class HTTPI::Auth::SSL
HTTPI::Auth::SSL
¶ ↑
Provides SSL
client authentication.
Constants
- CERT_TYPES
- MIN_MAX_VERSIONS
Returns OpenSSL::SSL::*_VERSION values for
min_version
andmax_version
- SSL_VERSIONS
- VERIFY_MODES
Attributes
Sets the OpenSSL
ca certificate.
Accessor for the cacert file to validate SSL
certificates.
Accessor for the ca_path to validate SSL
certificates.
Sets the OpenSSL
certificate.
Accessor for the cert file to validate SSL
connections.
Sets the OpenSSL
certificate key.
Accessor for the cert key file to validate SSL
certificates.
Accessor for the cert key password to validate SSL
certificates.
Certificate store holds trusted CA certificates used to verify peer certificates.
Accessor for the SSL
ciphers list.
Public Instance Methods
Returns an OpenSSL::X509::Certificate
for the ca_cert_file
.
# File lib/httpi/auth/ssl.rb, line 153 def ca_cert @ca_cert ||= OpenSSL::X509::Certificate.new File.read(ca_cert_file) end
Returns an OpenSSL::X509::Certificate
for the cert_file
.
# File lib/httpi/auth/ssl.rb, line 145 def cert @cert ||= (OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file) end
Returns an OpenSSL::PKey
subclass (usually OpenSSL::PKey::RSA
) for the cert_key_file
.
# File lib/httpi/auth/ssl.rb, line 161 def cert_key @cert_key ||= (OpenSSL::PKey.read(File.read(cert_key_file), cert_key_password) if cert_key_file) end
Returns the cert type to validate SSL
certificates PEM|DER.
# File lib/httpi/auth/ssl.rb, line 70 def cert_type @cert_type ||= :pem end
Sets the cert type to validate SSL
certificates PEM|DER.
# File lib/httpi/auth/ssl.rb, line 75 def cert_type=(type) unless CERT_TYPES.include? type raise ArgumentError, "Invalid SSL cert type #{type.inspect}\n" + "Please specify one of #{CERT_TYPES.inspect}" end @cert_type = type end
Sets the available symmetric algorithms for encryption and decryption. @see OpenSSL::SSL::SSLContext#ciphers @example
ssl.ciphers = "cipher1:cipher2:..." ssl.ciphers = [name, ...] ssl.ciphers = [[name, version, bits, alg_bits], ...]
# File lib/httpi/auth/ssl.rb, line 60 def ciphers=(ciphers) @ciphers = if ciphers context = OpenSSL::SSL::SSLContext.new context.ciphers = ciphers context.ciphers.map(&:first) end end
Returns the SSL
min_version
number. Defaults to nil
(auto-negotiate).
# File lib/httpi/auth/ssl.rb, line 130 def max_version @max_version ||= nil end
Sets the SSL
min_version
number. Expects one of HTTPI::Auth::SSL::MIN_MAX_VERSIONS
.
# File lib/httpi/auth/ssl.rb, line 135 def max_version=(version) unless MIN_MAX_VERSIONS.include? version raise ArgumentError, "Invalid SSL max_version #{version.inspect}\n" + "Please specify one of #{MIN_MAX_VERSIONS.inspect}" end @max_version = version end
Returns the SSL
min_version
number. Defaults to nil
(auto-negotiate).
# File lib/httpi/auth/ssl.rb, line 115 def min_version @min_version ||= nil end
Sets the SSL
min_version
number. Expects one of HTTPI::Auth::SSL::MIN_MAX_VERSIONS
.
# File lib/httpi/auth/ssl.rb, line 120 def min_version=(version) unless MIN_MAX_VERSIONS.include? version raise ArgumentError, "Invalid SSL min_version #{version.inspect}\n" + "Please specify one of #{MIN_MAX_VERSIONS.inspect}" end @min_version = version end
Returns the SSL
verify mode as a OpenSSL::SSL::VERIFY_*
constant.
# File lib/httpi/auth/ssl.rb, line 169 def openssl_verify_mode case verify_mode when :none then OpenSSL::SSL::VERIFY_NONE when :peer then OpenSSL::SSL::VERIFY_PEER when :fail_if_no_peer_cert then OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT when :client_once then OpenSSL::SSL::VERIFY_CLIENT_ONCE end end
Returns whether SSL
configuration is present.
# File lib/httpi/auth/ssl.rb, line 27 def present? (verify_mode == :none) || (cert && cert_key) || ca_cert_file || ciphers rescue TypeError, Errno::ENOENT false end
Returns the SSL
version number. Defaults to nil
(auto-negotiate).
# File lib/httpi/auth/ssl.rb, line 100 def ssl_version @ssl_version ||= nil end
Sets the SSL
version number. Expects one of HTTPI::Auth::SSL::SSL_VERSIONS
.
# File lib/httpi/auth/ssl.rb, line 105 def ssl_version=(version) unless SSL_VERSIONS.include? version raise ArgumentError, "Invalid SSL version #{version.inspect}\n" + "Please specify one of #{SSL_VERSIONS.inspect}" end @ssl_version = version end
Returns the SSL
verify mode. Defaults to :peer
.
# File lib/httpi/auth/ssl.rb, line 85 def verify_mode @verify_mode ||= :peer end
Sets the SSL
verify mode. Expects one of HTTPI::Auth::SSL::VERIFY_MODES
.
# File lib/httpi/auth/ssl.rb, line 90 def verify_mode=(mode) unless VERIFY_MODES.include? mode raise ArgumentError, "Invalid SSL verify mode #{mode.inspect}\n" + "Please specify one of #{VERIFY_MODES.inspect}" end @verify_mode = mode end