Class: Fluent::Plugin::SslCheckInput::SslClient
- Inherits:
-
Object
- Object
- Fluent::Plugin::SslCheckInput::SslClient
- Includes:
- Fluent::Plugin::SslCheck::SslCommon
- Defined in:
- lib/fluent/plugin/in_ssl_check.rb
Overview
ssl client
to check ssl status
Instance Attribute Summary collapse
-
#ca_file ⇒ Object
readonly
Returns the value of attribute ca_file.
-
#ca_path ⇒ Object
readonly
Returns the value of attribute ca_path.
-
#cert ⇒ Object
readonly
Returns the value of attribute cert.
-
#host ⇒ Object
readonly
Returns the value of attribute host.
-
#key ⇒ Object
readonly
Returns the value of attribute key.
-
#port ⇒ Object
readonly
Returns the value of attribute port.
-
#sni ⇒ Object
readonly
Returns the value of attribute sni.
-
#timeout ⇒ Object
readonly
Returns the value of attribute timeout.
-
#verify_mode ⇒ Object
readonly
Returns the value of attribute verify_mode.
Instance Method Summary collapse
-
#initialize(host:, port:, ca_path: nil, ca_file: nil, sni: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, cert: nil, key: nil, timeout: 5) ⇒ SslClient
constructor
rubocop:disable Metrics/ParameterLists.
- #ssl_context ⇒ Object
-
#ssl_info ⇒ Object
rubocop:enable Metrics/ParameterLists.
Methods included from Fluent::Plugin::SslCheck::SslCommon
Constructor Details
#initialize(host:, port:, ca_path: nil, ca_file: nil, sni: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, cert: nil, key: nil, timeout: 5) ⇒ SslClient
rubocop:disable Metrics/ParameterLists
145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 145 def initialize(host:, port:, ca_path: nil, ca_file: nil, sni: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, cert: nil, key: nil, timeout: 5) @host = host @port = port @ca_path = ca_path @ca_file = ca_file @sni = sni @verify_mode = verify_mode @cert = cert @key = key @timeout = timeout end |
Instance Attribute Details
#ca_file ⇒ Object (readonly)
Returns the value of attribute ca_file.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def ca_file @ca_file end |
#ca_path ⇒ Object (readonly)
Returns the value of attribute ca_path.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def ca_path @ca_path end |
#cert ⇒ Object (readonly)
Returns the value of attribute cert.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def cert @cert end |
#host ⇒ Object (readonly)
Returns the value of attribute host.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def host @host end |
#key ⇒ Object (readonly)
Returns the value of attribute key.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def key @key end |
#port ⇒ Object (readonly)
Returns the value of attribute port.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def port @port end |
#sni ⇒ Object (readonly)
Returns the value of attribute sni.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def sni @sni end |
#timeout ⇒ Object (readonly)
Returns the value of attribute timeout.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def timeout @timeout end |
#verify_mode ⇒ Object (readonly)
Returns the value of attribute verify_mode.
142 143 144 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142 def verify_mode @verify_mode end |
Instance Method Details
#ssl_context ⇒ Object
182 183 184 185 186 187 188 189 190 191 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 182 def ssl_context OpenSSL::SSL::SSLContext.new.tap do |ssl_context| ssl_context.verify_mode = verify_mode ssl_context.cert_store = ssl_store(ca_path: ca_path, ca_file: ca_file) ssl_context.min_version = nil ssl_context.max_version = OpenSSL::SSL::TLS1_2_VERSION ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(cert)) if cert ssl_context.key = OpenSSL::PKey::RSA.new(File.open(key)) if key end end |
#ssl_info ⇒ Object
rubocop:enable Metrics/ParameterLists
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/fluent/plugin/in_ssl_check.rb', line 160 def ssl_info info = Fluent::Plugin::SslCheck::SslInfo.new(host: host, port: port) begin Timeout.timeout(timeout) do tcp_socket = TCPSocket.open(host, port) ssl_socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ssl_context) ssl_socket.hostname = host if sni ssl_socket.connect ssl_socket.sysclose tcp_socket.close # cert_store.verify(ssl_socket.peer_cert, ssl_socket.peer_cert_chain) info.cert = ssl_socket.peer_cert info.cert_chain = ssl_socket.peer_cert_chain info.ssl_version = ssl_socket.ssl_version end rescue StandardError => e info.error = e end info end |