Class: Puma::MiniSSL::ContextBuilder

Inherits:
Object
  • Object
show all
Defined in:
lib/puma/minissl/context_builder.rb

Instance Method Summary collapse

Constructor Details

#initialize(params, log_writer) ⇒ ContextBuilder

Returns a new instance of ContextBuilder.



4
5
6
7
# File 'lib/puma/minissl/context_builder.rb', line 4

def initialize(params, log_writer)
  @params = params
  @log_writer = log_writer
end

Instance Method Details

#contextObject



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/puma/minissl/context_builder.rb', line 9

def context
  ctx = MiniSSL::Context.new

  if defined?(JRUBY_VERSION)
    unless params['keystore']
      log_writer.error "Please specify the Java keystore via 'keystore='"
    end

    ctx.keystore = params['keystore']

    unless params['keystore-pass']
      log_writer.error "Please specify the Java keystore password  via 'keystore-pass='"
    end

    ctx.keystore_pass = params['keystore-pass']
    ctx.keystore_type = params['keystore-type']

    if truststore = params['truststore']
      ctx.truststore = truststore.eql?('default') ? :default : truststore
      ctx.truststore_pass = params['truststore-pass']
      ctx.truststore_type = params['truststore-type']
    end

    ctx.cipher_suites = params['cipher_suites'] || params['ssl_cipher_list']
    ctx.protocols = params['protocols'] if params['protocols']
  else
    if params['key'].nil? && params['key_pem'].nil?
      log_writer.error "Please specify the SSL key via 'key=' or 'key_pem='"
    end

    ctx.key = params['key'] if params['key']
    ctx.key_pem = params['key_pem'] if params['key_pem']
    ctx.key_password_command = params['key_password_command'] if params['key_password_command']

    if params['cert'].nil? && params['cert_pem'].nil?
      log_writer.error "Please specify the SSL cert via 'cert=' or 'cert_pem='"
    end

    ctx.cert = params['cert'] if params['cert']
    ctx.cert_pem = params['cert_pem'] if params['cert_pem']

    if ['peer', 'force_peer'].include?(params['verify_mode'])
      unless params['ca']
        log_writer.error "Please specify the SSL ca via 'ca='"
      end
      # needed for Puma::MiniSSL::Socket#peercert, env['puma.peercert']
      require 'openssl'
    end

    ctx.ca = params['ca'] if params['ca']
    ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter']
    ctx.ssl_ciphersuites = params['ssl_ciphersuites'] if params['ssl_ciphersuites'] && HAS_TLS1_3

    ctx.reuse = params['reuse'] if params['reuse']
  end

  ctx.no_tlsv1   = params['no_tlsv1'] == 'true'
  ctx.no_tlsv1_1 = params['no_tlsv1_1'] == 'true'

  if params['verify_mode']
    ctx.verify_mode = case params['verify_mode']
                      when "peer"
                        MiniSSL::VERIFY_PEER
                      when "force_peer"
                        MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
                      when "none"
                        MiniSSL::VERIFY_NONE
                      else
                        log_writer.error "Please specify a valid verify_mode="
                        MiniSSL::VERIFY_NONE
                      end
  end

  if params['verification_flags']
    ctx.verification_flags = params['verification_flags'].split(',').
      map { |flag| MiniSSL::VERIFICATION_FLAGS.fetch(flag) }.
      inject { |sum, flag| sum ? sum | flag : flag }
  end

  ctx
end