Tuesday, December 15, 2009

Savon HTTPS Client Certificate Authentication

Rubiii's Savon library has convinced me that performing SOAP requests from Ruby doesn't have to be painful. The only thing I needed that the Savon library did not provide was SSL client certificate authentication and server certificate validation. Fortunately, the Ruby Net/HTTPS library makes that rather easy, so I forked Rubiii's repository and added these two features on my own. As of Savon version 0.6.7, these changes were incorporated into the master Savon repository.

Using client certificate authentication / server certificate validation in Savon 0.6.7+ looks like:

client = Savon::Client.new "http://example.com/UserService?wsdl", :ssl => {
:client_cert => OpenSSL::X509::Certificate.new(File.read("client_cert.pem")),
:client_key => OpenSSL::PKey::RSA.new(File.read("client_key.pem"), "password if one exists"),
:ca_file => "cacert.pem",
:verify => OpenSSL::SSL::VERIFY_PEER

Then just use the client to call your SOAP service normally:

response = client.get_all_users

If this constructor syntax incorporating the various SSL parameters looks familiar, it is because I borrowed it from Adam Wiggin's Rest-Client.