Class: Fluent::Plugin::SslCheckInput::SslClient

Inherits:
Object
  • Object
show all
Includes:
Fluent::Plugin::SslCheck::SslCommon
Defined in:
lib/fluent/plugin/in_ssl_check.rb

Overview

ssl client

to check ssl status

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Fluent::Plugin::SslCheck::SslCommon

#ssl_store

Constructor Details

#initialize(host:, port:, ca_path: nil, ca_file: nil, sni: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, cert: nil, key: nil, timeout: 5) ⇒ SslClient

rubocop:disable Metrics/ParameterLists



145
146
147
148
149
150
151
152
153
154
155
156
157
# File 'lib/fluent/plugin/in_ssl_check.rb', line 145

def initialize(host:, port:, ca_path: nil, ca_file: nil, sni: true, verify_mode: OpenSSL::SSL::VERIFY_PEER,
               cert: nil, key: nil,
               timeout: 5)
  @host = host
  @port = port
  @ca_path = ca_path
  @ca_file = ca_file
  @sni = sni
  @verify_mode = verify_mode
  @cert = cert
  @key = key
  @timeout = timeout
end

Instance Attribute Details

#ca_fileObject (readonly)

Returns the value of attribute ca_file.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def ca_file
  @ca_file
end

#ca_pathObject (readonly)

Returns the value of attribute ca_path.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def ca_path
  @ca_path
end

#certObject (readonly)

Returns the value of attribute cert.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def cert
  @cert
end

#hostObject (readonly)

Returns the value of attribute host.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def host
  @host
end

#keyObject (readonly)

Returns the value of attribute key.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def key
  @key
end

#portObject (readonly)

Returns the value of attribute port.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def port
  @port
end

#sniObject (readonly)

Returns the value of attribute sni.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def sni
  @sni
end

#timeoutObject (readonly)

Returns the value of attribute timeout.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def timeout
  @timeout
end

#verify_modeObject (readonly)

Returns the value of attribute verify_mode.



142
143
144
# File 'lib/fluent/plugin/in_ssl_check.rb', line 142

def verify_mode
  @verify_mode
end

Instance Method Details

#ssl_contextObject



182
183
184
185
186
187
188
189
190
191
# File 'lib/fluent/plugin/in_ssl_check.rb', line 182

def ssl_context
  OpenSSL::SSL::SSLContext.new.tap do |ssl_context|
    ssl_context.verify_mode = verify_mode
    ssl_context.cert_store = ssl_store(ca_path: ca_path, ca_file: ca_file)
    ssl_context.min_version = nil
    ssl_context.max_version = OpenSSL::SSL::TLS1_2_VERSION
    ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(cert)) if cert
    ssl_context.key = OpenSSL::PKey::RSA.new(File.open(key)) if key
  end
end

#ssl_infoObject

rubocop:enable Metrics/ParameterLists



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# File 'lib/fluent/plugin/in_ssl_check.rb', line 160

def ssl_info
  info = Fluent::Plugin::SslCheck::SslInfo.new(host: host, port: port)
  begin
    Timeout.timeout(timeout) do
      tcp_socket = TCPSocket.open(host, port)
      ssl_socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ssl_context)
      ssl_socket.hostname = host if sni
      ssl_socket.connect
      ssl_socket.sysclose
      tcp_socket.close

      # cert_store.verify(ssl_socket.peer_cert, ssl_socket.peer_cert_chain)
      info.cert = ssl_socket.peer_cert
      info.cert_chain = ssl_socket.peer_cert_chain
      info.ssl_version = ssl_socket.ssl_version
    end
  rescue StandardError => e
    info.error = e
  end
  info
end