Class: HTTPI::Auth::SSL

Inherits:
Object
  • Object
show all
Defined in:
lib/httpi/auth/ssl.rb

Overview

HTTPI::Auth::SSL

Provides SSL client authentication.

Constant Summary collapse

VERIFY_MODES =
[:none, :peer, :fail_if_no_peer_cert, :client_once]
CERT_TYPES =
[:pem, :der]
SSL_VERSIONS =
if ssl_context.const_defined? :METHODS_MAP
  ssl_context.const_get(:METHODS_MAP).keys
else
  ssl_context::METHODS.reject { |method| method.match(/server|client/) }
end.sort.reverse
MIN_MAX_VERSIONS =

Returns OpenSSL::SSL::*_VERSION values for min_version and max_version

OpenSSL::SSL.constants.select{|constant| constant =~/_VERSION$/}.map{|version| version.to_s.gsub(/_VERSION$/,'').to_sym}.reverse

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#ca_certObject

Returns an OpenSSL::X509::Certificate for the ca_cert_file.


153
154
155
# File 'lib/httpi/auth/ssl.rb', line 153

def ca_cert
  @ca_cert ||= OpenSSL::X509::Certificate.new File.read(ca_cert_file)
end

#ca_cert_fileObject

Accessor for the cacert file to validate SSL certificates.


43
44
45
# File 'lib/httpi/auth/ssl.rb', line 43

def ca_cert_file
  @ca_cert_file
end

#ca_cert_pathObject

Accessor for the ca_path to validate SSL certificates.


46
47
48
# File 'lib/httpi/auth/ssl.rb', line 46

def ca_cert_path
  @ca_cert_path
end

#certObject

Returns an OpenSSL::X509::Certificate for the cert_file.


145
146
147
# File 'lib/httpi/auth/ssl.rb', line 145

def cert
  @cert ||= (OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file)
end

#cert_fileObject

Accessor for the cert file to validate SSL connections.


40
41
42
# File 'lib/httpi/auth/ssl.rb', line 40

def cert_file
  @cert_file
end

#cert_keyObject

Returns an OpenSSL::PKey subclass (usually OpenSSL::PKey::RSA) for the cert_key_file.


161
162
163
# File 'lib/httpi/auth/ssl.rb', line 161

def cert_key
  @cert_key ||= (OpenSSL::PKey.read(File.read(cert_key_file), cert_key_password) if cert_key_file)
end

#cert_key_fileObject

Accessor for the cert key file to validate SSL certificates.


34
35
36
# File 'lib/httpi/auth/ssl.rb', line 34

def cert_key_file
  @cert_key_file
end

#cert_key_passwordObject

Accessor for the cert key password to validate SSL certificates.


37
38
39
# File 'lib/httpi/auth/ssl.rb', line 37

def cert_key_password
  @cert_key_password
end

#cert_storeObject

Certificate store holds trusted CA certificates used to verify peer certificates.


49
50
51
# File 'lib/httpi/auth/ssl.rb', line 49

def cert_store
  @cert_store
end

#ciphersObject

Accessor for the SSL ciphers list.


52
53
54
# File 'lib/httpi/auth/ssl.rb', line 52

def ciphers
  @ciphers
end

Instance Method Details

#cert_typeObject

Returns the cert type to validate SSL certificates PEM|DER.


70
71
72
# File 'lib/httpi/auth/ssl.rb', line 70

def cert_type
  @cert_type ||= :pem
end

#cert_type=(type) ⇒ Object

Sets the cert type to validate SSL certificates PEM|DER.


75
76
77
78
79
80
81
82
# File 'lib/httpi/auth/ssl.rb', line 75

def cert_type=(type)
  unless CERT_TYPES.include? type
    raise ArgumentError, "Invalid SSL cert type #{type.inspect}\n" +
                         "Please specify one of #{CERT_TYPES.inspect}"
  end

  @cert_type = type
end

#max_versionObject

Returns the SSL min_version number. Defaults to nil (auto-negotiate).


130
131
132
# File 'lib/httpi/auth/ssl.rb', line 130

def max_version
  @max_version ||= nil
end

#max_version=(version) ⇒ Object

Sets the SSL min_version number. Expects one of HTTPI::Auth::SSL::MIN_MAX_VERSIONS.


135
136
137
138
139
140
141
142
# File 'lib/httpi/auth/ssl.rb', line 135

def max_version=(version)
  unless MIN_MAX_VERSIONS.include? version
    raise ArgumentError, "Invalid SSL max_version #{version.inspect}\n" +
                         "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
  end

  @max_version = version
end

#min_versionObject

Returns the SSL min_version number. Defaults to nil (auto-negotiate).


115
116
117
# File 'lib/httpi/auth/ssl.rb', line 115

def min_version
  @min_version ||= nil
end

#min_version=(version) ⇒ Object

Sets the SSL min_version number. Expects one of HTTPI::Auth::SSL::MIN_MAX_VERSIONS.


120
121
122
123
124
125
126
127
# File 'lib/httpi/auth/ssl.rb', line 120

def min_version=(version)
  unless MIN_MAX_VERSIONS.include? version
    raise ArgumentError, "Invalid SSL min_version #{version.inspect}\n" +
                         "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
  end

  @min_version = version
end

#openssl_verify_modeObject

Returns the SSL verify mode as a OpenSSL::SSL::VERIFY_* constant.


169
170
171
172
173
174
175
176
# File 'lib/httpi/auth/ssl.rb', line 169

def openssl_verify_mode
  case verify_mode
    when :none                 then OpenSSL::SSL::VERIFY_NONE
    when :peer                 then OpenSSL::SSL::VERIFY_PEER
    when :fail_if_no_peer_cert then OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
    when :client_once          then OpenSSL::SSL::VERIFY_CLIENT_ONCE
  end
end

#present?Boolean

Returns whether SSL configuration is present.

Returns:

  • (Boolean)

27
28
29
30
31
# File 'lib/httpi/auth/ssl.rb', line 27

def present?
  (verify_mode == :none) || (cert && cert_key) || ca_cert_file || ciphers
rescue TypeError, Errno::ENOENT
  false
end

#ssl_versionObject

Returns the SSL version number. Defaults to nil (auto-negotiate).


100
101
102
# File 'lib/httpi/auth/ssl.rb', line 100

def ssl_version
  @ssl_version ||= nil
end

#ssl_version=(version) ⇒ Object

Sets the SSL version number. Expects one of HTTPI::Auth::SSL::SSL_VERSIONS.


105
106
107
108
109
110
111
112
# File 'lib/httpi/auth/ssl.rb', line 105

def ssl_version=(version)
  unless SSL_VERSIONS.include? version
    raise ArgumentError, "Invalid SSL version #{version.inspect}\n" +
                         "Please specify one of #{SSL_VERSIONS.inspect}"
  end

  @ssl_version = version
end

#verify_modeObject

Returns the SSL verify mode. Defaults to :peer.


85
86
87
# File 'lib/httpi/auth/ssl.rb', line 85

def verify_mode
  @verify_mode ||= :peer
end

#verify_mode=(mode) ⇒ Object

Sets the SSL verify mode. Expects one of HTTPI::Auth::SSL::VERIFY_MODES.


90
91
92
93
94
95
96
97
# File 'lib/httpi/auth/ssl.rb', line 90

def verify_mode=(mode)
  unless VERIFY_MODES.include? mode
    raise ArgumentError, "Invalid SSL verify mode #{mode.inspect}\n" +
                         "Please specify one of #{VERIFY_MODES.inspect}"
  end

  @verify_mode = mode
end