__)
+          cert = File.expand_path("../../fixtures/ssl/client_encrypted_key_cert.pem", __FILE__)
+
+          globals.ssl_cert_file(cert)
+          globals.ssl_cert_key_password(pass)
+          globals.ssl_cert_key_file(key)
+
+          new_wsdl_request.build
+
+          http_request.auth.ssl.cert_key.to_s.should =~ /BEGIN RSA PRIVATE KEY/          
+        end
+      end
+    end
+
     describe "ssl cert file" do
       it "is set when specified" do
         cert = File.expand_path("../../fixtures/ssl/client_cert.pem", __FILE__)
@@ -298,6 +346,21 @@ def new_soap_request
         new_soap_request.build
       end
     end
+
+    describe "ssl cert key password" do
+      it "is set when specified" do
+        the_pass = "secure-password!42"
+        globals.ssl_cert_key_password(the_pass)
+        http_request.auth.ssl.expects(:cert_key_password=).with(the_pass)
+
+        new_soap_request.build
+      end
+
+      it "is not set otherwise" do
+        http_request.auth.ssl.expects(:cert_key_password=).never
+        new_soap_request.build
+      end
+    end
 
     describe "ssl cert file" do
       it "is set when specified" do