Class: SecureHeaders::PublicKeyPins
- Inherits:
-
Object
- Object
- SecureHeaders::PublicKeyPins
- Defined in:
- lib/secure_headers/headers/public_key_pins.rb
Constant Summary collapse
- HEADER_NAME =
"Public-Key-Pins".freeze
- REPORT_ONLY =
"Public-Key-Pins-Report-Only".freeze
- HASH_ALGORITHMS =
[:sha256].freeze
- CONFIG_KEY =
:hpkp
Class Method Summary collapse
-
.make_header(config) ⇒ Object
Public: make an hpkp header name, value pair.
- .validate_config!(config) ⇒ Object
Instance Method Summary collapse
-
#initialize(config) ⇒ PublicKeyPins
constructor
A new instance of PublicKeyPins.
- #max_age_directive ⇒ Object
- #name ⇒ Object
- #pin_directives ⇒ Object
- #report_uri_directive ⇒ Object
- #subdomain_directive ⇒ Object
- #value ⇒ Object
Constructor Details
#initialize(config) ⇒ PublicKeyPins
Returns a new instance of PublicKeyPins.
36 37 38 39 40 41 42 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 36 def initialize(config) @max_age = config.fetch(:max_age, nil) @pins = config.fetch(:pins, nil) @report_uri = config.fetch(:report_uri, nil) @report_only = !!config.fetch(:report_only, nil) @include_subdomains = !!config.fetch(:include_subdomains, nil) end |
Class Method Details
.make_header(config) ⇒ Object
Public: make an hpkp header name, value pair
Returns nil if not configured, returns header name and value if configured.
15 16 17 18 19 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 15 def make_header(config) return if config.nil? header = new(config) [header.name, header.value] end |
.validate_config!(config) ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 21 def validate_config!(config) return if config.nil? || config == OPT_OUT raise PublicKeyPinsConfigError.new("config must be a hash.") unless config.is_a? Hash if !config[:max_age] raise PublicKeyPinsConfigError.new("max-age is a required directive.") elsif config[:max_age].to_s !~ /\A\d+\z/ raise PublicKeyPinsConfigError.new("max-age must be a number. #{config[:max_age]} was supplied.") elsif config[:pins] && config[:pins].length < 2 raise PublicKeyPinsConfigError.new("A minimum of 2 pins are required.") end end |
Instance Method Details
#max_age_directive ⇒ Object
70 71 72 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 70 def max_age_directive "max-age=#{@max_age}" if @max_age end |
#name ⇒ Object
44 45 46 47 48 49 50 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 44 def name if @report_only REPORT_ONLY else HEADER_NAME end end |
#pin_directives ⇒ Object
61 62 63 64 65 66 67 68 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 61 def pin_directives return nil if @pins.nil? @pins.collect do |pin| pin.map do |token, hash| "pin-#{token}=\"#{hash}\"" if HASH_ALGORITHMS.include?(token) end end.join("; ") end |
#report_uri_directive ⇒ Object
74 75 76 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 74 def report_uri_directive "report-uri=\"#{@report_uri}\"" if @report_uri end |
#subdomain_directive ⇒ Object
78 79 80 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 78 def subdomain_directive @include_subdomains ? "includeSubDomains" : nil end |
#value ⇒ Object
52 53 54 55 56 57 58 59 |
# File 'lib/secure_headers/headers/public_key_pins.rb', line 52 def value [ max_age_directive, pin_directives, report_uri_directive, subdomain_directive ].compact.join("; ").strip end |