class InstanceAgent::Plugins::CodeDeployPlugin::CodeDeployControlCertVerifier
Public Class Methods
new(endpoint)
click to toggle source
# File lib/instance_agent/plugins/codedeploy/codedeploy_control.rb, line 62 def initialize(endpoint) @endpoint = endpoint @region = ENV['AWS_REGION'] || InstanceMetadata.region end
Public Instance Methods
verify_cert()
click to toggle source
# File lib/instance_agent/plugins/codedeploy/codedeploy_control.rb, line 67 def verify_cert uri = URI(@endpoint) client = Net::HTTP.new(uri.host, uri.port) client.use_ssl = true client.verify_mode = OpenSSL::SSL::VERIFY_PEER client.ca_file = ENV['SSL_CERT_FILE'] if InstanceAgent::Config.config[:proxy_uri] proxy_uri = URI(InstanceAgent::Config.config[:proxy_uri]) client.proxy_from_env = false # make sure proxy settings can be overridden client.proxy_address = proxy_uri.host client.proxy_port = proxy_uri.port client.proxy_user = proxy_uri.user if proxy_uri.user client.proxy_pass = proxy_uri.password if proxy_uri.password end client.verify_callback = lambda do |preverify_ok, cert_store| return false unless preverify_ok @cert = cert_store.chain[0] verify_subject end response = client.get '/' end
verify_subject()
click to toggle source
Do minimal cert pinning
# File lib/instance_agent/plugins/codedeploy/codedeploy_control.rb, line 93 def verify_subject InstanceAgent::Log.debug("#{self.class.to_s}: Actual certificate subject is '#{@cert.subject.to_s}'") @cert.subject.to_s == "/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=codedeploy-commands."+@region+".amazonaws.com" end