Class: Fluent::Plugin::SslCheckInput::SslClient

Inherits:

Object

• Object
• Fluent::Plugin::SslCheckInput::SslClient

Defined in:

lib/fluent/plugin/in_ssl_check.rb

Overview

ssl client

to check ssl status

Instance Attribute Summary

• #ca_file ⇒ Object readonly

  Returns the value of attribute ca_file.

• #ca_path ⇒ Object readonly

  Returns the value of attribute ca_path.

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #port ⇒ Object readonly

  Returns the value of attribute port.

• #timeout ⇒ Object readonly

  Returns the value of attribute timeout.

Instance Method Summary

• #initialize(host:, port:, ca_path: nil, ca_file: nil, timeout: 5) ⇒ SslClient constructor

  A new instance of SslClient.

• #ssl_context ⇒ Object
• #ssl_info ⇒ Object
• #store ⇒ Object

Constructor Details

#initialize(host:, port:, ca_path: nil, ca_file: nil, timeout: 5) ⇒ SslClient

Returns a new instance of SslClient.

# File 'lib/fluent/plugin/in_ssl_check.rb', line 216

def initialize(host:, port:, ca_path: nil, ca_file: nil, timeout: 5)
  @host = host
  @port = port
  @ca_path = ca_path
  @ca_file = ca_file
  @timeout = timeout
end

Instance Attribute Details

#ca_file ⇒ Object (readonly)

Returns the value of attribute ca_file.

# File 'lib/fluent/plugin/in_ssl_check.rb', line 214

def ca_file
  @ca_file
end

#ca_path ⇒ Object (readonly)

Returns the value of attribute ca_path.

# File 'lib/fluent/plugin/in_ssl_check.rb', line 214

def ca_path
  @ca_path
end

#host ⇒ Object (readonly)

Returns the value of attribute host.

# File 'lib/fluent/plugin/in_ssl_check.rb', line 214

def host
  @host
end

#port ⇒ Object (readonly)

Returns the value of attribute port.

# File 'lib/fluent/plugin/in_ssl_check.rb', line 214

def port
  @port
end

#timeout ⇒ Object (readonly)

Returns the value of attribute timeout.

# File 'lib/fluent/plugin/in_ssl_check.rb', line 214

def timeout
  @timeout
end

Instance Method Details

#ssl_context ⇒ Object

# File 'lib/fluent/plugin/in_ssl_check.rb', line 253

def ssl_context
  OpenSSL::SSL::SSLContext.new.tap do |ssl_context|
    ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
    ssl_context.cert_store = store
    ssl_context.min_version = nil
    ssl_context.max_version = OpenSSL::SSL::TLS1_2_VERSION
  end
end

#ssl_info ⇒ Object

# File 'lib/fluent/plugin/in_ssl_check.rb', line 224

def ssl_info
  info = SslInfo.new(host: host, port: port)
  begin
    Timeout.timeout(timeout) do
      tcp_socket = TCPSocket.open(host, port)
      ssl_socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ssl_context)
      ssl_socket.connect
      ssl_socket.sysclose
      tcp_socket.close

      # cert_store.verify(ssl_socket.peer_cert, ssl_socket.peer_cert_chain)
      info.cert = ssl_socket.peer_cert
      info.cert_chain = ssl_socket.peer_cert_chain
      info.ssl_version = ssl_socket.ssl_version
    end
  rescue StandardError => e
    info.error = e
  end
  info
end

#store ⇒ Object

# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def store
  OpenSSL::X509::Store.new.tap do |store|
    store.set_default_paths
    store.add_path(ca_path) if ca_path
    store.add_file(ca_file) if ca_file
  end
end