Class: HTTPI::Auth::SSL
- Inherits:
-
Object
- Object
- HTTPI::Auth::SSL
- Defined in:
- lib/httpi/auth/ssl.rb
Overview
HTTPI::Auth::SSL
Provides SSL client authentication.
Constant Summary collapse
- VERIFY_MODES =
[:none, :peer, :fail_if_no_peer_cert, :client_once]
- CERT_TYPES =
[:pem, :der]
- SSL_VERSIONS =
if ssl_context.const_defined? :METHODS_MAP ssl_context.const_get(:METHODS_MAP).keys else ssl_context::METHODS.reject { |method| method.match(/server|client/) } end.sort.reverse
Instance Attribute Summary collapse
-
#ca_cert ⇒ Object
Returns an
OpenSSL::X509::Certificate
for theca_cert_file
. -
#ca_cert_file ⇒ Object
Accessor for the cacert file to validate SSL certificates.
-
#ca_cert_path ⇒ Object
Accessor for the ca_path to validate SSL certificates.
-
#cert ⇒ Object
Returns an
OpenSSL::X509::Certificate
for thecert_file
. -
#cert_file ⇒ Object
Accessor for the cert file to validate SSL connections.
-
#cert_key ⇒ Object
Returns an
OpenSSL::PKey
subclass (usuallyOpenSSL::PKey::RSA
) for thecert_key_file
. -
#cert_key_file ⇒ Object
Accessor for the cert key file to validate SSL certificates.
-
#cert_key_password ⇒ Object
Accessor for the cert key password to validate SSL certificates.
-
#cert_store ⇒ Object
ertificate store holds trusted CA certificates used to verify peer certificates.
Instance Method Summary collapse
-
#cert_type ⇒ Object
Returns the cert type to validate SSL certificates PEM|DER.
-
#cert_type=(type) ⇒ Object
Sets the cert type to validate SSL certificates PEM|DER.
-
#openssl_verify_mode ⇒ Object
Returns the SSL verify mode as a
OpenSSL::SSL::VERIFY_*
constant. -
#present? ⇒ Boolean
Returns whether SSL configuration is present.
-
#ssl_version ⇒ Object
Returns the SSL version number.
-
#ssl_version=(version) ⇒ Object
Sets the SSL version number.
-
#verify_mode ⇒ Object
Returns the SSL verify mode.
-
#verify_mode=(mode) ⇒ Object
Sets the SSL verify mode.
Instance Attribute Details
#ca_cert ⇒ Object
Returns an OpenSSL::X509::Certificate
for the ca_cert_file
.
102 103 104 |
# File 'lib/httpi/auth/ssl.rb', line 102 def ca_cert @ca_cert ||= OpenSSL::X509::Certificate.new File.read(ca_cert_file) end |
#ca_cert_file ⇒ Object
Accessor for the cacert file to validate SSL certificates.
40 41 42 |
# File 'lib/httpi/auth/ssl.rb', line 40 def ca_cert_file @ca_cert_file end |
#ca_cert_path ⇒ Object
Accessor for the ca_path to validate SSL certificates.
43 44 45 |
# File 'lib/httpi/auth/ssl.rb', line 43 def ca_cert_path @ca_cert_path end |
#cert ⇒ Object
Returns an OpenSSL::X509::Certificate
for the cert_file
.
94 95 96 |
# File 'lib/httpi/auth/ssl.rb', line 94 def cert @cert ||= (OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file) end |
#cert_file ⇒ Object
Accessor for the cert file to validate SSL connections.
37 38 39 |
# File 'lib/httpi/auth/ssl.rb', line 37 def cert_file @cert_file end |
#cert_key ⇒ Object
Returns an OpenSSL::PKey
subclass (usually OpenSSL::PKey::RSA
) for the cert_key_file
.
110 111 112 |
# File 'lib/httpi/auth/ssl.rb', line 110 def cert_key @cert_key ||= (OpenSSL::PKey.read(File.read(cert_key_file), cert_key_password) if cert_key_file) end |
#cert_key_file ⇒ Object
Accessor for the cert key file to validate SSL certificates.
31 32 33 |
# File 'lib/httpi/auth/ssl.rb', line 31 def cert_key_file @cert_key_file end |
#cert_key_password ⇒ Object
Accessor for the cert key password to validate SSL certificates.
34 35 36 |
# File 'lib/httpi/auth/ssl.rb', line 34 def cert_key_password @cert_key_password end |
#cert_store ⇒ Object
ertificate store holds trusted CA certificates used to verify peer certificates.
46 47 48 |
# File 'lib/httpi/auth/ssl.rb', line 46 def cert_store @cert_store end |
Instance Method Details
#cert_type ⇒ Object
Returns the cert type to validate SSL certificates PEM|DER.
49 50 51 |
# File 'lib/httpi/auth/ssl.rb', line 49 def cert_type @cert_type ||= :pem end |
#cert_type=(type) ⇒ Object
Sets the cert type to validate SSL certificates PEM|DER.
54 55 56 57 58 59 60 61 |
# File 'lib/httpi/auth/ssl.rb', line 54 def cert_type=(type) unless CERT_TYPES.include? type raise ArgumentError, "Invalid SSL cert type #{type.inspect}\n" + "Please specify one of #{CERT_TYPES.inspect}" end @cert_type = type end |
#openssl_verify_mode ⇒ Object
Returns the SSL verify mode as a OpenSSL::SSL::VERIFY_*
constant.
118 119 120 121 122 123 124 125 |
# File 'lib/httpi/auth/ssl.rb', line 118 def openssl_verify_mode case verify_mode when :none then OpenSSL::SSL::VERIFY_NONE when :peer then OpenSSL::SSL::VERIFY_PEER when :fail_if_no_peer_cert then OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT when :client_once then OpenSSL::SSL::VERIFY_CLIENT_ONCE end end |
#present? ⇒ Boolean
Returns whether SSL configuration is present.
24 25 26 27 28 |
# File 'lib/httpi/auth/ssl.rb', line 24 def present? (verify_mode == :none) || (cert && cert_key) || ca_cert_file rescue TypeError, Errno::ENOENT false end |
#ssl_version ⇒ Object
Returns the SSL version number. Defaults to nil
(auto-negotiate).
79 80 81 |
# File 'lib/httpi/auth/ssl.rb', line 79 def ssl_version @ssl_version ||= nil end |
#ssl_version=(version) ⇒ Object
Sets the SSL version number. Expects one of HTTPI::Auth::SSL::SSL_VERSIONS
.
84 85 86 87 88 89 90 91 |
# File 'lib/httpi/auth/ssl.rb', line 84 def ssl_version=(version) unless SSL_VERSIONS.include? version raise ArgumentError, "Invalid SSL version #{version.inspect}\n" + "Please specify one of #{SSL_VERSIONS.inspect}" end @ssl_version = version end |
#verify_mode ⇒ Object
Returns the SSL verify mode. Defaults to :peer
.
64 65 66 |
# File 'lib/httpi/auth/ssl.rb', line 64 def verify_mode @verify_mode ||= :peer end |
#verify_mode=(mode) ⇒ Object
Sets the SSL verify mode. Expects one of HTTPI::Auth::SSL::VERIFY_MODES
.
69 70 71 72 73 74 75 76 |
# File 'lib/httpi/auth/ssl.rb', line 69 def verify_mode=(mode) unless VERIFY_MODES.include? mode raise ArgumentError, "Invalid SSL verify mode #{mode.inspect}\n" + "Please specify one of #{VERIFY_MODES.inspect}" end @verify_mode = mode end |