Class: WinRM::HTTP::HttpTransport

Inherits:

Object

• Object
• WinRM::HTTP::HttpTransport

Defined in:

lib/winrm/http/transport.rb

Overview

A generic HTTP transport that utilized HTTPClient to send messages back and forth. This backend will maintain state for every WinRMWebService instance that is instantiated so it is possible to use GSSAPI with Keep-Alive.

Direct Known Subclasses

BasicAuthSSL, ClientCertAuthSSL, HttpGSSAPI, HttpNegotiate, HttpPlaintext

Instance Attribute Summary

• #endpoint ⇒ Object readonly

  Returns the value of attribute endpoint.

Instance Method Summary

• #basic_auth_only! ⇒ Object

  We’ll need this to force basic authentication if desired.

• #initialize(endpoint, options) ⇒ HttpTransport constructor

  A new instance of HttpTransport.

• #no_ssl_peer_verification! ⇒ Object

  Disable SSL Peer Verification.

• #no_sspi_auth! ⇒ Object

  Disable SSPI Auth.

• #send_request(message) ⇒ Object

  Sends the SOAP payload to the WinRM service and returns the service’s SOAP response.

• #ssl_peer_fingerprint_verification! ⇒ Object

  SSL Peer Fingerprint Verification prior to connecting.

• #verify_ssl_fingerprint(cert) ⇒ Object

  compare @ssl_peer_fingerprint to current ssl context.

• #with_untrusted_ssl_connection ⇒ Object

  Connect without verification to retrieve untrusted ssl context.

Constructor Details

#initialize(endpoint, options) ⇒ HttpTransport

Returns a new instance of HttpTransport.

# File 'lib/winrm/http/transport.rb', line 26

def initialize(endpoint, options)
  @endpoint = endpoint.is_a?(String) ? URI.parse(endpoint) : endpoint
  @httpcli = HTTPClient.new(agent_name: 'Ruby WinRM Client')
  @logger = Logging.logger[self]
  @httpcli.receive_timeout = options[:receive_timeout]
end

Instance Attribute Details

#endpoint ⇒ Object (readonly)

Returns the value of attribute endpoint.

# File 'lib/winrm/http/transport.rb', line 24

def endpoint
  @endpoint
end

Instance Method Details

#basic_auth_only! ⇒ Object

We’ll need this to force basic authentication if desired

# File 'lib/winrm/http/transport.rb', line 56

def basic_auth_only!
  auths = @httpcli.www_auth.instance_variable_get('@authenticator')
  auths.delete_if { |i| i.scheme !~ /basic/i }
end

#no_ssl_peer_verification! ⇒ Object

Disable SSL Peer Verification

# File 'lib/winrm/http/transport.rb', line 68

def no_ssl_peer_verification!
  @httpcli.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
end

#no_sspi_auth! ⇒ Object

Disable SSPI Auth

# File 'lib/winrm/http/transport.rb', line 62

def no_sspi_auth!
  auths = @httpcli.www_auth.instance_variable_get('@authenticator')
  auths.delete_if { |i| i.is_a? HTTPClient::SSPINegotiateAuth }
end

#send_request(message) ⇒ Object

Sends the SOAP payload to the WinRM service and returns the service’s SOAP response. If an error occurrs an appropriate error is raised.

Parameters:

• The (String) —

  XML SOAP message

# File 'lib/winrm/http/transport.rb', line 38

def send_request(message)
  ssl_peer_fingerprint_verification!
  log_soap_message(message)
  hdr = { 'Content-Type' => 'application/soap+xml;charset=UTF-8',
          'Content-Length' => message.bytesize }
  # We need to add this header if using Client Certificate authentication
  unless @httpcli.ssl_config.client_cert.nil?
    hdr['Authorization'] = 'http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual'
  end

  resp = @httpcli.post(@endpoint, message, hdr)
  log_soap_message(resp.http_body.content)
  verify_ssl_fingerprint(resp.peer_cert)
  handler = WinRM::ResponseHandler.new(resp.http_body.content, resp.status)
  handler.parse_to_xml
end

#ssl_peer_fingerprint_verification! ⇒ Object

SSL Peer Fingerprint Verification prior to connecting

# File 'lib/winrm/http/transport.rb', line 73

def ssl_peer_fingerprint_verification!
  return unless @ssl_peer_fingerprint && !@ssl_peer_fingerprint_verified

  with_untrusted_ssl_connection do |connection|
    connection_cert = connection.peer_cert_chain.last
    verify_ssl_fingerprint(connection_cert)
  end
  @logger.info("initial ssl fingerprint #{@ssl_peer_fingerprint} verified\n")
  @ssl_peer_fingerprint_verified = true
  no_ssl_peer_verification!
end

#verify_ssl_fingerprint(cert) ⇒ Object

compare @ssl_peer_fingerprint to current ssl context

# File 'lib/winrm/http/transport.rb', line 100

def verify_ssl_fingerprint(cert)
  return unless @ssl_peer_fingerprint

  conn_fingerprint = OpenSSL::Digest::SHA1.new(cert.to_der).to_s
  return unless @ssl_peer_fingerprint.casecmp(conn_fingerprint) != 0

  raise "ssl fingerprint mismatch!!!!\n"
end

#with_untrusted_ssl_connection ⇒ Object

Connect without verification to retrieve untrusted ssl context

# File 'lib/winrm/http/transport.rb', line 86

def with_untrusted_ssl_connection
  noverify_peer_context = OpenSSL::SSL::SSLContext.new
  noverify_peer_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
  tcp_connection = TCPSocket.new(@endpoint.host, @endpoint.port)
  begin
    ssl_connection = OpenSSL::SSL::SSLSocket.new(tcp_connection, noverify_peer_context)
    ssl_connection.connect
    yield ssl_connection
  ensure
    tcp_connection.close
  end
end