Module: Raktr::Connection::TLS

Defined in:
lib/raktr/connection/tls.rb

Overview

Author:

Constant Summary collapse

CERTIFICATES = 
{}

Instance Method Summary collapse

Instance Method Details

#_connectObject

Performs an SSL handshake in addition to a plaintext connect operation.



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/raktr/connection/tls.rb', line 93

def _connect
    return if @ssl_connected

    @plaintext_connected ||= super
    return if !@plaintext_connected

    # Mark the connection as not connected due to the pending SSL handshake.
    @connected = false

    @socket.connect_nonblock
    @ssl_connected = @connected = true
rescue IO::WaitReadable, IO::WaitWritable, Errno::EINPROGRESS
rescue => e
    close e
end

#_readObject

First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.



125
126
127
128
129
130
 
# File 'lib/raktr/connection/tls.rb', line 125

def _read
    return ssl_accept if accept?

    super
rescue OpenSSL::SSL::SSLErrorWaitReadable
end

#_write(*args) ⇒ Object

First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.



114
115
116
117
118
 
# File 'lib/raktr/connection/tls.rb', line 114

def _write( *args )
    return ssl_accept if accept?

    super( *args )
end

#start_tls(options = {}) ⇒ Object

Converts the Raktr::Connection#socket to an SSL one.



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/raktr/connection/tls.rb', line 26

def start_tls( options = {} )
    if @socket.is_a? OpenSSL::SSL::SSLSocket
        @ssl_context = @socket.context
        return
    end

    @ssl_context = OpenSSL::SSL::SSLContext.new
    @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE

    tls = @tls || options
    if tls
        certificate = tls[:certificate]
        private_key = tls[:private_key]
        public_key  = tls[:public_key]
        ca          = tls[:ca]
    end

    if certificate && private_key && public_key && ca
        CERTIFICATES[certificate] ||= File.open( certificate )
        @ssl_context.cert =
            OpenSSL::X509::Certificate.new( CERTIFICATES[certificate] )

        CERTIFICATES[private_key] ||= File.open( private_key )
        @ssl_context.key  =
            OpenSSL::PKey::RSA.new( CERTIFICATES[private_key] )

        CERTIFICATES[public_key] ||= File.open( public_key )
        @ssl_context.cert.public_key =
          OpenSSL::PKey::RSA.new( CERTIFICATES[public_key] )

        @ssl_context.ca_file     = ca
        @ssl_context.verify_mode =
            OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT

    elsif @role == :server
        @ssl_context.key             = OpenSSL::PKey::RSA.new( 2048 )
        @ssl_context.cert            = OpenSSL::X509::Certificate.new
        @ssl_context.cert.subject    = OpenSSL::X509::Name.new( [['CN', 'localhost']] )
        @ssl_context.cert.issuer     = @ssl_context.cert.subject
        @ssl_context.cert.public_key = @ssl_context.key
        @ssl_context.cert.not_before = Time.now
        @ssl_context.cert.not_after  = Time.now + 60 * 60 * 24
        @ssl_context.cert.version    = 2
        @ssl_context.cert.serial     = 1

        @ssl_context.cert.sign( @ssl_context.key, OpenSSL::Digest::SHA1.new )
    end

    if @role == :server
        @socket = OpenSSL::SSL::SSLServer.new( @socket, @ssl_context )
    else
        @socket = OpenSSL::SSL::SSLSocket.new( @socket, @ssl_context )
        @socket.sync_close = true

        # We've switched to SSL, a connection needs to be re-established
        # via the SSL handshake.
        @connected         = false

        _connect if unix?
    end

    @socket
end