Class: WinRM::HTTP::HttpTransport
- Inherits:
-
Object
- Object
- WinRM::HTTP::HttpTransport
- Defined in:
- lib/winrm/http/transport.rb
Overview
A generic HTTP transport that utilized HTTPClient to send messages back and forth. This backend will maintain state for every WinRMWebService instance that is instantiated so it is possible to use GSSAPI with Keep-Alive.
Direct Known Subclasses
BasicAuthSSL, ClientCertAuthSSL, HttpGSSAPI, HttpNegotiate, HttpPlaintext
Instance Attribute Summary collapse
-
#endpoint ⇒ Object
readonly
Returns the value of attribute endpoint.
Instance Method Summary collapse
-
#basic_auth_only! ⇒ Object
We’ll need this to force basic authentication if desired.
-
#initialize(endpoint, options) ⇒ HttpTransport
constructor
A new instance of HttpTransport.
-
#no_ssl_peer_verification! ⇒ Object
Disable SSL Peer Verification.
-
#no_sspi_auth! ⇒ Object
Disable SSPI Auth.
-
#send_request(message) ⇒ Object
Sends the SOAP payload to the WinRM service and returns the service’s SOAP response.
-
#ssl_peer_fingerprint_verification! ⇒ Object
SSL Peer Fingerprint Verification prior to connecting.
-
#verify_ssl_fingerprint(cert) ⇒ Object
compare @ssl_peer_fingerprint to current ssl context.
-
#with_untrusted_ssl_connection ⇒ Object
Connect without verification to retrieve untrusted ssl context.
Constructor Details
#initialize(endpoint, options) ⇒ HttpTransport
Returns a new instance of HttpTransport.
26 27 28 29 30 31 |
# File 'lib/winrm/http/transport.rb', line 26 def initialize(endpoint, ) @endpoint = endpoint.is_a?(String) ? URI.parse(endpoint) : endpoint @httpcli = HTTPClient.new(agent_name: 'Ruby WinRM Client') @logger = Logging.logger[self] @httpcli.receive_timeout = [:receive_timeout] end |
Instance Attribute Details
#endpoint ⇒ Object (readonly)
Returns the value of attribute endpoint.
24 25 26 |
# File 'lib/winrm/http/transport.rb', line 24 def endpoint @endpoint end |
Instance Method Details
#basic_auth_only! ⇒ Object
We’ll need this to force basic authentication if desired
56 57 58 59 |
# File 'lib/winrm/http/transport.rb', line 56 def basic_auth_only! auths = @httpcli.www_auth.instance_variable_get('@authenticator') auths.delete_if { |i| i.scheme !~ /basic/i } end |
#no_ssl_peer_verification! ⇒ Object
Disable SSL Peer Verification
68 69 70 |
# File 'lib/winrm/http/transport.rb', line 68 def no_ssl_peer_verification! @httpcli.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE end |
#no_sspi_auth! ⇒ Object
Disable SSPI Auth
62 63 64 65 |
# File 'lib/winrm/http/transport.rb', line 62 def no_sspi_auth! auths = @httpcli.www_auth.instance_variable_get('@authenticator') auths.delete_if { |i| i.is_a? HTTPClient::SSPINegotiateAuth } end |
#send_request(message) ⇒ Object
Sends the SOAP payload to the WinRM service and returns the service’s SOAP response. If an error occurrs an appropriate error is raised.
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/winrm/http/transport.rb', line 38 def send_request() ssl_peer_fingerprint_verification! () hdr = { 'Content-Type' => 'application/soap+xml;charset=UTF-8', 'Content-Length' => .bytesize } # We need to add this header if using Client Certificate authentication unless @httpcli.ssl_config.client_cert.nil? hdr['Authorization'] = 'http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual' end resp = @httpcli.post(@endpoint, , hdr) (resp.http_body.content) verify_ssl_fingerprint(resp.peer_cert) handler = WinRM::ResponseHandler.new(resp.http_body.content, resp.status) handler.parse_to_xml end |
#ssl_peer_fingerprint_verification! ⇒ Object
SSL Peer Fingerprint Verification prior to connecting
73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/winrm/http/transport.rb', line 73 def ssl_peer_fingerprint_verification! return unless @ssl_peer_fingerprint && !@ssl_peer_fingerprint_verified with_untrusted_ssl_connection do |connection| connection_cert = connection.peer_cert_chain.last verify_ssl_fingerprint(connection_cert) end @logger.info("initial ssl fingerprint #{@ssl_peer_fingerprint} verified\n") @ssl_peer_fingerprint_verified = true no_ssl_peer_verification! end |
#verify_ssl_fingerprint(cert) ⇒ Object
compare @ssl_peer_fingerprint to current ssl context
100 101 102 103 104 105 106 107 |
# File 'lib/winrm/http/transport.rb', line 100 def verify_ssl_fingerprint(cert) return unless @ssl_peer_fingerprint conn_fingerprint = OpenSSL::Digest::SHA1.new(cert.to_der).to_s return unless @ssl_peer_fingerprint.casecmp(conn_fingerprint) != 0 raise "ssl fingerprint mismatch!!!!\n" end |
#with_untrusted_ssl_connection ⇒ Object
Connect without verification to retrieve untrusted ssl context
86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/winrm/http/transport.rb', line 86 def with_untrusted_ssl_connection noverify_peer_context = OpenSSL::SSL::SSLContext.new noverify_peer_context.verify_mode = OpenSSL::SSL::VERIFY_NONE tcp_connection = TCPSocket.new(@endpoint.host, @endpoint.port) begin ssl_connection = OpenSSL::SSL::SSLSocket.new(tcp_connection, noverify_peer_context) ssl_connection.connect yield ssl_connection ensure tcp_connection.close end end |