Class: RubyTls::SSL::Box

Inherits:

Object

Object
RubyTls::SSL::Box

Defined in:: lib/ruby-tls/ssl.rb

Constant Summary collapse

InstanceLookup =

::Concurrent::Map.new

READ_BUFFER =

SSL_VERIFY_PEER =

0x01

SSL_VERIFY_CLIENT_ONCE =

0x04

SSL_ERROR_WANT_READ =

SSL_ERROR_SSL =

SSL_RECEIVED_SHUTDOWN =

Instance Attribute Summary collapse

#context ⇒ Object readonly

Returns the value of attribute context.
#handshake_completed ⇒ Object readonly

Returns the value of attribute handshake_completed.
#hosts ⇒ Object readonly

Returns the value of attribute hosts.
#is_server ⇒ Object readonly

Returns the value of attribute is_server.

Instance Method Summary collapse

#add_host(host_name:, **options) ⇒ Object
#cleanup ⇒ Object
#decrypt(data) ⇒ Object
#encrypt(data) ⇒ Object
#get_peer_cert ⇒ Object
#initialize(server, transport, options = {}) ⇒ Box constructor

A new instance of Box.
#negotiated ⇒ Object
#negotiated_protocol ⇒ Object
#remove_host(host_name) ⇒ Object

Careful with this.
#signal_handshake ⇒ Object
#start ⇒ Object
#verify(cert) ⇒ Object

Called from class level callback function.

Constructor Details

#initialize(server, transport, options = {}) ⇒ `Box`

Returns a new instance of Box.

# File 'lib/ruby-tls/ssl.rb', line 548

def initialize(server, transport, options = {})
    @ready = true

    @handshake_completed = false
    @handshake_signaled = false
    @negotiated = false
    @transport = transport

    @read_buffer = FFI::MemoryPointer.new(:char, READ_BUFFER, false)

    @is_server = server
    @context = Context.new(server, options)
    @bioRead = SSL.BIO_new(SSL.BIO_s_mem)
    @bioWrite = SSL.BIO_new(SSL.BIO_s_mem)
    @ssl = SSL.SSL_new(@context.ssl_ctx)
    SSL.SSL_set_bio(@ssl, @bioRead, @bioWrite)

    @write_queue = []

    InstanceLookup[@ssl.address] = self

    @alpn_fallback = options[:fallback]
    if options[:verify_peer]
        SSL.SSL_set_verify(@ssl, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, VerifyCB)
    end

    # Add Server Name Indication (SNI) for client connections
    if options[:host_name]
        if server
            @hosts = ::Concurrent::Map.new
            @hosts[options[:host_name].to_s] = @context
            @context.add_server_name_indication
        else
            SSL.SSL_set_tlsext_host_name(@ssl, options[:host_name])
        end
    end

    SSL.SSL_connect(@ssl) unless server
end

Instance Attribute Details

#context ⇒ `Object` (readonly)

Returns the value of attribute context.



612
613
614

# File 'lib/ruby-tls/ssl.rb', line 612

def context
  @context
end

#handshake_completed ⇒ `Object` (readonly)

Returns the value of attribute handshake_completed.



613
614
615

# File 'lib/ruby-tls/ssl.rb', line 613

def handshake_completed
  @handshake_completed
end

#hosts ⇒ `Object` (readonly)

Returns the value of attribute hosts.



614
615
616

# File 'lib/ruby-tls/ssl.rb', line 614

def hosts
  @hosts
end

#is_server ⇒ `Object` (readonly)

Returns the value of attribute is_server.



612
613
614

# File 'lib/ruby-tls/ssl.rb', line 612

def is_server
  @is_server
end

Instance Method Details

#add_host(host_name:, **options) ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 589

def add_host(host_name:, **options)
    raise 'Server Name Indication (SNI) not configured for default host' unless @hosts
    raise 'only valid for server mode context' unless @is_server
    context = Context.new(true, options)
    @hosts[host_name.to_s] = context
    context.add_server_name_indication
    nil
end

#cleanup ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 718

def cleanup
    return unless @ready
    @ready = false

    InstanceLookup.delete @ssl.address

    if (SSL.SSL_get_shutdown(@ssl) & SSL_RECEIVED_SHUTDOWN) != 0
        SSL.SSL_shutdown @ssl
    else
        SSL.SSL_clear @ssl
    end

    SSL.SSL_free @ssl

    if @hosts
        @hosts.each_value do |context|
            context.cleanup
        end
        @hosts = nil
    else
        @context.cleanup
    end
end

#decrypt(data) ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 657

def decrypt(data)
    return unless @ready

    put_cipher_text data

    if not SSL.SSL_is_init_finished(@ssl)
        resp = @is_server ? SSL.SSL_accept(@ssl) : SSL.SSL_connect(@ssl)

        if resp < 0
            err_code = SSL.SSL_get_error(@ssl, resp)
            if err_code != SSL_ERROR_WANT_READ
                @transport.close_cb if err_code == SSL_ERROR_SSL
                return
            end
        end

        @handshake_completed = true
        signal_handshake unless @handshake_signaled
    end

    while true do
        size = get_plain_text(@read_buffer, READ_BUFFER)
        if size > 0
            @transport.dispatch_cb @read_buffer.read_string(size)
        else
            break
        end
    end

    dispatch_cipher_text
end

#encrypt(data) ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 644

def encrypt(data)
    return unless @ready

    wrote = put_plain_text data
    if wrote < 0
        @transport.close_cb
    else
        dispatch_cipher_text
    end
end

#get_peer_cert ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 617

def get_peer_cert
    return '' unless @ready
    SSL.SSL_get_peer_certificate(@ssl)
end

#negotiated ⇒ `Object`



713
714
715

# File 'lib/ruby-tls/ssl.rb', line 713

def negotiated
    @negotiated = true
end

#negotiated_protocol ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 622

def negotiated_protocol
    return nil unless @context.alpn_set

    proto = FFI::MemoryPointer.new(:pointer, 1, true)
    len = FFI::MemoryPointer.new(:uint, 1, true)
    SSL.SSL_get0_alpn_selected(@ssl, proto, len)

    resp = proto.get_pointer(0)
    if resp.address == 0
        :failed
    else
        length = len.get_uint(0)
        resp.read_string(length).to_sym
    end
end

#remove_host(host_name) ⇒ `Object`

Careful with this. If you remove all the hosts you’ll end up with a segfault

# File 'lib/ruby-tls/ssl.rb', line 600

def remove_host(host_name)
    raise 'Server Name Indication (SNI) not configured for default host' unless @hosts
    raise 'only valid for server mode context' unless @is_server
    context = @hosts[host_name.to_s]
    if context
        @hosts.delete(host_name.to_s)
        context.cleanup
    end
    nil
end

#signal_handshake ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 689

def signal_handshake
    @handshake_signaled = true

    # Check protocol support here
    if @context.alpn_set
        proto = negotiated_protocol

        if proto == :failed
            if @negotiated
                # We should shutdown if this is the case
                @transport.close_cb
                return
            elsif @alpn_fallback
                # Client or Server with a client that doesn't support ALPN
                proto = @alpn_fallback.to_sym
            end
        end
    else
        proto = nil
    end

    @transport.handshake_cb(proto)
end

#start ⇒ `Object`

# File 'lib/ruby-tls/ssl.rb', line 638

def start
    return unless @ready

    dispatch_cipher_text
end

#verify(cert) ⇒ `Object`

Called from class level callback function



743
744
745

# File 'lib/ruby-tls/ssl.rb', line 743

def verify(cert)
    @transport.verify_cb(cert) == true ? 1 : 0
end

Class: RubyTls::SSL::Box

Constant Summary collapse

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(server, transport, options = {}) ⇒ Box

Instance Attribute Details

#context ⇒ Object (readonly)

#handshake_completed ⇒ Object (readonly)

#hosts ⇒ Object (readonly)

#is_server ⇒ Object (readonly)

Instance Method Details

#add_host(host_name:, **options) ⇒ Object

#cleanup ⇒ Object

#decrypt(data) ⇒ Object

#encrypt(data) ⇒ Object

#get_peer_cert ⇒ Object

#negotiated ⇒ Object

#negotiated_protocol ⇒ Object

#remove_host(host_name) ⇒ Object

#signal_handshake ⇒ Object

#start ⇒ Object

#verify(cert) ⇒ Object