class HTTPI::Auth::SSL

HTTPI::Auth::SSL

Provides SSL client authentication.

Constants

CERT_TYPES
MIN_MAX_VERSIONS

Returns OpenSSL::SSL::*_VERSION values for min_version and max_version

SSL_VERSIONS
VERIFY_MODES

Attributes

ca_cert[W]

Sets the OpenSSL ca certificate.

ca_cert_file[RW]

Accessor for the cacert file to validate SSL certificates.

ca_cert_path[RW]

Accessor for the ca_path to validate SSL certificates.

cert[W]

Sets the OpenSSL certificate.

cert_file[RW]

Accessor for the cert file to validate SSL connections.

cert_key[W]

Sets the OpenSSL certificate key.

cert_key_file[RW]

Accessor for the cert key file to validate SSL certificates.

cert_key_password[RW]

Accessor for the cert key password to validate SSL certificates.

cert_store[RW]

Certificate store holds trusted CA certificates used to verify peer certificates.

ciphers[R]

Accessor for the SSL ciphers list.

Public Instance Methods

ca_cert() click to toggle source

Returns an OpenSSL::X509::Certificate for the ca_cert_file.

# File lib/httpi/auth/ssl.rb, line 153
def ca_cert
  @ca_cert ||= OpenSSL::X509::Certificate.new File.read(ca_cert_file)
end
cert() click to toggle source

Returns an OpenSSL::X509::Certificate for the cert_file.

# File lib/httpi/auth/ssl.rb, line 145
def cert
  @cert ||= (OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file)
end
cert_key() click to toggle source

Returns an OpenSSL::PKey subclass (usually OpenSSL::PKey::RSA) for the cert_key_file.

# File lib/httpi/auth/ssl.rb, line 161
def cert_key
  @cert_key ||= (OpenSSL::PKey.read(File.read(cert_key_file), cert_key_password) if cert_key_file)
end
cert_type() click to toggle source

Returns the cert type to validate SSL certificates PEM|DER.

# File lib/httpi/auth/ssl.rb, line 70
def cert_type
  @cert_type ||= :pem
end
cert_type=(type) click to toggle source

Sets the cert type to validate SSL certificates PEM|DER.

# File lib/httpi/auth/ssl.rb, line 75
def cert_type=(type)
  unless CERT_TYPES.include? type
    raise ArgumentError, "Invalid SSL cert type #{type.inspect}\n" +
                         "Please specify one of #{CERT_TYPES.inspect}"
  end

  @cert_type = type
end
ciphers=(ciphers) click to toggle source

Sets the available symmetric algorithms for encryption and decryption. @see OpenSSL::SSL::SSLContext#ciphers @example

ssl.ciphers = "cipher1:cipher2:..."
ssl.ciphers = [name, ...]
ssl.ciphers = [[name, version, bits, alg_bits], ...]
# File lib/httpi/auth/ssl.rb, line 60
def ciphers=(ciphers)
  @ciphers =
    if ciphers
      context = OpenSSL::SSL::SSLContext.new
      context.ciphers = ciphers
      context.ciphers.map(&:first)
    end
end
max_version() click to toggle source

Returns the SSL min_version number. Defaults to nil (auto-negotiate).

# File lib/httpi/auth/ssl.rb, line 130
def max_version
  @max_version ||= nil
end
max_version=(version) click to toggle source

Sets the SSL min_version number. Expects one of HTTPI::Auth::SSL::MIN_MAX_VERSIONS.

# File lib/httpi/auth/ssl.rb, line 135
def max_version=(version)
  unless MIN_MAX_VERSIONS.include? version
    raise ArgumentError, "Invalid SSL max_version #{version.inspect}\n" +
                         "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
  end

  @max_version = version
end
min_version() click to toggle source

Returns the SSL min_version number. Defaults to nil (auto-negotiate).

# File lib/httpi/auth/ssl.rb, line 115
def min_version
  @min_version ||= nil
end
min_version=(version) click to toggle source

Sets the SSL min_version number. Expects one of HTTPI::Auth::SSL::MIN_MAX_VERSIONS.

# File lib/httpi/auth/ssl.rb, line 120
def min_version=(version)
  unless MIN_MAX_VERSIONS.include? version
    raise ArgumentError, "Invalid SSL min_version #{version.inspect}\n" +
                         "Please specify one of #{MIN_MAX_VERSIONS.inspect}"
  end

  @min_version = version
end
openssl_verify_mode() click to toggle source

Returns the SSL verify mode as a OpenSSL::SSL::VERIFY_* constant.

# File lib/httpi/auth/ssl.rb, line 169
def openssl_verify_mode
  case verify_mode
    when :none                 then OpenSSL::SSL::VERIFY_NONE
    when :peer                 then OpenSSL::SSL::VERIFY_PEER
    when :fail_if_no_peer_cert then OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
    when :client_once          then OpenSSL::SSL::VERIFY_CLIENT_ONCE
  end
end
present?() click to toggle source

Returns whether SSL configuration is present.

# File lib/httpi/auth/ssl.rb, line 27
def present?
  (verify_mode == :none) || (cert && cert_key) || ca_cert_file || ciphers
rescue TypeError, Errno::ENOENT
  false
end
ssl_version() click to toggle source

Returns the SSL version number. Defaults to nil (auto-negotiate).

# File lib/httpi/auth/ssl.rb, line 100
def ssl_version
  @ssl_version ||= nil
end
ssl_version=(version) click to toggle source

Sets the SSL version number. Expects one of HTTPI::Auth::SSL::SSL_VERSIONS.

# File lib/httpi/auth/ssl.rb, line 105
def ssl_version=(version)
  unless SSL_VERSIONS.include? version
    raise ArgumentError, "Invalid SSL version #{version.inspect}\n" +
                         "Please specify one of #{SSL_VERSIONS.inspect}"
  end

  @ssl_version = version
end
verify_mode() click to toggle source

Returns the SSL verify mode. Defaults to :peer.

# File lib/httpi/auth/ssl.rb, line 85
def verify_mode
  @verify_mode ||= :peer
end
verify_mode=(mode) click to toggle source

Sets the SSL verify mode. Expects one of HTTPI::Auth::SSL::VERIFY_MODES.

# File lib/httpi/auth/ssl.rb, line 90
def verify_mode=(mode)
  unless VERIFY_MODES.include? mode
    raise ArgumentError, "Invalid SSL verify mode #{mode.inspect}\n" +
                         "Please specify one of #{VERIFY_MODES.inspect}"
  end

  @verify_mode = mode
end