Class: Baykit::BayServer::Docker::BuiltIn::BuiltInSecureDocker

Inherits:

Baykit::BayServer::Docker::Base::DockerBase

Object
Baykit::BayServer::Docker::Base::DockerBase
Baykit::BayServer::Docker::BuiltIn::BuiltInSecureDocker

show all

Includes:: Agent, Agent::Multiplexer, Bcf, Secure, Util, OpenSSL

Defined in:: lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb

Constant Summary collapse

DEFAULT_CLIENT_AUTH =

false

DEFAULT_SSL_PROTOCOL =

"TLS"

Instance Attribute Summary collapse

#app_protocols ⇒ Object readonly

Returns the value of attribute app_protocols.
#cert_file ⇒ Object readonly

Returns the value of attribute cert_file.
#certs ⇒ Object readonly

Returns the value of attribute certs.
#certs_pass ⇒ Object readonly

Returns the value of attribute certs_pass.
#client_auth ⇒ Object readonly

Returns the value of attribute client_auth.
#key_file ⇒ Object readonly

Returns the value of attribute key_file.
#key_store ⇒ Object readonly

SSL setting.
#key_store_pass ⇒ Object readonly

Returns the value of attribute key_store_pass.
#ssl_protocol ⇒ Object readonly

Returns the value of attribute ssl_protocol.
#sslctx ⇒ Object readonly

Returns the value of attribute sslctx.
#trace_ssl ⇒ Object readonly

Returns the value of attribute trace_ssl.

Attributes inherited from Baykit::BayServer::Docker::Base::DockerBase

#type

Instance Method Summary collapse

#init(elm, parent) ⇒ Object

Implements Docker.
#init_key_val(kv) ⇒ Object

Implements DockerBase.
#init_ssl ⇒ Object
#initialize ⇒ BuiltInSecureDocker constructor

A new instance of BuiltInSecureDocker.
#new_transporter(agt_id, sip, buf_size) ⇒ Object
#reload_cert ⇒ Object
#set_app_protocols(protocols) ⇒ Object

Implements Secure.

Methods included from Docker

#type

Methods inherited from Baykit::BayServer::Docker::Base::DockerBase

#init_docker, #to_s

Constructor Details

#initialize ⇒ `BuiltInSecureDocker`

Returns a new instance of BuiltInSecureDocker.

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 39

def initialize
  @client_auth = DEFAULT_CLIENT_AUTH
  @ssl_protocol = DEFAULT_SSL_PROTOCOL
  @app_protocols = []
end

Instance Attribute Details

#app_protocols ⇒ `Object` (readonly)

Returns the value of attribute app_protocols.



37
38
39

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 37

def app_protocols
  @app_protocols
end

#cert_file ⇒ `Object` (readonly)

Returns the value of attribute cert_file.



32
33
34

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 32

def cert_file
  @cert_file
end

#certs ⇒ `Object` (readonly)

Returns the value of attribute certs.



33
34
35

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 33

def certs
  @certs
end

#certs_pass ⇒ `Object` (readonly)

Returns the value of attribute certs_pass.



34
35
36

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 34

def certs_pass
  @certs_pass
end

#client_auth ⇒ `Object` (readonly)

Returns the value of attribute client_auth.



29
30
31

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 29

def client_auth
  @client_auth
end

#key_file ⇒ `Object` (readonly)

Returns the value of attribute key_file.



31
32
33

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 31

def key_file
  @key_file
end

#key_store ⇒ `Object` (readonly)

SSL setting



27
28
29

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 27

def key_store
  @key_store
end

#key_store_pass ⇒ `Object` (readonly)

Returns the value of attribute key_store_pass.



28
29
30

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 28

def key_store_pass
  @key_store_pass
end

#ssl_protocol ⇒ `Object` (readonly)

Returns the value of attribute ssl_protocol.



30
31
32

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 30

def ssl_protocol
  @ssl_protocol
end

#sslctx ⇒ `Object` (readonly)

Returns the value of attribute sslctx.



36
37
38

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 36

def sslctx
  @sslctx
end

#trace_ssl ⇒ `Object` (readonly)

Returns the value of attribute trace_ssl.



35
36
37

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 35

def trace_ssl
  @trace_ssl
end

Instance Method Details

#init(elm, parent) ⇒ `Object`

Implements Docker

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 49

def init(elm, parent)
  super

  if (@key_store == nil) && ((@key_file == nil) || (@cert_file == nil))
    raise ConfigException.new(elm.file_name, elm.line_no, "Key file or cert file is not specified")
  end

  begin
    init_ssl()
  rescue ConfigException => e
    raise e
  rescue => e
    BayLog.error_e(e)
    raise ConfigException.new(elm.file_name, elm.line_no, BayMessage.get(:CFG_SSL_INIT_ERROR, e.message))
  end
end

#init_key_val(kv) ⇒ `Object`

Implements DockerBase

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 70

def init_key_val(kv)
  case kv.key.downcase
  when "key"
    @key_file = get_file_path(kv.value)
  when "cert"
    @cert_file = get_file_path(kv.value)
  when "keystore"
    @key_store = get_file_path(kv.value)
  when "keystorepass"
    @key_store_pass = kv.value
  when "clientauth"
    @client_auth = StringUtil.parse_bool(kv.value)
  when "sslprotocol"
    @ssl_protocol = kv.value
  when "trustcerts"
    @certs = get_file_path(kv.value)
  when "certspass"
    @certs_pass = kv.value
  when "tracessl"
    @trace_ssl = StringUtil.parse_bool(kv.value)
  else
    return false
  end
  return true
end

#init_ssl ⇒ `Object`

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 129

def init_ssl()
  BayLog.debug("%s init ssl", self)
  @sslctx = SSL::SSLContext.new

  if @key_store == nil
    if @cert_file != nil
      @sslctx.cert = X509::Certificate.new(File.read(@cert_file))
    end
    if @key_file != nil
      @sslctx.key = PKey::RSA.new(File.read(@key_file))
    end
  else
    p12 = OpenSSL::PKCS12.new(File.read(@key_store), @key_store_pass)
    @sslctx.cert = p12.certificate
    @sslctx.key = p12.key
  end
end

#new_transporter(agt_id, sip, buf_size) ⇒ `Object`

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 114

def new_transporter(agt_id, sip, buf_size)
  agt = GrandAgent.get(agt_id)
  return SecureTransporter.new(
    agt.net_multiplexer,
    sip,
    true,
    buf_size,
    @trace_ssl,
    @sslctx)
end

#reload_cert ⇒ `Object`



125
126
127

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 125

def reload_cert()
  init_ssl()
end

#set_app_protocols(protocols) ⇒ `Object`

Implements Secure

# File 'lib/baykit/bayserver/docker/built_in/built_in_secure_docker.rb', line 101

def set_app_protocols(protocols)
  @app_protocols = protocols
  @sslctx.alpn_select_cb = lambda do |protocols|
      if protocols.include?("h2")
        return "h2"
      elsif protocols.include?("http/1.1")
        return "http/1.1"
      else
        return protocols.first
      end
  end
end

Class: Baykit::BayServer::Docker::BuiltIn::BuiltInSecureDocker

Constant Summary collapse

Instance Attribute Summary collapse

Attributes inherited from Baykit::BayServer::Docker::Base::DockerBase

Instance Method Summary collapse

Methods included from Docker

Methods inherited from Baykit::BayServer::Docker::Base::DockerBase

Constructor Details

#initialize ⇒ BuiltInSecureDocker

Instance Attribute Details

#app_protocols ⇒ Object (readonly)

#cert_file ⇒ Object (readonly)

#certs ⇒ Object (readonly)

#certs_pass ⇒ Object (readonly)

#client_auth ⇒ Object (readonly)

#key_file ⇒ Object (readonly)

#key_store ⇒ Object (readonly)

#key_store_pass ⇒ Object (readonly)

#ssl_protocol ⇒ Object (readonly)

#sslctx ⇒ Object (readonly)

#trace_ssl ⇒ Object (readonly)