Class: SecureHeaders::ExpectCertificateTransparency

Inherits:
Object
  • Object
show all
Defined in:
lib/secure_headers/headers/expect_certificate_transparency.rb

Constant Summary collapse

HEADER_NAME = 
"Expect-CT".freeze
CONFIG_KEY = 
:expect_certificate_transparency
INVALID_CONFIGURATION_ERROR = 
"config must be a hash.".freeze
INVALID_ENFORCE_VALUE_ERROR = 
"enforce must be a boolean".freeze
REQUIRED_MAX_AGE_ERROR = 
"max-age is a required directive.".freeze
INVALID_MAX_AGE_ERROR = 
"max-age must be a number.".freeze

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(config) ⇒ ExpectCertificateTransparency

Returns a new instance of ExpectCertificateTransparency.



41
42
43
44
45
 
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 41

def initialize(config)
  @enforced   = config.fetch(:enforce, nil)
  @max_age    = config.fetch(:max_age, nil)
  @report_uri = config.fetch(:report_uri, nil)
end

Class Method Details

.make_header(config) ⇒ Object

Public: Generate a Expect-CT header.

Returns nil if not configured, returns header name and value if configured.



18
19
20
21
22
23
 
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 18

def make_header(config)
  return if config.nil?

  header = new(config)
  [HEADER_NAME, header.value]
end

.validate_config!(config) ⇒ Object

Raises:



25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 25

def validate_config!(config)
  return if config.nil? || config == OPT_OUT
  raise ExpectCertificateTransparencyConfigError.new(INVALID_CONFIGURATION_ERROR) unless config.is_a? Hash

  unless [true, false, nil].include?(config[:enforce])
    raise ExpectCertificateTransparencyConfigError.new(INVALID_ENFORCE_VALUE_ERROR)
  end

  if !config[:max_age]
    raise ExpectCertificateTransparencyConfigError.new(REQUIRED_MAX_AGE_ERROR)
  elsif config[:max_age].to_s !~ /\A\d+\z/
    raise ExpectCertificateTransparencyConfigError.new(INVALID_MAX_AGE_ERROR)
  end
end

Instance Method Details

#enforced_directiveObject 



55
56
57
58
59
60
 
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 55

def enforced_directive
  # Unfortunately `if @enforced` isn't enough here in case someone
  # passes in a random string so let's be specific with it to prevent
  # accidental enforcement.
  "enforce" if @enforced == true
end

#max_age_directiveObject 



62
63
64
 
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 62

def max_age_directive
  "max-age=#{@max_age}" if @max_age
end

#report_uri_directiveObject 



66
67
68
 
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 66

def report_uri_directive
  "report-uri=\"#{@report_uri}\"" if @report_uri
end

#valueObject 



47
48
49
50
51
52
53
 
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 47

def value
  [
    enforced_directive,
    max_age_directive,
    report_uri_directive
  ].compact.join(", ").strip
end