Class: Baykit::BayServer::Docker::BuiltIn::BuiltInSecureDocker

Inherits:
Baykit::BayServer::Docker::Base::DockerBase show all
Includes:
Agent::Transporter, Bcf, Secure, Util, OpenSSL
Defined in:
lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb

Constant Summary collapse

DEFAULT_CLIENT_AUTH = 
false
DEFAULT_SSL_PROTOCOL = 
"TLS"

Instance Attribute Summary collapse

Attributes inherited from Baykit::BayServer::Docker::Base::DockerBase

#type

Instance Method Summary collapse

Methods inherited from Baykit::BayServer::Docker::Base::DockerBase

#init_docker, #to_s

Constructor Details

#initializeBuiltInSecureDocker

Returns a new instance of BuiltInSecureDocker.



37
38
39
40
41
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 37

def initialize
  @client_auth = DEFAULT_CLIENT_AUTH
  @ssl_protocol = DEFAULT_SSL_PROTOCOL
  @app_protocols = []
end

Instance Attribute Details

#app_protocolsObject (readonly)

Returns the value of attribute app_protocols.



35
36
37
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 35

def app_protocols
  @app_protocols
end

#cert_fileObject (readonly)

Returns the value of attribute cert_file.



30
31
32
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 30

def cert_file
  @cert_file
end

#certsObject (readonly)

Returns the value of attribute certs.



31
32
33
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 31

def certs
  @certs
end

#certs_passObject (readonly)

Returns the value of attribute certs_pass.



32
33
34
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 32

def certs_pass
  @certs_pass
end

#client_authObject (readonly)

Returns the value of attribute client_auth.



27
28
29
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 27

def client_auth
  @client_auth
end

#key_fileObject (readonly)

Returns the value of attribute key_file.



29
30
31
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 29

def key_file
  @key_file
end

#key_storeObject (readonly)

SSL setting



25
26
27
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 25

def key_store
  @key_store
end

#key_store_passObject (readonly)

Returns the value of attribute key_store_pass.



26
27
28
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 26

def key_store_pass
  @key_store_pass
end

#ssl_protocolObject (readonly)

Returns the value of attribute ssl_protocol.



28
29
30
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 28

def ssl_protocol
  @ssl_protocol
end

#sslctxObject (readonly)

Returns the value of attribute sslctx.



34
35
36
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 34

def sslctx
  @sslctx
end

#trace_sslObject (readonly)

Returns the value of attribute trace_ssl.



33
34
35
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 33

def trace_ssl
  @trace_ssl
end

Instance Method Details

#create_transporter(buf_size) ⇒ Object 



112
113
114
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 112

def create_transporter(buf_size)
  SecureTransporter.new(@sslctx, true, buf_size, @trace_ssl)
end

#init(elm, parent) ⇒ Object

Implements Docker



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 47

def init(elm, parent)
  super

  if (@key_store == nil) && ((@key_file == nil) || (@cert_file == nil))
    raise ConfigException.new(elm.file_name, elm.line_no, "Key file or cert file is not specified")
  end

  begin
    init_ssl()
  rescue ConfigException => e
    raise e
  rescue => e
    BayLog.error_e(e)
    raise ConfigException.new(elm.file_name, elm.line_no, BayMessage.get(:CFG_SSL_INIT_ERROR, e.message))
  end
end

#init_key_val(kv) ⇒ Object

Implements DockerBase



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 68

def init_key_val(kv)
  case kv.key.downcase
  when "key"
    @key_file = get_file_path(kv.value)
  when "cert"
    @cert_file = get_file_path(kv.value)
  when "keystore"
    @key_store = get_file_path(kv.value)
  when "keystorepass"
    @key_store_pass = kv.value
  when "clientauth"
    @client_auth = StringUtil.parse_bool(kv.value)
  when "sslprotocol"
    @ssl_protocol = kv.value
  when "trustcerts"
    @certs = get_file_path(kv.value)
  when "certspass"
    @certs_pass = kv.value
  when "tracessl"
    @trace_ssl = StringUtil.parse_bool(kv.value)
  else
    return false
  end
  return true
end

#init_sslObject 



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 120

def init_ssl()
  BayLog.debug("%s init ssl", self)
  @sslctx = SSL::SSLContext.new

  if @key_store == nil
    if @cert_file != nil
      @sslctx.cert = X509::Certificate.new(File.read(@cert_file))
    end
    if @key_file != nil
      @sslctx.key = PKey::RSA.new(File.read(@key_file))
    end
  else
    p12 = OpenSSL::PKCS12.new(File.read(@key_store), @key_store_pass)
    @sslctx.cert = p12.certificate
    @sslctx.key = p12.key
  end
end

#reload_certObject 



116
117
118
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 116

def reload_cert()
  init_ssl()
end

#set_app_protocols(protocols) ⇒ Object

Implements Secure



99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 99

def set_app_protocols(protocols)
  @app_protocols = protocols
  @sslctx.alpn_select_cb = lambda do |protocols|
      if protocols.include?("h2")
        return "h2"
      elsif protocols.include?("http/1.1")
        return "http/1.1"
      else
        return protocols.first
      end
  end
end