Class: TTTLS13::Connection

Inherits:

Object

• Object
• TTTLS13::Connection

Includes:

Logging

Defined in:

lib/tttls1.3/connection.rb

Overview

rubocop: disable Metrics/ClassLength

Direct Known Subclasses

Client, Server

Class Method Summary

• .gen_ocsp_request(cid) ⇒ OpenSSL::OCSP::Request
• .send_ocsp_request(ocsp_request, uri_string) ⇒ OpenSSL::OCSP::Response, n

  OpenSSL::OCSP::Response, n.

Instance Method Summary

• #close ⇒ Object
• #eof? ⇒ Boolean
• #exporter(label, context, key_length) ⇒ String^?
• #initialize(socket) ⇒ Connection constructor

  A new instance of Connection.

• #negotiated_alpn ⇒ String
• #negotiated_cipher_suite ⇒ TTTLS13::CipherSuite^?
• #negotiated_named_group ⇒ TTTLS13::NamedGroup^?
• #negotiated_signature_scheme ⇒ TTTLS13::SignatureScheme^?
• #read ⇒ String

  rubocop: disable Metrics/CyclomaticComplexity rubocop: disable Metrics/PerceivedComplexity.

• #write(binary) ⇒ Object

Methods included from Logging

#logger, logger

Constructor Details

#initialize(socket) ⇒ Connection

Returns a new instance of Connection.

Parameters:

• socket (Socket)

# File 'lib/tttls1.3/connection.rb', line 13

def initialize(socket)
  @socket = socket
  @endpoint = nil # Symbol or String, :client or :server
  @ap_wcipher = Cryptograph::Passer.new
  @ap_rcipher = Cryptograph::Passer.new
  @alert_wcipher = Cryptograph::Passer.new
  @message_queue = [] # Array of [TTTLS13::Message::$Object, String]
  @binary_buffer = '' # deposit Record.surplus_binary
  @cipher_suite = nil # TTTLS13::CipherSuite
  @named_group = nil # TTTLS13::NamedGroup
  @signature_scheme = nil # TTTLS13::SignatureScheme
  @state = 0 # ClientState or ServerState
  @send_record_size = Message::DEFAULT_RECORD_SIZE_LIMIT
  @recv_record_size = Message::DEFAULT_RECORD_SIZE_LIMIT
  @alpn = nil # String
  @exporter_secret = nil # String
end

Class Method Details

.gen_ocsp_request(cid) ⇒ OpenSSL::OCSP::Request

Parameters:

• cid (OpenSSL::OCSP::CertificateId)

Returns:

• (OpenSSL::OCSP::Request)

# File 'lib/tttls1.3/connection.rb', line 549

def gen_ocsp_request(cid)
  ocsp_request = OpenSSL::OCSP::Request.new
  ocsp_request.add_certid(cid)
  ocsp_request.add_nonce
  ocsp_request
end

.send_ocsp_request(ocsp_request, uri_string) ⇒ OpenSSL::OCSP::Response, n

Returns OpenSSL::OCSP::Response, n.

Parameters:

• ocsp_request (OpenSSL::OCSP::Request)
• uri_string (String)

Returns:

• (OpenSSL::OCSP::Response, n) —

  OpenSSL::OCSP::Response, n

Raises:

• (Net::OpenTimeout, OpenSSL::OCSP::OCSPError, URI::$Exception)

# File 'lib/tttls1.3/connection.rb', line 562

def send_ocsp_request(ocsp_request, uri_string)
  # send HTTP POST
  uri = URI.parse(uri_string)
  path = uri.path
  path = '/' if path.nil? || path.empty?
  http_response = Net::HTTP.start(uri.host, uri.port) do |http|
    http.post(
      path,
      ocsp_request.to_der,
      'content-type' => 'application/ocsp-request'
    )
  end

  OpenSSL::OCSP::Response.new(http_response.body)
end

Instance Method Details

#close ⇒ Object

# File 'lib/tttls1.3/connection.rb', line 77

def close
  return if @state == EOF

  send_alert(:close_notify)
  @state = EOF

  nil
end

#eof? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tttls1.3/connection.rb', line 60

def eof?
  @state == EOF
end

#exporter(label, context, key_length) ⇒ String^?

Parameters:

• label (String)
• context (String)
• key_length (Integer)

Returns:

• (String, nil)

# File 'lib/tttls1.3/connection.rb', line 111

def exporter(label, context, key_length)
  return nil if @exporter_secret.nil? || @cipher_suite.nil?

  digest = CipherSuite.digest(@cipher_suite)
  do_exporter(@exporter_secret, digest, label, context, key_length)
end

#negotiated_alpn ⇒ String

Returns:

• (String)

# File 'lib/tttls1.3/connection.rb', line 102

def negotiated_alpn
  @alpn
end

#negotiated_cipher_suite ⇒ TTTLS13::CipherSuite^?

Returns:

• (TTTLS13::CipherSuite, nil)

# File 'lib/tttls1.3/connection.rb', line 87

def negotiated_cipher_suite
  @cipher_suite
end

#negotiated_named_group ⇒ TTTLS13::NamedGroup^?

Returns:

• (TTTLS13::NamedGroup, nil)

# File 'lib/tttls1.3/connection.rb', line 92

def negotiated_named_group
  @named_group
end

#negotiated_signature_scheme ⇒ TTTLS13::SignatureScheme^?

Returns:

• (TTTLS13::SignatureScheme, nil)

# File 'lib/tttls1.3/connection.rb', line 97

def negotiated_signature_scheme
  @signature_scheme
end

#read ⇒ String

rubocop: disable Metrics/CyclomaticComplexity rubocop: disable Metrics/PerceivedComplexity

Returns:

• (String)

Raises:

• (TTTLS13::Error::ConfigError)

# File 'lib/tttls1.3/connection.rb', line 36

def read
  # secure channel has not established yet
  raise Error::ConfigError \
    unless (@endpoint == :client && @state == ClientState::CONNECTED) ||
           (@endpoint == :server && @state == ServerState::CONNECTED)
  return '' if @state == EOF

  message = nil
  loop do
    message, = recv_message(receivable_ccs: false, cipher: @ap_rcipher)
    # At any time after the server has received the client Finished
    # message, it MAY send a NewSessionTicket message.
    break unless message.is_a?(Message::NewSessionTicket)

    process_new_session_ticket(message)
  end
  return '' if message.nil?

  message.fragment
end

#write(binary) ⇒ Object

Parameters:

• binary (String)

Raises:

• (TTTLS13::Error::ConfigError)

# File 'lib/tttls1.3/connection.rb', line 67

def write(binary)
  # secure channel has not established yet
  raise Error::ConfigError \
    unless (@endpoint == :client && @state == ClientState::CONNECTED) ||
           (@endpoint == :server && @state == ServerState::CONNECTED)

  ap = Message::ApplicationData.new(binary)
  send_application_data(ap, @ap_wcipher)
end