Class: GReactor::SSLBasicIO

Inherits:
BasicIO
  • Object
show all
Defined in:
lib/greactor/io_ssl_wrappers.rb

Overview

a basic SSL IO wrapper

Instance Attribute Summary collapse

Attributes inherited from BasicIO

#cache, #io, #locker, #params, #timeout

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from BasicIO

#[], #[]=, #call, #clear?, #close, #closed?, #on_disconnect, #timeout?

Constructor Details

#initialize(io, params = {}) ⇒ SSLBasicIO


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/greactor/io_ssl_wrappers.rb', line 28

def initialize io, params = {}
  if params[:ssl_client]
    context = OpenSSL::SSL::SSLContext.new
    context.cert_store = OpenSSL::X509::Store.new
    context.cert_store.set_default_paths
    context.set_params verify_mode: (params[:verify_mode] || OpenSSL::SSL::VERIFY_NONE) # OpenSSL::SSL::VERIFY_PEER #OpenSSL::SSL::VERIFY_NONE
    @ssl_socket = OpenSSL::SSL::SSLSocket.new(io, context)
    @ssl_socket.sync_close = true
    @ssl_socket.connect
  elsif params[:ssl] || params[:ssl_key] || params[:ssl_cert]
    params[:ssl_cert], params[:ssl_key] = SSLBasicIO.self_cert unless params[:ssl_key] && params[:ssl_cert]
    context = OpenSSL::SSL::SSLContext.new
    context.set_params verify_mode: OpenSSL::SSL::VERIFY_NONE # OpenSSL::SSL::VERIFY_PEER #OpenSSL::SSL::VERIFY_NONE
    # context.options DoNotReverseLookup: true
    context.cert, context.key = params[:ssl_cert], params[:ssl_key]
    context.cert_store = OpenSSL::X509::Store.new
    context.cert_store.set_default_paths
    context.npn_protocols = params[:ssl_protocols] if params[:ssl_protocols]
    @ssl_socket = OpenSSL::SSL::SSLSocket.new(io, context)
    @ssl_socket.sync_close = true
    @ssl_socket.accept
  end
  raise "Not an SSL connection or SSL Socket creation failed" unless @ssl_socket
  super      
end

Instance Attribute Details

#ssl_socketObject (readonly)

the SSL socket


26
27
28
# File 'lib/greactor/io_ssl_wrappers.rb', line 26

def ssl_socket
  @ssl_socket
end

Class Method Details

.create_cert(bits = 2048, cn = nil, comment = 'a self signed certificate for when we only need encryption and no more.') ⇒ Object

creates a self-signed certificate


97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# File 'lib/greactor/io_ssl_wrappers.rb', line 97

def self.create_cert bits=2048, cn=nil, comment='a self signed certificate for when we only need encryption and no more.'
  unless cn
    host_name = Socket::gethostbyname(Socket::gethostname)[0].split('.')
    cn = ''
    host_name.each {|n| cn << "/DC=#{n}"}
    cn << "/CN=RGReactor.#{host_name.join('.')}"
  end      
  # cn ||= "CN=#{Socket::gethostbyname(Socket::gethostname)[0] rescue Socket::gethostname}"

  rsa = OpenSSL::PKey::RSA.new(bits)
  cert = OpenSSL::X509::Certificate.new
  cert.version = 2
  cert.serial = 1
  name = OpenSSL::X509::Name.parse(cn)
  cert.subject = name
  cert.issuer = name
  cert.not_before = Time.now
  cert.not_after = Time.now + (365*24*60*60)
  cert.public_key = rsa.public_key

  ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
  ef.issuer_certificate = cert
  cert.extensions = [
  ef.create_extension("basicConstraints","CA:FALSE"),
  ef.create_extension("keyUsage", "keyEncipherment"),
  ef.create_extension("subjectKeyIdentifier", "hash"),
  ef.create_extension("extendedKeyUsage", "serverAuth"),
  ef.create_extension("nsComment", comment),
  ]
  aki = ef.create_extension("authorityKeyIdentifier",
                          "keyid:always,issuer:always")
  cert.add_extension(aki)
  cert.sign(rsa, OpenSSL::Digest::SHA1.new)

  return cert, rsa
end

.self_cert(bits = 2048, cn = nil, comment = 'a self signed certificate for when we only need encryption and no more.') ⇒ Object

returns the current self-signed certificate - or creates a new one, if there is no current certificate.


92
93
94
95
# File 'lib/greactor/io_ssl_wrappers.rb', line 92

def self.self_cert bits=2048, cn=nil, comment='a self signed certificate for when we only need encryption and no more.'
  @@self_cert ||= create_cert
  return *@@self_cert
end

Instance Method Details

#read(size = 1048576) ⇒ Object


59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/greactor/io_ssl_wrappers.rb', line 59

def read size = 1048576
  @send_locker.synchronize do
    data = ''
    begin
       (data << @ssl_socket.read_nonblock(size).to_s) until data.bytesize >= size
    rescue => e
      
    end
    return false if data.to_s.empty?
    touch
    data
  end
end

#ssl?Boolean

returns true if the service is encrypted using the OpenSSL library.


55
56
57
# File 'lib/greactor/io_ssl_wrappers.rb', line 55

def ssl?
  true
end

#write(data) ⇒ Object Also known as: send, <<


73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/greactor/io_ssl_wrappers.rb', line 73

def write data
  begin
    @send_locker.synchronize do
      @t_active += 7200
      r = @ssl_socket.write data
      touch
      r
    end       
  rescue => e
    close
    false
  end
end