Class: Fluent::Plugin::SslCheckInput::SslClient

Inherits:
Object
  • Object
show all
Defined in:
lib/fluent/plugin/in_ssl_check.rb

Overview

ssl client

to check ssl status

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(host:, port:, ca_path: nil, ca_file: nil, sni: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, cert: nil, key: nil, timeout: 5) ⇒ SslClient

rubocop:disable Metrics/ParameterLists



248
249
250
251
252
253
254
255
256
257
258
259
260
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 248

def initialize(host:, port:, ca_path: nil, ca_file: nil, sni: true, verify_mode: OpenSSL::SSL::VERIFY_PEER,
               cert: nil, key: nil,
               timeout: 5)
  @host = host
  @port = port
  @ca_path = ca_path
  @ca_file = ca_file
  @sni = sni
  @verify_mode = verify_mode
  @cert = cert
  @key = key
  @timeout = timeout
end

Instance Attribute Details

#ca_fileObject (readonly)

Returns the value of attribute ca_file.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def ca_file
  @ca_file
end

#ca_pathObject (readonly)

Returns the value of attribute ca_path.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def ca_path
  @ca_path
end

#certObject (readonly)

Returns the value of attribute cert.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def cert
  @cert
end

#hostObject (readonly)

Returns the value of attribute host.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def host
  @host
end

#keyObject (readonly)

Returns the value of attribute key.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def key
  @key
end

#portObject (readonly)

Returns the value of attribute port.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def port
  @port
end

#sniObject (readonly)

Returns the value of attribute sni.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def sni
  @sni
end

#timeoutObject (readonly)

Returns the value of attribute timeout.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def timeout
  @timeout
end

#verify_modeObject (readonly)

Returns the value of attribute verify_mode.



245
246
247
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 245

def verify_mode
  @verify_mode
end

Instance Method Details

#ssl_contextObject 



293
294
295
296
297
298
299
300
301
302
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 293

def ssl_context
  OpenSSL::SSL::SSLContext.new.tap do |ssl_context|
    ssl_context.verify_mode = verify_mode
    ssl_context.cert_store = store
    ssl_context.min_version = nil
    ssl_context.max_version = OpenSSL::SSL::TLS1_2_VERSION
    ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(cert)) if cert
    ssl_context.key = OpenSSL::PKey::RSA.new(File.open(key)) if key
  end
end

#ssl_infoObject

rubocop:enable Metrics/ParameterLists



263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 263

def ssl_info
  info = SslInfo.new(host: host, port: port)
  begin
    Timeout.timeout(timeout) do
      tcp_socket = TCPSocket.open(host, port)
      ssl_socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ssl_context)
      ssl_socket.hostname = host if sni
      ssl_socket.connect
      ssl_socket.sysclose
      tcp_socket.close

      # cert_store.verify(ssl_socket.peer_cert, ssl_socket.peer_cert_chain)
      info.cert = ssl_socket.peer_cert
      info.cert_chain = ssl_socket.peer_cert_chain
      info.ssl_version = ssl_socket.ssl_version
    end
  rescue StandardError => e
    info.error = e
  end
  info
end

#storeObject 



285
286
287
288
289
290
291
 
# File 'lib/fluent/plugin/in_ssl_check.rb', line 285

def store
  OpenSSL::X509::Store.new.tap do |store|
    store.set_default_paths
    store.add_path(ca_path) if ca_path
    store.add_file(ca_file) if ca_file
  end
end