Class: HTTPI::Auth::SSL

Inherits:
Object
  • Object
show all
Defined in:
lib/httpi/auth/ssl.rb

Overview

HTTPI::Auth::SSL

Provides SSL client authentication.

Constant Summary collapse

VERIFY_MODES =
[:none, :peer, :fail_if_no_peer_cert, :client_once]
CERT_TYPES =
[:pem, :der]

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#ca_certObject

Returns an OpenSSL::X509::Certificate for the ca_cert_file.



64
65
66
# File 'lib/httpi/auth/ssl.rb', line 64

def ca_cert
  @ca_cert ||= OpenSSL::X509::Certificate.new File.read(ca_cert_file)
end

#ca_cert_fileObject

Accessor for the cacert file to validate SSL certificates.



31
32
33
# File 'lib/httpi/auth/ssl.rb', line 31

def ca_cert_file
  @ca_cert_file
end

#certObject

Returns an OpenSSL::X509::Certificate for the cert_file.



56
57
58
# File 'lib/httpi/auth/ssl.rb', line 56

def cert
  @cert ||= OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file
end

#cert_fileObject

Accessor for the cert file to validate SSL connections.



28
29
30
# File 'lib/httpi/auth/ssl.rb', line 28

def cert_file
  @cert_file
end

#cert_keyObject

Returns an OpenSSL::PKey::RSA for the cert_key_file.



72
73
74
# File 'lib/httpi/auth/ssl.rb', line 72

def cert_key
  @cert_key ||= OpenSSL::PKey::RSA.new(File.read(cert_key_file), cert_key_password) if cert_key_file
end

#cert_key_fileObject

Accessor for the cert key file to validate SSL certificates.



22
23
24
# File 'lib/httpi/auth/ssl.rb', line 22

def cert_key_file
  @cert_key_file
end

#cert_key_passwordObject

Accessor for the cert key password to validate SSL certificates.



25
26
27
# File 'lib/httpi/auth/ssl.rb', line 25

def cert_key_password
  @cert_key_password
end

Instance Method Details

#cert_typeObject

Returns the cert type to validate SSL certificates PEM|DER.



34
35
36
# File 'lib/httpi/auth/ssl.rb', line 34

def cert_type
  @cert_type ||= :pem
end

#cert_type=(type) ⇒ Object

Sets the cert type to validate SSL certificates PEM|DER.

Raises:

  • (ArgumentError)


39
40
41
42
# File 'lib/httpi/auth/ssl.rb', line 39

def cert_type=(type)
  raise ArgumentError, "Invalid SSL cert type: #{type}" unless CERT_TYPES.include? type
  @cert_type = type
end

#openssl_verify_modeObject

Returns the SSL verify mode as a OpenSSL::SSL::VERIFY_* constant.



80
81
82
83
84
85
86
87
# File 'lib/httpi/auth/ssl.rb', line 80

def openssl_verify_mode
  case verify_mode
    when :none                 then OpenSSL::SSL::VERIFY_NONE
    when :peer                 then OpenSSL::SSL::VERIFY_PEER
    when :fail_if_no_peer_cert then OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
    when :client_once          then OpenSSL::SSL::VERIFY_CLIENT_ONCE
  end
end

#present?Boolean

Returns whether SSL configuration is present.

Returns:

  • (Boolean)


15
16
17
18
19
# File 'lib/httpi/auth/ssl.rb', line 15

def present?
  (verify_mode == :none) || (cert && cert_key)
rescue TypeError, Errno::ENOENT
  false
end

#verify_modeObject

Returns the SSL verify mode. Defaults to :peer.



45
46
47
# File 'lib/httpi/auth/ssl.rb', line 45

def verify_mode
  @verify_mode ||= :peer
end

#verify_mode=(mode) ⇒ Object

Sets the SSL verify mode. Expects one of HTTPI::Auth::SSL::VERIFY_MODES.

Raises:

  • (ArgumentError)


50
51
52
53
# File 'lib/httpi/auth/ssl.rb', line 50

def verify_mode=(mode)
  raise ArgumentError, "Invalid SSL verify mode: #{mode}" unless VERIFY_MODES.include? mode
  @verify_mode = mode
end