Class: GReactor::SSLBasicIO

Inherits:
BasicIO
  • Object
show all
Defined in:
lib/greactor/io_ssl_wrappers.rb

Overview

a basic SSL IO wrapper

Instance Attribute Summary collapse

Attributes inherited from BasicIO

#cache, #io, #locker, #params, #timeout

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from BasicIO

#[], #[]=, #call, #clear?, #close, #closed?, #on_disconnect, #timeout?

Constructor Details

#initialize(io, params = {}) ⇒ SSLBasicIO

Returns a new instance of SSLBasicIO.


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/greactor/io_ssl_wrappers.rb', line 28

def initialize io, params = {}
	if params[:ssl_client]
		context = OpenSSL::SSL::SSLContext.new
		context.cert_store = OpenSSL::X509::Store.new
		context.cert_store.set_default_paths
		context.set_params verify_mode: (params[:verify_mode] || OpenSSL::SSL::VERIFY_NONE) # OpenSSL::SSL::VERIFY_PEER #OpenSSL::SSL::VERIFY_NONE
		@ssl_socket = OpenSSL::SSL::SSLSocket.new(io, context)
		@ssl_socket.sync_close = true
		@ssl_socket.connect
	elsif params[:ssl] || params[:ssl_key] || params[:ssl_cert]
		params[:ssl_cert], params[:ssl_key] = SSLBasicIO.self_cert unless params[:ssl_key] && params[:ssl_cert]
		context = OpenSSL::SSL::SSLContext.new
		context.set_params verify_mode: OpenSSL::SSL::VERIFY_NONE # OpenSSL::SSL::VERIFY_PEER #OpenSSL::SSL::VERIFY_NONE
		# context.options DoNotReverseLookup: true
		context.cert, context.key = params[:ssl_cert], params[:ssl_key]
		context.cert_store = OpenSSL::X509::Store.new
		context.cert_store.set_default_paths
		context.npn_protocols = params[:ssl_protocols] if params[:ssl_protocols]
		@ssl_socket = OpenSSL::SSL::SSLSocket.new(io, context)
		@ssl_socket.sync_close = true
		@ssl_socket.accept
	end
	raise "Not an SSL connection or SSL Socket creation failed" unless @ssl_socket
	super			
end

Instance Attribute Details

#ssl_socketObject (readonly)

the SSL socket


26
27
28
# File 'lib/greactor/io_ssl_wrappers.rb', line 26

def ssl_socket
  @ssl_socket
end

Class Method Details

.create_cert(bits = 2048, cn = nil, comment = 'a self signed certificate for when we only need encryption and no more.') ⇒ Object

creates a self-signed certificate


97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# File 'lib/greactor/io_ssl_wrappers.rb', line 97

def self.create_cert bits=2048, cn=nil, comment='a self signed certificate for when we only need encryption and no more.'
	unless cn
		host_name = Socket::gethostbyname(Socket::gethostname)[0].split('.')
		cn = ''
		host_name.each {|n| cn << "/DC=#{n}"}
		cn << "/CN=RGReactor.#{host_name.join('.')}"
	end			
	# cn ||= "CN=#{Socket::gethostbyname(Socket::gethostname)[0] rescue Socket::gethostname}"

	rsa = OpenSSL::PKey::RSA.new(bits)
	cert = OpenSSL::X509::Certificate.new
	cert.version = 2
	cert.serial = 1
	name = OpenSSL::X509::Name.parse(cn)
	cert.subject = name
	cert.issuer = name
	cert.not_before = Time.now
	cert.not_after = Time.now + (365*24*60*60)
	cert.public_key = rsa.public_key

	ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
	ef.issuer_certificate = cert
	cert.extensions = [
	ef.create_extension("basicConstraints","CA:FALSE"),
	ef.create_extension("keyUsage", "keyEncipherment"),
	ef.create_extension("subjectKeyIdentifier", "hash"),
	ef.create_extension("extendedKeyUsage", "serverAuth"),
	ef.create_extension("nsComment", comment),
	]
	aki = ef.create_extension("authorityKeyIdentifier",
	                        "keyid:always,issuer:always")
	cert.add_extension(aki)
	cert.sign(rsa, OpenSSL::Digest::SHA1.new)

	return cert, rsa
end

.self_cert(bits = 2048, cn = nil, comment = 'a self signed certificate for when we only need encryption and no more.') ⇒ Object

returns the current self-signed certificate - or creates a new one, if there is no current certificate.


92
93
94
95
# File 'lib/greactor/io_ssl_wrappers.rb', line 92

def self.self_cert bits=2048, cn=nil, comment='a self signed certificate for when we only need encryption and no more.'
	@@self_cert ||= create_cert
	return *@@self_cert
end

Instance Method Details

#read(size = 1048576) ⇒ Object


59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/greactor/io_ssl_wrappers.rb', line 59

def read size = 1048576
	@send_locker.synchronize do
		data = ''
		begin
			 (data << @ssl_socket.read_nonblock(size).to_s) until data.bytesize >= size
		rescue => e
			
		end
		return false if data.to_s.empty?
		touch
		data
	end
end

#ssl?Boolean

returns true if the service is encrypted using the OpenSSL library.

Returns:

  • (Boolean)

55
56
57
# File 'lib/greactor/io_ssl_wrappers.rb', line 55

def ssl?
	true
end

#write(data) ⇒ Object Also known as: send, <<


73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/greactor/io_ssl_wrappers.rb', line 73

def write data
	begin
		@send_locker.synchronize do
			@t_active += 7200
			r = @ssl_socket.write data
			touch
			r
		end				
	rescue => e
		close
		false
	end
end