Class: RubyTls::SSL::Box

Inherits:

Object

• Object
• RubyTls::SSL::Box

Defined in:

lib/ruby-tls/ssl.rb

Constant Summary

InstanceLookup =

ThreadSafe::Cache.new

READ_BUFFER =

2048

SSL_VERIFY_PEER =

0x01

SSL_VERIFY_CLIENT_ONCE =

0x04

SSL_ERROR_WANT_READ =

2

SSL_ERROR_SSL =

1

SSL_RECEIVED_SHUTDOWN =

2

Instance Attribute Summary

• #context ⇒ Object readonly

  Returns the value of attribute context.

• #handshake_completed ⇒ Object readonly

  Returns the value of attribute handshake_completed.

• #is_server ⇒ Object readonly

  Returns the value of attribute is_server.

Instance Method Summary

• #cleanup ⇒ Object
• #decrypt(data) ⇒ Object
• #encrypt(data) ⇒ Object
• #get_peer_cert ⇒ Object
• #initialize(server, transport, options = {}) ⇒ Box constructor

  A new instance of Box.

• #negotiated ⇒ Object
• #negotiated_protocol ⇒ Object
• #signal_handshake ⇒ Object
• #start ⇒ Object
• #verify(cert) ⇒ Object

  Called from class level callback function.

Constructor Details

#initialize(server, transport, options = {}) ⇒ Box

Returns a new instance of Box.

# File 'lib/ruby-tls/ssl.rb', line 420

def initialize(server, transport, options = {})
    @ready = true

    @handshake_completed = false
    @handshake_signaled = false
    @negotiated = false
    @transport = transport

    @read_buffer = FFI::MemoryPointer.new(:char, READ_BUFFER, false)

    @is_server = server
    @context = Context.new(server, options)
    @bioRead = SSL.BIO_new(SSL.BIO_s_mem)
    @bioWrite = SSL.BIO_new(SSL.BIO_s_mem)
    @ssl = SSL.SSL_new(@context.ssl_ctx)
    SSL.SSL_set_bio(@ssl, @bioRead, @bioWrite)

    @write_queue = []

    InstanceLookup[@ssl.address] = self

    @alpn_fallback = options[:fallback]
    if options[:verify_peer]
        SSL.SSL_set_verify(@ssl, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, VerifyCB)
    end

    SSL.SSL_connect(@ssl) unless server
end

Instance Attribute Details

#context ⇒ Object (readonly)

Returns the value of attribute context.

# File 'lib/ruby-tls/ssl.rb', line 451

def context
  @context
end

#handshake_completed ⇒ Object (readonly)

Returns the value of attribute handshake_completed.

# File 'lib/ruby-tls/ssl.rb', line 452

def handshake_completed
  @handshake_completed
end

#is_server ⇒ Object (readonly)

Returns the value of attribute is_server.

# File 'lib/ruby-tls/ssl.rb', line 450

def is_server
  @is_server
end

Instance Method Details

#cleanup ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 556

def cleanup
    @ready = false

    InstanceLookup.delete @ssl.address

    if (SSL.SSL_get_shutdown(@ssl) & SSL_RECEIVED_SHUTDOWN) != 0
        SSL.SSL_shutdown @ssl
    else
        SSL.SSL_clear @ssl
    end

    SSL.SSL_free @ssl

    @context.cleanup
end

#decrypt(data) ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 495

def decrypt(data)
    return unless @ready

    put_cipher_text data

    if not SSL.SSL_is_init_finished(@ssl)
        resp = @is_server ? SSL.SSL_accept(@ssl) : SSL.SSL_connect(@ssl)

        if resp < 0
            err_code = SSL.SSL_get_error(@ssl, resp)
            if err_code != SSL_ERROR_WANT_READ
                @transport.close_cb if err_code == SSL_ERROR_SSL
                return
            end
        end

        @handshake_completed = true
        signal_handshake unless @handshake_signaled
    end

    while true do
        size = get_plain_text(@read_buffer, READ_BUFFER)
        if size > 0
            @transport.dispatch_cb @read_buffer.read_string(size)
        else
            break
        end
    end

    dispatch_cipher_text
end

#encrypt(data) ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 482

def encrypt(data)
    return unless @ready

    wrote = put_plain_text data
    if wrote < 0
        @transport.close_cb
    else
        dispatch_cipher_text
    end
end

#get_peer_cert ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 455

def get_peer_cert
    return '' unless @ready
    SSL.SSL_get_peer_certificate(@ssl)
end

#negotiated ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 551

def negotiated
    @negotiated = true
end

#negotiated_protocol ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 460

def negotiated_protocol
    return nil unless @context.alpn_set

    proto = FFI::MemoryPointer.new(:pointer, 1, true)
    len = FFI::MemoryPointer.new(:uint, 1, true)
    SSL.SSL_get0_alpn_selected(@ssl, proto, len)

    resp = proto.get_pointer(0)
    if resp.address == 0
        :failed
    else
        length = len.get_uint(0)
        resp.read_string(length).to_sym
    end
end

#signal_handshake ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 527

def signal_handshake
    @handshake_signaled = true

    # Check protocol support here
    if @context.alpn_set
        proto = negotiated_protocol

        if proto == :failed
            if @negotiated
                # We should shutdown if this is the case
                @transport.close_cb
                return
            elsif @alpn_fallback
                # Client or Server with a client that doesn't support ALPN
                proto = @alpn_fallback.to_sym
            end
        end
    else
        proto = nil
    end

    @transport.handshake_cb(proto)
end

#start ⇒ Object

# File 'lib/ruby-tls/ssl.rb', line 476

def start
    return unless @ready

    dispatch_cipher_text
end

#verify(cert) ⇒ Object

Called from class level callback function

# File 'lib/ruby-tls/ssl.rb', line 573

def verify(cert)
    @transport.verify_cb(cert) == true ? 1 : 0
end