Class: SecureHeaders::ExpectCertificateTransparency

Inherits:

Object

• Object
• SecureHeaders::ExpectCertificateTransparency

Defined in:

lib/secure_headers/headers/expect_certificate_transparency.rb

Constant Summary

HEADER_NAME =

"expect-ct".freeze

INVALID_CONFIGURATION_ERROR =

"config must be a hash.".freeze

INVALID_ENFORCE_VALUE_ERROR =

"enforce must be a boolean".freeze

REQUIRED_MAX_AGE_ERROR =

"max-age is a required directive.".freeze

INVALID_MAX_AGE_ERROR =

"max-age must be a number.".freeze

Class Method Summary

• .make_header(config, use_agent = nil) ⇒ Object

  Public: Generate a expect-ct header.

• .validate_config!(config) ⇒ Object

Instance Method Summary

• #enforced_directive ⇒ Object
• #initialize(config) ⇒ ExpectCertificateTransparency constructor

  A new instance of ExpectCertificateTransparency.

• #max_age_directive ⇒ Object
• #report_uri_directive ⇒ Object
• #value ⇒ Object

Constructor Details

#initialize(config) ⇒ ExpectCertificateTransparency

# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 38

def initialize(config)
  @enforced   = config.fetch(:enforce, nil)
  @max_age    = config.fetch(:max_age, nil)
  @report_uri = config.fetch(:report_uri, nil)
end

Class Method Details

.make_header(config, use_agent = nil) ⇒ Object

Public: Generate a expect-ct header.

Returns nil if not configured, returns header name and value if configured.

# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 16

def self.make_header(config, use_agent = nil)
  return if config.nil? || config == OPT_OUT

  header = new(config)
  [HEADER_NAME, header.value]
end

.validate_config!(config) ⇒ Object

Raises:

• (ExpectCertificateTransparencyConfigError)

# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 23

def self.validate_config!(config)
  return if config.nil? || config == OPT_OUT
  raise ExpectCertificateTransparencyConfigError.new(INVALID_CONFIGURATION_ERROR) unless config.is_a? Hash

  unless [true, false, nil].include?(config[:enforce])
    raise ExpectCertificateTransparencyConfigError.new(INVALID_ENFORCE_VALUE_ERROR)
  end

  if !config[:max_age]
    raise ExpectCertificateTransparencyConfigError.new(REQUIRED_MAX_AGE_ERROR)
  elsif config[:max_age].to_s !~ /\A\d+\z/
    raise ExpectCertificateTransparencyConfigError.new(INVALID_MAX_AGE_ERROR)
  end
end

Instance Method Details

#enforced_directive ⇒ Object

# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 52

def enforced_directive
  # Unfortunately `if @enforced` isn't enough here in case someone
  # passes in a random string so let's be specific with it to prevent
  # accidental enforcement.
  "enforce" if @enforced == true
end

#max_age_directive ⇒ Object

# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 59

def max_age_directive
  "max-age=#{@max_age}" if @max_age
end

#report_uri_directive ⇒ Object

# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 63

def report_uri_directive
  "report-uri=\"#{@report_uri}\"" if @report_uri
end

#value ⇒ Object

# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 44

def value
  [
    enforced_directive,
    max_age_directive,
    report_uri_directive
  ].compact.join(", ").strip
end