Class: HTTPX::TLS

Inherits:
TCP
  • Object
show all
Defined in:
lib/httpx/io/tls/box.rb,
lib/httpx/io/tls.rb,
lib/httpx/io/tls/context.rb

Overview

Copyright © 2004-2013 Cotag Media

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Defined Under Namespace

Modules: SSL Classes: Box, Context, Error

Constant Summary

Constants included from Loggable

Loggable::COLORS

Instance Attribute Summary

Attributes inherited from TCP

#addresses, #ip, #port, #state

Instance Method Summary collapse

Methods inherited from TCP

#closed?, #to_io

Methods included from Loggable

#log, #log_exception

Constructor Details

#initialize(_, _, options) ⇒ TLS 



9
10
11
12
13
14
15
16
17
 
# File 'lib/httpx/io/tls.rb', line 9

def initialize(_, _, options)
  super
  @encrypted = Buffer.new(Connection::BUFFER_SIZE)
  @decrypted = "".b
  tls_options = convert_tls_options(options.ssl)
  @sni_hostname = tls_options[:hostname]
  @ctx = TLS::Box.new(false, self, tls_options)
  @state = :negotiated if @keep_open
end

Instance Method Details

#alpn_protocol_cb(protocol) ⇒ Object

TLS callback.

alpn protocol negotiation (protocol).



108
109
110
111
 
# File 'lib/httpx/io/tls.rb', line 108

def alpn_protocol_cb(protocol)
  @protocol = protocol
  log { "TLS ALPN protocol negotiated: #{@protocol}" }
end

#closeObject 



54
55
56
57
 
# File 'lib/httpx/io/tls.rb', line 54

def close
  transport_close
  @ctx.cleanup
end

#close_cb(msg = nil) ⇒ Object

TLS callback.

signals TLS invalid status / shutdown.

Raises:



99
100
101
102
 
# File 'lib/httpx/io/tls.rb', line 99

def close_cb(msg = nil)
  log { "TLS Error: #{msg}, closing" }
  raise Error, "certificate verify failed (#{msg})"
end

#connectObject 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/httpx/io/tls.rb', line 31

def connect
  super
  if @keep_open
    @state = :negotiated
    return
  end
  return if @state == :negotiated ||
            @state != :connected

  super
  @ctx.start
  @interests = :r
  read(@options.window_size, @decrypted)
end

#connected?Boolean 



27
28
29
 
# File 'lib/httpx/io/tls.rb', line 27

def connected?
  @state == :negotiated
end

#dispatch_cb(data) ⇒ Object

TLS callback.

buffers the decrypted data



89
90
91
92
93
94
 
# File 'lib/httpx/io/tls.rb', line 89

def dispatch_cb(data)
  log { "TLS decrypted: #{data.bytesize} bytes" }
  log(level: 2) { data.inspect }

  @decrypted << data
end

#handshake_cbObject

TLS callback.

handshake finished.



117
118
119
120
 
# File 'lib/httpx/io/tls.rb', line 117

def handshake_cb
  log { "TLS handshake completed" }
  transition(:negotiated)
end

#inspectObject

:nocov:



47
48
49
50
 
# File 'lib/httpx/io/tls.rb', line 47

def inspect
  id = @io.closed? ? "closed" : @io
  "#<TLS(fd: #{id}): #{@ip}:#{@port} state: #{@state}>"
end

#interestsObject 



19
20
21
 
# File 'lib/httpx/io/tls.rb', line 19

def interests
  @interests || super
end

#protocolObject 



23
24
25
 
# File 'lib/httpx/io/tls.rb', line 23

def protocol
  @protocol || super
end

#read(buffer) ⇒ Object 



59
60
61
62
63
64
65
66
67
 
# File 'lib/httpx/io/tls.rb', line 59

def read(*, buffer)
  ret = super
  return ret if !ret || ret.zero?

  @ctx.decrypt(buffer.to_s.dup)
  buffer.replace(@decrypted)
  @decrypted.clear
  buffer.bytesize
end

#transmit_cb(data) ⇒ Object

TLS callback.

buffers the encrypted data



79
80
81
82
83
84
 
# File 'lib/httpx/io/tls.rb', line 79

def transmit_cb(data)
  log { "TLS encrypted: #{data.bytesize} bytes" }
  log(level: 2) { data.inspect }
  @encrypted << data
  do_write
end

#transport_closeObject

:nocov:



53
 
# File 'lib/httpx/io/tls.rb', line 53

alias_method :transport_close, :close

#unencrypted_writeObject 



69
 
# File 'lib/httpx/io/tls.rb', line 69

alias_method :unencrypted_write, :write

#verify_cb(cert) ⇒ Object

TLS callback.

passed the peer cert to be verified.

Raises:



126
127
128
129
130
131
132
133
134
 
# File 'lib/httpx/io/tls.rb', line 126

def verify_cb(cert)
  raise Error, "Peer verification enabled, but no certificate received." if cert.nil?

  log { "TLS verifying #{cert}" }
  @peer_cert = OpenSSL::X509::Certificate.new(cert)

  # by default one doesn't verify client certificates in the server
  verify_hostname(@sni_hostname)
end

#verify_hostname(host) ⇒ Object

copied from: github.com/ruby/ruby/blob/8cbf2dae5aadfa5d6241b0df2bf44d55db46704f/ext/openssl/lib/openssl/ssl.rb#L395-L409



139
140
141
142
143
 
# File 'lib/httpx/io/tls.rb', line 139

def verify_hostname(host)
  return false unless @ctx.verify_peer && @peer_cert

  OpenSSL::SSL.verify_certificate_identity(@peer_cert, host)
end

#write(buffer) ⇒ Object 



70
71
72
73
74
 
# File 'lib/httpx/io/tls.rb', line 70

def write(buffer)
  @ctx.encrypt(buffer.to_s.dup)
  buffer.clear
  do_write
end