From 93d64638d43cbd4fe29516a077f2de8423e30090 Mon Sep 17 00:00:00 2001
From: Sergey Yedrikov <syedriko@redhat.com>
Date: Mon, 28 Jun 2021 14:42:16 -0400
Subject: [PATCH] Make ssl_ca_cert_file_path support an array of files

---
 lib/kafka/client.rb      | 5 +++--
 lib/kafka/ssl_context.rb | 4 ++--
 spec/ssl_context_spec.rb | 6 ++++++
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/kafka/client.rb b/lib/kafka/client.rb
index 739e6c1b1..52e36ef31 100644
--- a/lib/kafka/client.rb
+++ b/lib/kafka/client.rb
@@ -1,3 +1,4 @@
+# coding: utf-8
 # frozen_string_literal: true
 
 require "kafka/ssl_context"
@@ -38,8 +39,8 @@ class Client
     # @param ssl_ca_cert [String, Array<String>, nil] a PEM encoded CA cert, or an Array of
     #   PEM encoded CA certs, to use with an SSL connection.
     #
-    # @param ssl_ca_cert_file_path [String, nil] a path on the filesystem to a PEM encoded CA cert
-    #   to use with an SSL connection.
+    # @param ssl_ca_cert_file_path [String, Array<String>, nil] a path on the filesystem, or an
+    #    Array of paths, to PEM encoded CA cert(s) to use with an SSL connection.
     #
     # @param ssl_client_cert [String, nil] a PEM encoded client cert to use with an
     #   SSL connection. Must be used in combination with ssl_client_cert_key.
diff --git a/lib/kafka/ssl_context.rb b/lib/kafka/ssl_context.rb
index 1276b4948..c5eac4542 100644
--- a/lib/kafka/ssl_context.rb
+++ b/lib/kafka/ssl_context.rb
@@ -47,8 +47,8 @@ def self.build(ca_cert_file_path: nil, ca_cert: nil, client_cert: nil, client_ce
         Array(ca_cert).each do |cert|
           store.add_cert(OpenSSL::X509::Certificate.new(cert))
         end
-        if ca_cert_file_path
-          store.add_file(ca_cert_file_path)
+        Array(ca_cert_file_path).each do |cert_file_path|
+          store.add_file(cert_file_path)
         end
         if ca_certs_from_system
           store.set_default_paths
diff --git a/spec/ssl_context_spec.rb b/spec/ssl_context_spec.rb
index 7ce09ce2f..ccadaa80f 100644
--- a/spec/ssl_context_spec.rb
+++ b/spec/ssl_context_spec.rb
@@ -31,6 +31,12 @@
     }.to raise_exception(ArgumentError)
   end
 
+  it "raises an OpenSSL::X509::StoreError if an array of non-existing files is passed for ca_cert_file_path" do
+    expect {
+      Kafka::SslContext.build(ca_cert_file_path: ["no_such_file", "no_such_file_either"])
+    }.to raise_exception(OpenSSL::X509::StoreError)
+  end
+
   context "with self signed cert fixtures" do
     # How the certificates were generated, they are not actually in a chain
     # openssl req -newkey rsa:2048 -nodes -keyout spec/fixtures/client_cert_key.pem -x509 -days 365 -out spec/fixtures/client_cert.pem